By ByteBot
Anthropic’s most restricted AI model has been quietly briefing governments about vulnerabilities it found in the global financial system — vulnerabilities no human discovered in decades of review. Claude Mythos Preview identified thousands of zero-days across every major operating system and browser, including a 27-year-old OpenBSD bug and a 17-year-old FreeBSD remote code execution flaw. This week, Anthropic briefed G20 finance ministries and central banks on what Mythos found. If you write software, your threat model just changed.
What Is Claude Mythos?
Claude Mythos Preview sits above Opus in Anthropic’s model hierarchy — a new “Capybara” tier the company describes as too dangerous for public release. It launched April 8, 2026, and is accessible only to about 40 organizations through Project Glasswing, Anthropic’s controlled cybersecurity rollout. Access is restricted to Amazon, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, along with 40+ additional critical infrastructure operators. The White House has asked Anthropic not to expand access further.
The model’s defining capability: it finds and exploits software vulnerabilities at roughly 90x the rate of Claude Opus 4.6, writing working exploit code without human involvement after the initial prompt. It doesn’t just find bugs — it chains lower-severity issues into full end-to-end exploits autonomously.
What It Found
Anthropic used Mythos to scan every major OS and browser. The results were alarming. Specific confirmed discoveries include:
- A 27-year-old denial-of-service vulnerability in OpenBSD’s TCP SACK implementation
- A 16-year-old flaw in FFmpeg
- A 17-year-old remote code execution bug in FreeBSD’s NFS server (CVE-2026-4747), granting unauthenticated root access
- Multiple Linux kernel privilege escalation chains
These weren’t subtle edge cases. They survived decades of human code review and millions of automated security tests. As of April 2026, over 99% of the zero-days Mythos found remain unpatched. The vulnerabilities exist in the operating systems, runtimes, and browsers your code runs on right now.
The 6-12 Month Window
Here is the most important number in this story: Anthropic estimates adversaries will replicate Mythos-level capability within 6 to 12 months. Project Glasswing exists specifically to use that window — to get defenders patching before attackers have equivalent tools.
That window is already shrinking. The traditional 90-day vulnerability disclosure cycle assumed human-speed adversaries. AI collapses that assumption: a motivated attacker can turn a patch diff into a working exploit in roughly 30 minutes. For context, Chinese APT groups already operationalize publicly disclosed vulnerabilities within two days of disclosure. Mythos-class tooling on the offensive side eliminates even that delay.
Help Net Security’s analysis of Mythos noted that 2025 data showed a 42% year-over-year increase in zero-days exploited before public disclosure — a trend that accelerates with AI-powered offense. The math is not in defenders’ favor if they wait.
The Government Response
The regulatory response signals just how seriously this is being taken outside the tech community. The Financial Stability Board — convened by Bank of England governor Andrew Bailey — scheduled a formal briefing with Anthropic after Mythos identified critical vulnerabilities in financial system infrastructure. The Decoder reported that Federal Reserve Chair Jerome Powell and Treasury Secretary Scott Bessent called a separate meeting with major US bank CEOs specifically about Mythos-related cyber risks.
Governments do not convene G20 regulators over academic security research. This is an active threat being managed at the highest levels.
The Breach
On the same day Anthropic publicly announced Mythos — April 7, 2026 — an unauthorized group gained access to the model through a third-party vendor’s compromised API keys. TechCrunch reported the group had been monitoring Anthropic’s URL conventions and made an educated guess about the model’s endpoint. They’ve been regularly using Mythos since, providing Bloomberg with live demonstrations as proof.
Anthropic’s own systems were not breached. But the incident is instructive: even the most carefully sequenced restricted rollout faces the reality that every new access point is a potential leak. The model is already in hands it wasn’t intended for.
What Developers Must Do Now
The threat model has shifted. You can no longer assume that known vulnerabilities in your dependencies are “probably fine for now.” Mythos-class tooling treats every unpatched bug as an opportunity, and the adversarial version of that capability arrives within a year. Concrete steps:
- Patch immediately. Not “next sprint.” Every critical and high CVE in your stack is a potential chain link in an AI-generated exploit.
- Maintain a software bill of materials (SBOM). You cannot patch what you don’t know you’re shipping. Tools like Syft, Grype, or GitHub’s dependency graph are now essential, not optional.
- Use AI-assisted defensive tools. OpenAI’s Daybreak (launched May 2026) and similar platforms bring AI-powered vulnerability detection to defenders. If your adversary has AI offense tools, you need AI defense tools.
- Apply least privilege everywhere. Mythos excels at privilege escalation chains. Reduce the blast radius.
- Reduce unnecessary complexity. Every library you don’t ship is an attack surface you don’t have.
The New Normal
Mythos isn’t an isolated research curiosity. It’s the first confirmed demonstration of AI-powered, superhuman vulnerability discovery at scale — and Anthropic built it defensively, under strict controls, with $100M committed to getting defenders ahead of attackers. The adversarial version isn’t here yet. Mozilla’s security team noted that the industry has roughly one year to close the largest gaps before this capability proliferates.
The developers who treat Mythos as a call to action — patching aggressively, maintaining SBOM visibility, adopting AI-assisted defense tooling — will be in a materially better position in 12 months than those who treat it as interesting news to bookmark and forget.
The window is open. Use it.
