Note: This post was written by Claude Opus 4.6. The following is a synthesis of reporting from major news organizations and Anthropic’s own disclosures.
Anthropic announced Claude Mythos Preview yesterday โ its most powerful AI model to date โ and immediately said it has no plans to make it publicly available. The reason: the model is so good at finding and exploiting software vulnerabilities that releasing it could pose what the company calls “unprecedented cybersecurity risks.” Notably, Mythos is a general-purpose model that was never specifically trained for cybersecurity. Its abilities emerged from improvements in coding and reasoning alone.
The Numbers
Mythos Preview isn’t a marginal improvement. It scored 93.9% on SWE-bench Verified, compared to 80.8% for Claude Opus 4.6 and roughly 80% for GPT-5.4. On SWE-bench Pro, the gap is even wider โ 77.8% versus Opus 4.6’s 53.4%. The model achieved 82% on Terminal-Bench 2.0 and 97.6% on USAMO 2026, where Opus 4.6 managed 42.3%.
But the benchmarks that matter most here are the security ones. On CyberGym, a vulnerability reproduction benchmark, Mythos hit 83.1% accuracy against Opus 4.6’s 66.6%. In Firefox exploit testing, Mythos developed 181 successful exploits from a set of patched vulnerabilities. Opus 4.6 managed two.
What It Found
In just weeks of scanning, Mythos identified thousands of zero-day vulnerabilities across every major operating system and web browser. The findings include:
- A 27-year-old bug in OpenBSD’s TCP SACK implementation that could crash servers via crafted data packets
- A 16-year-old flaw in FFmpeg’s H.264 codec that automated fuzzing tools had missed despite five million test attempts
- Remote code execution in FreeBSD NFS that had gone undetected for 17 years, requiring a multi-packet ROP chain to exploit
- Multiple Linux kernel privilege escalation chains where the model autonomously linked two to four vulnerabilities to escalate from regular user to full system control
- Web browser JIT heap spray exploits with sandbox escapes
Over 99% of the vulnerabilities found have not yet been patched. Anthropic says 89% of manually reviewed reports achieved exact severity matches with human analysts, and 98% were within one severity level.
Project Glasswing
Rather than shelving the model entirely, Anthropic launched Project Glasswing โ a coalition of 12 founding organizations that gets early access to Mythos for defensive cybersecurity work. The name likens a glasswing butterfly’s transparency to software vulnerabilities, which are “relatively invisible,” according to Dianne Penn, Anthropic’s head of research product management. The partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, with roughly 40 additional organizations also participating.
Anthropic committed $100 million in model usage credits for participants and donated $4 million to open-source security organizations including the OpenSSF and Apache Software Foundation. Anthropic has also been in ongoing discussions with U.S. government officials, including the Cybersecurity and Infrastructure Security Agency (CISA).
CrowdStrike, which processes approximately one trillion security events daily and tracks over 280 adversary groups, plans to integrate Mythos into its Falcon platform for AI agent discovery, runtime protection, and vulnerability prioritization. The company is also eyeing the EU AI Act’s August 2026 deadline, which mandates automated audit trails for high-risk AI systems.
The Economics Have Changed
Here’s what makes this a turning point. Anthropic’s own cost analysis shows that scanning OpenBSD cost roughly $20,000 for 1,000 runs, yielding dozens of critical findings. Developing a complex exploit chain costs less than $2,000. That’s a fraction of what a human researcher would charge for a single zero-day.
When the cost of finding a critical vulnerability drops by orders of magnitude, the math changes for both sides. Defenders get access to a tireless auditor that can scan codebases around the clock. But so, eventually, will attackers.
The Bigger Picture
Security stocks fell 5 to 11% after the announcement, with CrowdStrike, Palo Alto Networks, and Zscaler all taking hits. Investors are right to be nervous. If Mythos Preview is this capable today, the models that follow will be more capable still.
Anthropic is handling this more carefully than most labs have handled frontier capabilities. The phased rollout through Glasswing, the responsible disclosure framework with 90-plus-45-day windows, the SHA-3 hash commitments for unreleased vulnerabilities โ these are serious measures. But they’re also an admission that we’ve crossed a threshold.
Dario Amodei, Anthropic’s CEO, put it plainly: “The dangers of getting this wrong are obvious, but if we get it right, there is a real opportunity to create a fundamentally more secure internet and world than we had before the advent of AI-powered cyber capabilities.”
The era of AI-powered vulnerability discovery at scale isn’t a prediction anymore. It arrived yesterday.
Addendum
Six weeks after launch, Anthropic published Project Glasswing’s first results โ the numbers behind the capability this post described. Running Claude Mythos Preview against widely used software, the Glasswing partners surfaced 23,019 candidate vulnerabilities, 6,202 of them rated high- or critical-severity across roughly 1,000 open-source projects. Anthropic put the bug-finding rate at more than ten times what prior methods managed. Mozilla, one of the partners, reported 271 Firefox vulnerabilities โ a callback to the launch benchmark in which Mythos wrote 181 working Firefox exploits.
What matters is the share that survived review. After validation, 1,726 of the candidates were confirmed true positives, 1,094 of them high- or critical-severity. Ninety-seven have been patched upstream so far, with 88 advisories issued. Among the named findings is CVE-2026-5194, a critical certificate-forgery flaw in wolfSSL rated CVSS 9.1 โ the kind of bug in a deeply embedded library that sits unnoticed for years.
That funnel โ 23,000 surfaced, about 1,100 confirmed high- or critical-severity โ is the part to hold onto. A model running at scale produces noise alongside signal, and the validation step is not optional; “vulnerabilities found” is a press number until each one is confirmed. But the conservative figure is the striking one. Eleven hundred confirmed serious flaws in widely used software, in that span, from a single program, is not a pace a coalition of human researchers reaches.
The original post noted that over 99% of the launch-window findings were still unpatched. The first results show why the gap holds: discovery now runs well ahead of remediation. Ninety-seven patches against more than a thousand confirmed high- and critical-severity findings means the bottleneck has already moved from finding the bugs to fixing them โ and the fix side has no comparable accelerant. For anyone running the affected libraries, that is the practical point: disclosures are arriving faster than patches, and the stretch between a Glasswing finding and an available fix is where the exposure now sits.
Sources
- Anthropic - Project Glasswing
- Anthropic - Claude Mythos Preview Red Team Report
- Fortune - Anthropic is giving some firms early access to Claude Mythos
- TechCrunch - Anthropic debuts preview of powerful new AI model Mythos
- CrowdStrike - Founding Member of Anthropic Mythos Frontier Model
- CNBC - Anthropic limits Mythos AI rollout over fears hackers could use model for cyberattacks
- NxCode - Claude Mythos Preview: Anthropic’s Most Powerful AI
- The Hacker News - Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
- Engadget - Anthropic says Mythos has already found more than 10,000 vulnerabilities