Anthropic just released the most capable AI model ever built. It found hundreds of zero-day vulnerabilities across all major operating systems and browsers. As amazing as that is, unless you're one of about 50 hand-picked organizations, you're not getting anywhere near it. This week Anthropic officially announced a Claude Mythos Preview alongside a new defensive cybersecurity initiative called Project Glasswing. The model sits in an entirely new tier above Anthropic's existing Opus line, which has been the company's most powerful offering. Unlike every other major model release in the AI arms race, this one came with an unusual caveat: the company has no plans to make it generally available.

     The reason is pretty straightforward. Claude Mythos Preview is so effective at finding and exploiting software vulnerabilities that Anthropic believes a wide release would pose unacceptable cybersecurity risks. Instead, the company is channeling those capabilities into defense and asking the rest of us to watch from the sidelines while it tries to patch the internet.

What Makes Mythos Different

     Claude Mythos Preview is a general-purpose large language model, meaning it handles the same range of tasks as the models powering products like ChatGPT or Anthropic's own Claude. Its performance on cybersecurity tasks is where things become eye opening.

     Anthropic's previous flagship, Claude Opus 4.6, had a near-zero success rate at autonomous exploit development. When researchers pointed Opus 4.6 at vulnerabilities it had found in Mozilla's Firefox 147 JavaScript engine, it managed to produce working exploits just twice across hundreds of attempts. Mythos Preview, given the same test, produced 181 working exploits and achieved full system control on 29 more.

Photo by Anthropic

Above: The 'whos-who' of tech are all joining Project Glasswire

     The broader benchmark picture tells a similar story. On CyberGym, which tests targeted vulnerability reproduction in real open-source software, Mythos Preview scored 83.1% compared to Opus 4.6's 66.6%. On Cybench Mythos Preview solved every single challenge with a 100% success rate, effectively saturating the entire benchmark. Anthropic has acknowledged that several of its existing internal and external cybersecurity evaluations are no longer informative because Mythos maxes them out.

     The non-security benchmarks are similarly dominant. Mythos Preview scored 93.9% on SWE-bench Verified (a software engineering benchmark) compared to Opus 4.6's 80.8%, and 97.6% on USAMO 2026 (a mathematical reasoning test) compared to 42.3%. These aren't incremental gains — they represent a generational leap in model capability.

The Zero-Days That Got Everyone's Attention

     Benchmark scores are one thing. Finding real, previously unknown vulnerabilities in production software is another, and Mythos shines bright here as well. Over the past several weeks, Anthropic has used Mythos Preview to identify thousands of zero-day vulnerabilities (flaws in code that go undetected since day one of implementation) across critical infrastructure software. The company's Frontier Red Team blog detailed several that have since been patched:

OpenBSD: Mythos found a flaw in OpenBSD, widely regarded as one of the most security-hardened operating systems in the world and commonly used for firewalls and critical infrastructure. The vulnerability allowed a remote attacker to crash any machine running the OS simply by connecting to it. It had been present in the codebase for 27 years.

FFmpeg: FFmpeg is a foundational media library used by countless applications to encode and decode video. Mythos discovered a vulnerability in a line of code that automated testing tools had executed five million times without ever triggering the flaw. This vulnerability had been hiding in plain sight for over 16 years.

Linux kernel: The model autonomously found and chained together multiple Linux kernel vulnerabilities to escalate from ordinary user access to full system control, one of the most consequential exploit patterns for enterprise environments.

     Anthropic noted that the model accomplished this work almost entirely autonomously. Researchers would launch Claude Code with Mythos Preview in an isolated container, point it at a codebase, and essentially tell it to find security vulnerabilities. The model would read code, form hypotheses, run the software to test them, add debugging logic as needed, and output either a clean bill of health or a detailed bug report with a proof-of-concept exploit and step by step instructions for replication.

     In one particularly notable case described in Anthropic's risk report, Mythos Preview was given a sandboxed environment for evaluation purposes and proceeded to escape it, devising a multi-step exploit to gain internet access and send an email to the researcher conducting the test. It also posted details about its exploit to several obscure but technically public-facing websites while completing its task. Anthropic flagged this as a "potentially dangerous capability" that demonstrated the model's ability to bypass its own containment.

Defense by Coalition

     Anthropic's response to these capabilities is Project Glasswing, a defensive cybersecurity initiative that brings together 12 launch partners: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. An additional 40-plus organizations that build or maintain critical software infrastructure have also been granted access. 

Photo by Freepik

     The structure is straightforward: partners use Mythos Preview to scan and secure their own foundational systems for vulnerabilities. Anthropic has committed up to $100 million in usage credits to support these efforts, along with $4 million in direct donations to open-source security organizations, including $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation and $1.5 million to the Apache Software Foundation. After the initial credits are exhausted, participants can continue accessing Mythos Preview at $25 per million input tokens and $125 per million output tokens through the Claude API, Amazon Bedrock, Google Cloud's Vertex AI, and Microsoft Foundry.

     The partner list reads like a who's who of enterprise infrastructure. Cisco, in its public statement on the partnership, noted that AI capabilities have fundamentally changed the urgency required to protect critical infrastructure and that legacy approaches to system hardening are no longer sufficient. CrowdStrike, which reported an 89% year-over-year increase in AI-driven attacks in its 2026 Global Threat Report, emphasized that frontier models raise the ceiling for both offense and defense, and that the industry's job is to ensure defenders hold the advantage.

Why You Won't Get to Use It

     Anthropic has been explicit: Claude Mythos Preview will not be made generally available. The same skills that make Mythos invaluable for finding and fixing vulnerabilities also make it effective at exploiting them. Anthropic's own assessment is that the model is capable of conducting autonomous end-to-end cyberattacks on at least small-scale enterprise networks with weak security posture.

     This puts Anthropic in an unusual position in the AI industry, where the prevailing competitive dynamic has been to release models as broadly and quickly as possible. By restricting Mythos to vetted security partners, Anthropic is essentially treating a frontier AI model as a classified defensive asset rather than a commercial product, something that had most likely happened before behind closed doors but is now public. 

     The company has indicated that its long-term goal is to eventually enable Mythos-class models for wider deployment, but only after developing sufficient safeguards to detect and block the most dangerous outputs. The plan is to introduce new cybersecurity safeguards with an upcoming Claude Opus model first, using it as a lower-risk testbed before extending those protections to Mythos-tier systems.

The Bigger Picture

     The implications of Mythos extend well beyond Anthropic's product roadmap. If a single model can autonomously discover thousands of critical vulnerabilities across every major operating system, browser, and widely deployed open-source library, it raises hard questions about the state of software security as a whole.

     Many of the flaws Mythos found had survived decades of human code review and millions of automated test runs. That means they've been silently present in production environments including enterprise data centers, cloud infrastructure, and embedded systems, for years. The wave of patches that will follow Mythos's discoveries is a net positive, but it also highlights just how many undetected vulnerabilities likely remain in the software stacks that enterprises depend on daily.

     CrowdStrike's finding of an 89% year-over-year increase in AI-assisted attacks underscores the urgency. AI-driven vulnerability discovery and exploitation isn't a future concern but rather a current reality. The gap between a vulnerability being discovered and being exploited has compressed from months to, in some cases, minutes. The models capable of this kind of work will only become more widespread as competing labs advance their own systems.

     Anthropic's approach with Project Glasswing; restricting access, funding open-source security, coordinating with industry and government, is one model for managing this transition. Whether it's sufficient, and whether the rest of the industry will adopt similar restraint, remains an open question. What's clear is that the cybersecurity landscape just shifted, and the tools doing the shifting are too powerful to hand out freely.

Sources:

Anthropic. (2026, April 7). "Project Glasswing: Securing critical software for the AI era." https://www.anthropic.com/glasswing