Anthropic Project Glasswing:Claude Mythos 找出數千個零日漏洞,為何不公開釋出? | Anthropic Project Glasswing: Claude Mythos Found Thousands of Zero-Days — Why It Stays Behind Closed Doors
By Kit 小克 | AI Tool Observer | 2026-04-09
🇹🇼 Anthropic Project Glasswing:Claude Mythos 找出數千個零日漏洞,為何不公開釋出?
Anthropic 在 2026 年 4 月 7 日宣布 Project Glasswing,一項價值 1 億美元的 AI 資安防禦計畫,搭配旗下尚未公開的前沿模型 Claude Mythos Preview,專門用於找出並修補關鍵軟體的安全漏洞。這篇文章帶你看懂 Project Glasswing 的運作方式、實際戰績,以及 Anthropic 為什麼選擇不讓一般人使用這個模型。
Project Glasswing 是什麼?為什麼值得關注?
Project Glasswing 是 Anthropic 史上最大規模的資安合作計畫,目標是保護全球最關鍵的軟體基礎設施。Anthropic 投入 1 億美元模型使用額度,並額外捐贈 400 萬美元給 Linux Foundation 旗下的開源安全組織。
合作夥伴包含 12 家科技巨頭:AWS、Apple、Broadcom、Cisco、CrowdStrike、Google、JPMorgan Chase、Linux Foundation、Microsoft、NVIDIA、Palo Alto Networks,以及 Anthropic 自身。另有超過 40 家維護關鍵基礎設施的組織獲得存取權限。
Claude Mythos Preview 有多強?實際找到了哪些漏洞?
Claude Mythos Preview 的漏洞偵測能力遠超現有模型,是目前最強的 AI 資安工具。
- CyberGym 漏洞重現測試:83.1%(Claude Opus 4.6 僅 66.6%)
- SWE-bench Pro:77.8%(Claude Opus 4.6 為 53.4%)
- SWE-bench Multilingual:87.3%
在實際部署中,Claude Mythos 已發現數千個高嚴重性零日漏洞,包括:
- 一個存在 27 年的 OpenBSD 漏洞,可遠端癱瘓系統
- 一個存在 16 年的 FFmpeg 漏洞,過去 500 萬次自動化測試都沒抓到
- 多個可串連利用的 Linux 核心漏洞,能實現權限提升攻擊
為什麼 Anthropic 不公開釋出 Claude Mythos?
因為能力太強,風險也太高。Anthropic 明確表示「不計畫將 Claude Mythos Preview 開放給一般大眾」。
這個模型的程式碼能力已經「超越除了最頂尖人類以外的所有人」在漏洞挖掘與利用方面的表現。如果落入惡意攻擊者手中,後果不堪設想。因此,只有經過審核的資安專業人員和合作夥伴才能在防禦性用途下使用。
這對 AI 安全治理意味著什麼?
Project Glasswing 開創了一個先例:當 AI 模型的能力強到可能被武器化時,負責任的做法是限制存取而非開放釋出。這和 Anthropic 一貫的「負責任擴展政策」(Responsible Scaling Policy) 一致,也是業界首次有公司投入如此大規模資源,專門將前沿 AI 用於防禦性資安。
開發者該怎麼看 Project Glasswing?
如果你是資安研究員或維護關鍵基礎設施的開發者,可以關注 Anthropic 是否會擴大 Project Glasswing 的參與範圍。對一般開發者而言,這個事件的啟示是:AI 輔助的漏洞掃描正在從「實驗階段」進入「生產等級」,未來的軟體安全標準可能會因此大幅提高。
常見問題 FAQ
Q:Claude Mythos 和 Claude Opus 4.6 有什麼差別?
Claude Mythos 是 Anthropic 尚未公開釋出的前沿模型,在資安漏洞偵測能力上大幅超越 Opus 4.6,CyberGym 分數從 66.6% 提升到 83.1%。
Q:一般人可以使用 Claude Mythos 嗎?
不行。Anthropic 明確表示不計畫公開釋出,目前僅限 Project Glasswing 合作夥伴在防禦性資安用途下使用。
Q:Project Glasswing 的 1 億美元怎麼運用?
主要作為模型使用額度提供給合作夥伴,另外 400 萬美元捐贈給 Linux Foundation 和 Apache Software Foundation 等開源安全組織。
Q:AI 找漏洞真的比人類厲害嗎?
在特定場景下是的。Claude Mythos 找到了人類和自動化工具數十年都沒發現的漏洞,但目前仍需要人類資安專家配合驗證和修補。
好不好用,試了才知道 —— Kit 小克 / AI 工具觀察站
🇺🇸 Anthropic Project Glasswing: Claude Mythos Found Thousands of Zero-Days — Why It Stays Behind Closed Doors
Anthropic announced Project Glasswing on April 7, 2026 — a $100 million cybersecurity defense initiative powered by its unreleased frontier model, Claude Mythos Preview. The model has already discovered thousands of critical zero-day vulnerabilities in widely used software. Here is what Project Glasswing does, what it found, and why Anthropic is keeping Claude Mythos behind closed doors.
What Is Project Glasswing and Why Does It Matter?
Project Glasswing is Anthropic's largest cybersecurity collaboration ever, designed to secure the world's most critical software infrastructure. Anthropic committed $100 million in model usage credits plus $4 million in donations to open-source security organizations through the Linux Foundation.
Launch partners include 12 major organizations: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic itself. Over 40 additional organizations maintaining critical infrastructure also received access.
How Powerful Is Claude Mythos Preview?
Claude Mythos Preview is currently the most capable AI model for security vulnerability detection, far exceeding existing models.
- CyberGym vulnerability reproduction: 83.1% (Claude Opus 4.6 scores 66.6%)
- SWE-bench Pro: 77.8% (Claude Opus 4.6 scores 53.4%)
- SWE-bench Multilingual: 87.3%
In real-world deployment, Claude Mythos has found thousands of high-severity zero-day vulnerabilities, including:
- A 27-year-old OpenBSD flaw enabling remote system crashes
- A 16-year-old FFmpeg vulnerability missed by 5 million automated test attempts
- Multiple chainable Linux kernel vulnerabilities enabling privilege escalation
Why Won't Anthropic Release Claude Mythos Publicly?
Because it is too powerful. Anthropic explicitly stated they "do not plan to make Claude Mythos Preview generally available."
The model's coding ability "can surpass all but the most skilled humans at finding and exploiting software vulnerabilities." In the wrong hands, this could be catastrophic. Access is restricted to vetted security professionals and partner organizations for defensive use only.
What Does This Mean for AI Safety Governance?
Project Glasswing sets an important precedent: when an AI model's capabilities could be weaponized, the responsible approach is restricted access rather than open release. This aligns with Anthropic's Responsible Scaling Policy and marks the first time a company has committed this level of resources to using frontier AI exclusively for defensive cybersecurity.
What Should Developers Take Away from Project Glasswing?
If you are a security researcher or maintain critical infrastructure, watch for potential expansion of the Glasswing program. For general developers, the key takeaway is clear: AI-assisted vulnerability scanning is moving from experimental to production-grade. Software security standards are about to rise significantly.
FAQ
Q: How does Claude Mythos differ from Claude Opus 4.6?
Claude Mythos is Anthropic's unreleased frontier model with dramatically superior security vulnerability detection, jumping from 66.6% to 83.1% on CyberGym benchmarks.
Q: Can anyone use Claude Mythos?
No. Anthropic has stated it will not release the model publicly. Access is limited to Project Glasswing partners for defensive cybersecurity use only.
Q: How is the $100 million being spent?
Primarily as model usage credits for partner organizations, with an additional $4 million donated to open-source security organizations including the Linux Foundation and Apache Software Foundation.
Q: Is AI really better than humans at finding vulnerabilities?
In specific scenarios, yes. Claude Mythos found bugs that humans and automated tools missed for decades. However, human security experts are still needed to verify and patch the discoveries.
You never know until you try — Kit 小克 / AI Tools Observatory
Sources / 資料來源
- Anthropic - Project Glasswing: Securing critical software for the AI era
- TechCrunch - Anthropic debuts preview of powerful new AI model Mythos
- The Hacker News - Claude Mythos Finds Thousands of Zero-Day Flaws
常見問題 FAQ
Claude Mythos 和 Claude Opus 4.6 有什麼差別?
Claude Mythos 是 Anthropic 尚未公開釋出的前沿模型,在資安漏洞偵測的 CyberGym 測試中從 66.6% 提升到 83.1%,大幅超越 Opus 4.6。
一般人可以使用 Claude Mythos 嗎?
不行,Anthropic 不計畫公開釋出,僅限 Project Glasswing 合作夥伴在防禦性資安用途下使用。
Project Glasswing 的 1 億美元怎麼運用?
主要作為模型使用額度給合作夥伴,另外 400 萬美元捐贈給 Linux Foundation 和 Apache Software Foundation。
AI 找漏洞真的比人類厲害嗎?
Claude Mythos 找到了人類和自動化工具數十年沒發現的漏洞,但仍需人類資安專家驗證和修補。
延伸閱讀 / Related Articles
- Stability AI Brand Studio 上線:企業級 AI 圖片生成平台,品牌一致性終於不是問題 | Stability AI Brand Studio: Enterprise AI Image Platform with Brand-Consistent Generation
- AI 加速量子破密:Google 和 Oratomic 研究顯示加密被破解的時間可能大幅提前 | AI Speeds Quantum Threat to Encryption: Google and Oratomic Cut Qubit Requirements by 95%
- Google Gemma 4 開源模型完整解析:Apache 2.0 授權、多模態、140+ 語言支援 | Google Gemma 4: The Most Capable Open-Source AI Model Under Apache 2.0
AI 工具觀察站 — 每日精選 AI Agent 與工具趨勢
AI Tool Observer — Daily curated AI Agent & tool trends
留言
張貼留言