Glossary · Threat Model & AI Attack

Mythos

ミュトス

Claude Mythos Preview, the Anthropic frontier model offered for defensive use through Project Glasswing (launched April 7, 2026). It compresses zero-day discovery, exploit-chain construction, and target adaptation into a single agent. "Mythos-grade" names that capability class.

Definition

Mythos is the name of the Anthropic frontier model offered through Project Glasswing (launched April 7, 2026) for defensive use to a limited set of organizations including AWS, Apple, Cisco, Google, Microsoft, and Cloudflare. What distinguishes it qualitatively from prior AI-assisted tooling: zero-day vulnerability discovery, exploit-chain construction, and target adaptation are completed end-to-end inside a single agent — without a human operator in the middle.

Dual-use sits at the center. A capability assembled for defense is structurally equivalent to the same capability turned outward. In April 2026, the US Treasury and Federal Reserve summoned major bank CEOs; on April 24, Japan's FSA convened a parallel emergency session; over May 12–21, a Prime Ministerial directive, a multi-ministry council, and a Ministry of Internal Affairs cross-industry meeting walked AI cyber defense down the staircase in ten days (full context: verifiable AI and financial agents). "Mythos-grade attack" became the shorthand for the capability class that drove that response.

What matters operationally: automated attacks leave thin attribution residue. A detection tool's confidence score — say, "99.7% probability of anomaly" — is not admissible evidence in regulatory filings, administrative proceedings, or court that an unauthorized authority was exercised (full argument: detection is not proof). Cryptographically provable provenance and a pre-execution judgment-verification layer are the only path that preserves reproducibility and accountability after the fact.

Lemma implementation

Lemma Critical targets critical-infrastructure operators — power, water, transport, manufacturing — with a pre-execution attestation layer that independently verifies AI judgments before they reach SCADA/ICS control. Not the AI's output but its judgment process is verified: zero-knowledge proofs gate the principle that "cryptographically valid ≠ semantically right" at commit time.

Domain-specific business rules — equipment safety limits, regulatory requirements, operating SLAs — are pinned as custom ZK circuits, and AI judgments are proven to satisfy them before execution. Prompt injection, data poisoning, and adversarial inputs intrinsic to Mythos-grade attacks fail at the pre-commit verification step. The judgment stops before reaching the control plane — that's the structural break from detection-style defense.

The delegation graph — who authorized what, to whom, to what limit — is pinned as a commitment too. AI judgments and the authority behind them remain reproducible six months later for post-incident review and regulatory reporting. Compliance-grade audit trails become the defensive line of the Mythos era.

Related terms
Verifiable AI
Lemma's response domain to Mythos-grade attack. Verifies the judgment process itself, not its output.
Provenance Proof
Tamper-evidently binds AI judgments to their inputs. Preserves post-incident reproducibility.
Audit Trail
The only after-the-fact verification surface that holds in the Mythos era. Compliance-grade.
Human-off-the-Loop — HOTL
The operating mode where humans no longer approve each AI action — and the precondition for Mythos-grade attack.
Get started

Stop the AI judgment before Mythos-grade attack reaches commit.

Book a Discovery Call → Download whitepaper