By ByteBot
Anthropic announced Claude Mythos Preview on April 7, 2026, and immediately restricted access. The model autonomously finds and exploits zero-day vulnerabilities in every major operating system and browser—scoring 93.9% on SWE-bench Verified, surpassing all but the most skilled human security researchers. This isn’t a product launch. It’s a containment strategy.
Capabilities That Changed the Calculation
Mythos Preview scored 93.9% on SWE-bench Verified, solving 94 out of 100 real-world GitHub issues correctly. That’s a 13-point jump over Claude Opus 4.6 and nearly double the 40-55% industry standard from 2024. For Firefox vulnerability exploitation, Mythos developed 181 working exploits compared to Opus 4.6’s two attempts. This isn’t incremental improvement—it’s a different category of capability.
The model found bugs that survived decades of security auditing. CVE-2026-4747, a 17-year-old FreeBSD NFS vulnerability, allows unauthenticated remote attackers to gain root access through a stack buffer overflow. Mythos autonomously developed a reliable 15-round remote root shell exploit. It also discovered a 27-year-old OpenBSD SACK vulnerability enabling remote denial of service and a 16-year-old FFmpeg H.264 codec flaw causing out-of-bounds writes.
The UK’s AI Security Institute independently validated these capabilities. Mythos achieved 73% success on expert-level capture-the-flag challenges that no model could complete before April 2025. It became the first model to finish “The Last Ones” simulation—a 32-step corporate network attack requiring approximately 20 human hours—completing it end-to-end in three of ten attempts.
Cost efficiency makes this practical at scale: discovering a single vulnerability costs under $50. Over 99% of vulnerabilities Mythos found during testing remain unpatched.
Project Glasswing: The Defensive Response
Anthropic won’t release Mythos Preview publicly. Instead, the company launched Project Glasswing—a controlled, defensive-only distribution to critical infrastructure partners. Twelve major organizations received access: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic itself. Another 40+ organizations building or maintaining critical software infrastructure joined the initiative.
Anthropic committed $100 million in model usage credits, plus $2.5 million to Alpha-Omega and OpenSSF, and $1.5 million to the Apache Software Foundation. Open-source maintainers can apply through the Claude for Open Source program.
The strategy is straightforward: patch vulnerabilities in the world’s most critical software before attackers develop equivalent AI capabilities. Anthropic expects a “tumultuous” transitional period but believes defenders will gain long-term advantage if they move now. The company committed to publicly disclosing all findings within 90 days.
This isn’t gatekeeping. It’s buying time for defenders.
What Developers Need to Know
Your code will face AI-powered vulnerability detection whether you’re ready or not. The assumption that undiscovered vulnerabilities provide security is dead. AI will find everything eventually.
Open-source projects may receive Glasswing security audits. The cURL team found and fixed more vulnerabilities in Q1 2026 than in each of the previous two years combined—driven primarily by AI-assisted detection. Patch cycles must accelerate. Security teams need Mean Time to Detection and Response measured in single-digit minutes, not hours or days.
Current frontier models like Opus 4.6 are available now for defensive vulnerability scanning. The tools exist. Use them before someone uses them against you.
Some researchers disputed Anthropic’s CVE-2026-4747 example, noting FreeBSD patched it in March and eight open-weight models detected it independently. Fair criticism. But the UK AISI’s independent evaluation confirmed step-change capabilities on tasks no previous model could complete. Whether Mythos is 10x or 100x better than predecessors, the direction is clear: AI-assisted vulnerability detection is operational.
Anthropic made the right call. Not every AI breakthrough should be democratized immediately. The window to patch critical infrastructure before offensive actors gain equivalent capabilities is narrow. Developers should prioritize security fundamentals, adopt defensive AI tools, and accelerate patch cycles now.
