CIRA VP Jon Ferguson Links Mythos to Need for Sovereign AI
BetaKit reports that Anthropic previewed a capability called Mythos and a preview program named Glasswing that BetaKit says can identify software vulnerabilities at scale. BetaKit cites Mozilla CTO Bobby Holley as finding 271 vulnerabilities in tests of an early-access version, which the article says is more than ten times the number found by the predecessor model, Opus 4.6. BetaKit reports that the Glasswing preview is available to large US companies including Amazon Web Services, Apple, Cisco, and Microsoft, and that the White House blocked an Anthropic attempt to expand access to 70 additional companies, according to BetaKit. BetaKit interviewed Jon Ferguson, vice-president of cyber and DNS at the Canadian Internet Registration Authority, who told BetaKit he is skeptical about some of the hype and said, "AI has great potential to improve the quality of software, but in that process, it's going to expose a lot of existing risk in the supply chain."
What happened
BetaKit published a Q&A with Jon Ferguson, vice-president of cyber and DNS at the Canadian Internet Registration Authority, about Anthropic's preview program Glasswing and the model Mythos. BetaKit reports that Anthropic presented Mythos as capable of finding and exploiting vulnerabilities across major operating systems and browsers. BetaKit cites Mozilla CTO Bobby Holley as reporting 271 vulnerabilities found in early-access testing, compared with Opus 4.6's lower count, and notes that Glasswing access has been given to US firms including Amazon Web Services, Apple, Cisco, and Microsoft. BetaKit also reports that the White House blocked Anthropic's effort to expand Glasswing access to 70 more companies, and that BetaKit did not receive a response from Anthropic by press time.
Editorial analysis - technical context
Models used to surface software vulnerabilities can accelerate discovery of latent supply-chain issues but also generate false positives and require human validation. Industry testing reported by BetaKit and Mozilla indicates high recall in at least one evaluation, but public reporting does not provide a reproducible benchmark, attack-surface coverage metrics, or details on exploitability rates. For practitioners, integrating model-flagged findings into secure development lifecycles typically demands triage tooling, vulnerability scoring, and secure disclosure processes.
Industry context
Industry reporting frames the Glasswing rollout as concentrating access among large US cloud and tech providers, which has prompted discussion about national risk and control over advanced tooling. Editorial analysis: observers tracking sovereign-AI debates note a recurring pattern where advanced defensive or offensive cyber tooling concentrated in foreign platforms raises policy pressure for domestic capability and regulatory scrutiny.
What to watch
Observers should follow third-party evaluations of Mythos's precision and exploitability claims, any documented vulnerabilities that originate from model outputs, changes in access policy for Glasswing, Canadian government commentary or procurement guidance, and whether independent security researchers replicate Bobby Holley's findings.
Scoring Rationale
The story links a high-impact security capability to policy concerns about national access and control. Practitioners should care about reproducible security evaluations and access constraints. The piece is notable but not a frontier-model technical release.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
