Anthropic just did something no major AI lab has done before. It built a frontier model so capable at finding software flaws that it decided the public shouldn’t have it. The model, called Claude Mythos Preview, has already surfaced thousands of previously unknown bugs in the software most of the world runs on, and the company is now racing to get those holes patched before attackers build anything similar.
- Claude Mythos Preview found thousands of high-severity zero-day vulnerabilities in every major operating system and web browser.
- Anthropic is restricting access through Project Glasswing, a coalition of tech giants and critical infrastructure providers.
- Experts warn rival labs and open-weight models could match these capabilities within months.
What Mythos Actually Did
Over the past few weeks, Anthropic used Claude Mythos Preview to identify thousands of zero-day vulnerabilities, many of them critical, in every major operating system and every major web browser, along with a range of other important pieces of software.
A few of the standout finds show just how deep the model can dig. Mythos surfaced a vulnerability in OpenBSD, a security-focused open source operating system, that had escaped detection for 27 years. It also caught a flaw in the video encoder FFmpeg that had slipped past 5 million previous automated tests, plus several vulnerabilities in the Linux kernel. The OpenBSD discovery cost under $20,000 across roughly 1,000 runs.
The benchmark numbers back up the claims. On the CyberGym evaluation, Mythos Preview scored 83.1%, compared to 66.6% for Claude Opus 4.6, Anthropic’s next-best model. On SWE-bench Verified it hit 93.9% versus 80.8%, and on SWE-bench Pro it reached 77.8% versus 53.4%. In Firefox testing alone, Mythos Preview developed 181 working exploits and gained register control on 29 more targets, while Opus 4.6 managed just two successes across hundreds of attempts.
Why Anthropic Hit the Brakes
Newton Cheng, who leads the Frontier Red Team Cyber work at Anthropic, told VentureBeat the company won’t make Mythos Preview generally available because of its cybersecurity capabilities. He added that similar capabilities will soon reach actors who aren’t committed to deploying them safely, with potentially severe fallout for economies, public safety, and national security.
The concern isn’t the bug finding by itself. It’s the chaining. Current models can flag high-severity issues one at a time, but Mythos might identify five separate vulnerabilities in a single piece of software and string them into a brand new attack. Anthropic says this marks an inflection point in cybersecurity risks.
Anthropic engineers “with no formal security training” could ask Mythos to find remote code execution vulnerabilities overnight, according to the company. That collapses a skill barrier that used to separate elite hackers from everyone else.
Inside Project Glasswing
Rather than open the door to everyone, Anthropic handed Mythos Preview to a curated group. The launch coalition includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic is committing up to $100 million in usage credits and another $4 million in direct donations to open-source security organizations.
On disclosure, Anthropic says it follows a coordinated vulnerability disclosure framework, waiting 45 days after a patch is available before publishing full technical details so downstream users have time to deploy the fix. That sounds tidy, but handling the output responsibly is a logistical nightmare. Flooding open-source maintainers, many of whom are unpaid volunteers, with an avalanche of critical bug reports could easily do more harm than good.
Governments Are Paying Attention
Before the external release, Anthropic briefed senior U.S. officials, including at the Cybersecurity and Infrastructure Security Agency and the Center for AI Standards and Innovation. On the same day Project Glasswing went public, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell pulled Wall Street executives together to discuss the cybersecurity implications.
Canadian bank executives and regulators met days later under the Canadian Financial Sector Resiliency Group, chaired by Bank of Canada COO Alexis Corbett. That meeting included the Department of Finance, the Office of the Superintendent of Financial Institutions, the six largest Canadian banks, and Desjardins Group.
The Clock Everyone Is Watching
The unsettling part of this story is the countdown. Alex Stamos, chief product officer at Corridor and the former security head at Facebook, estimates only about six months before open-weight models catch up to foundation models in bug finding. Anthropic has said these capabilities emerged not from specialized cyber training but from general improvements every other lab is already pursuing. That means similar models could soon reach criminals, hackers, and nation states, or spread through open source.
Whether Glasswing closes enough holes before that happens will shape the next few years of online security. For now, Anthropic has handed a firehose to defenders and quietly dared the rest of the industry to keep up.
