By ByteBot
Anthropic announced Claude Mythos Preview on April 7—their most powerful AI model yet—but they’re refusing to release it publicly. The reason? It can autonomously find and exploit software vulnerabilities better than all but the most skilled human hackers. Moreover, in recent testing, Mythos discovered thousands of zero-day vulnerabilities across every major operating system and web browser, including bugs that survived 16 to 27 years of security audits.
This isn’t incremental improvement. Anthropic claims Mythos represents a capability threshold where AI can audit code and write working exploits without human involvement. In fact, if your software has vulnerabilities—and it does—Mythos can probably find them.
What Mythos Actually Found
The vulnerabilities Mythos discovered aren’t theoretical. A 17-year-old remote code execution bug in FreeBSD’s NFS server (CVE-2026-4747) allowed unauthenticated root access from the internet. Mythos autonomously built a 20-gadget ROP chain split across multiple packets to exploit it. Additionally, it uncovered a 27-year-old crash vulnerability in OpenBSD’s TCP SACK implementation—one of the world’s most security-hardened operating systems.
Furthermore, there’s the 16-year-old FFmpeg H.264 codec flaw enabling out-of-bounds writes. Fuzzers tested that vulnerable code path 5 million times without triggering the bug. Mythos found it through semantic code reasoning, not brute force. Consequently, Anthropic’s benchmarks show Mythos achieving 83.1% accuracy on CyberGym vulnerability reproduction tasks, compared to 66.6% for Claude Opus 4.6.
Project Glasswing: Exclusive Access
Anthropic isn’t selling Claude Mythos to everyone. Instead, they launched Project Glasswing—a restricted partnership giving 12 major tech companies and 40+ critical infrastructure organizations access to patch vulnerabilities before attackers can exploit them. The founding partners include Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, NVIDIA, and others.
Anthropic committed $100 million in model usage credits, plus $2.5 million to Alpha-Omega and OpenSSF, and $1.5 million to the Apache Software Foundation. Access comes through Claude API, AWS Bedrock, Google Vertex AI, and Microsoft Foundry at $25 per million input tokens and $125 per million output tokens—roughly 5-6x the cost of standard AI models. However, it’s not publicly available, and Anthropic says it won’t be.
As a result, only big tech and banks get the most powerful security AI. Smaller companies, open source projects, and individual developers are locked out. CrowdStrike CTO Elia Zaitsev put it bluntly: “The window between discovery and exploitation has collapsed.”
Is Restriction Actually Helping?
Security experts are split on whether Anthropic’s approach helps or hurts cybersecurity. The pro-restriction camp argues this buys time for defenders to patch vulnerabilities before attackers build similar tools. Anthropic and its partners frame this as responsible AI safety—don’t release dangerous capabilities prematurely.
However, the anti-restriction camp isn’t buying it. Bruce Schneier, a respected security expert, called the non-release “very much a PR play by Anthropic” and noted that competitors already “replicated the vulnerabilities that Anthropic found, using older, cheaper, public models.” Security firms AISLE and Vidoc Security demonstrated exactly that—reproducing Mythos findings with publicly available models.
Critics like Ed Zitron and Gary Marcus dismissed it as marketing hype, pointing out OpenAI declared GPT-2 “too dangerous to release” in 2019, only to release it months later without catastrophe. Nevertheless, Schneier’s take is more measured: “It will happen—I have no doubt about it—and sooner than we are ready for.”
The realistic threat isn’t internet destruction but targeted attacks on crypto exchanges and military systems. Restricting Mythos concentrates power in big tech’s hands without addressing the root cause: insecure software exists whether or not Anthropic releases this model.
What Developers Need to Know
AI-powered vulnerability detection is coming whether Mythos is released or not. Developers need to assume AI attackers already exist. If OpenBSD, FreeBSD, and FFmpeg—battle-tested, security-focused projects—harbored bugs for 16-27 years, your code probably has them too.
The 2026 NIST Vulnerability Assessment Report found AI-augmented pipelines detect critical flaws approximately four times faster than traditional tools, catching 94% more edge-case vulnerabilities. That’s not Mythos-specific—that’s the state of AI security auditing right now. Therefore, practical steps include accelerating patching cycles, assuming attackers have better tools than you do, and considering AI-assisted code review tools even if Mythos isn’t available.
Focus on unpatchable devices like IoT and embedded systems that can’t update quickly. Implement network segmentation to limit exploit blast radius. The shift is from “vulnerability discovery is hard” to “exploitation is cheap.” Defenders who adapt survive. Those who don’t will get exploited.
The Precedent This Sets
Claude Mythos Preview is the first frontier AI model explicitly restricted for offensive security capabilities. Anthropic says they “do not plan to make Claude Mythos Preview generally available,” a more permanent stance than historical precedents. OpenAI followed with GPT-5.5-Cyber, also restricted. Consequently, this creates a two-tier system: big tech gets cutting-edge security AI, everyone else waits.
Anthropic’s stated roadmap includes developing safeguards in the next Claude Opus model and eventually enabling “users to safely deploy Mythos-class models at scale” through a Cyber Verification Program for vetted security professionals. However, that’s future talk. Right now, access is locked down.
The bigger questions remain: Who controls dangerous AI? Will restriction work, or will open source catch up anyway? Is this genuine danger or investor narrative? And most importantly, who decides what capabilities get restricted and which organizations get access? This isn’t just about one model—it’s about establishing norms for AI development.
