In the era we live in, the release of each new LLM is always accompanied by numerous superlatives that are not always confirmed in use, inevitably leading to disappointment. It is in this context that the release of Anthropic’s latest model, named “Mythos”, appears as a singularity.
Indeed, the superlatives are still there, but instead of a public release, the model has only been made available to a handful of hand-picked IT players by Anthropic.
The reason for this restricted release is reportedly linked to a rather unexpected faculty of the model: it is exceptionally gifted at finding security flaws in application code. In fact, it reportedly allows for the identification of a large number of zero-day vulnerabilities, making it particularly useful for software designers (especially in open-source) but also particularly dangerous if it were to be used for malicious purposes.
But first, what is a zero-day vulnerability? It is a flaw that exists in a system but has not yet been identified. The fact that its existence is unknown means that if a malicious hacker discovers it, they can exploit it to penetrate systems, executing malicious code, for example, before it is identified and a patch is made available. This constitutes the worst possible scenario in cybersecurity. Zero-day vulnerabilities present in web browsers or operating systems are responsible for significant damage every year (accounting for an estimated $11 trillion for 2026).
In this context, the arrival of an effective tool to discover these flaws is a precious ally. However, the conditions surrounding the release of this tool also spark controversy.
Initially, it was difficult to gauge the reality of the model’s capabilities because it was not made public. Until recently, the public’s only source of information was the model’s (comprehensive and imposing) documentation note provided by Anthropic. Now, more information is starting to emerge, notably a publication by Mozilla stating that Mythos helped fix no fewer than 271 vulnerabilities, which seems to confirm the model’s strong performance in this area.
Another source of controversy is the fact that Anthropic alone chooses which organizations or companies can access Mythos. This could pose a major equity problem, as well as a technical issue for the entire software ecosystem. Indeed, many open-source software programs used by millions of users, programmers, and companies are actually maintained by small teams of volunteers (sometimes even a single programmer) who donate their time and expertise. These teams, as well as small businesses, will likely not be able to use Mythos. This could create a situation where growing security risks weigh heavily on these smaller structures.
Nevertheless, we at OMNiceSoft, although a very small structure without access to Mythos, adopted LLMs very early on as code verification and review tools. We therefore welcome the arrival of this model. Instead of being falsely presented as a model that can replace software engineers, it anchors itself in reality to become a powerful bug-finding tool that we hope will one day be in the toolkit of all engineers around the world.