Anthropic's Claude Mythos: The AI Model Too Powerful for Public Release
Anthropic just announced Claude Mythos Preview, a frontier AI model with cybersecurity capabilities so advanced that the company decided not to release it to the public. Instead, it launched Project Glasswing, a defensive coalition with 11 of the biggest names in tech.
Today marks what Anthropic is calling a "watershed moment" in AI and cybersecurity. The San Francisco-based AI company unveiled Claude Mythos Preview, a general-purpose frontier model that has demonstrated an unprecedented ability to find and exploit zero-day vulnerabilities across every major operating system and web browser. In the same breath, Anthropic announced that the model will not be made generally available. Instead Anthropic launched Project Glasswing, an industry-wide initiative to put those capabilities in the hands of defenders first.
What Is Claude Mythos Preview?
Claude Mythos Preview is the latest and most capable model in Anthropic's Claude family of AI systems. While it is a general-purpose model, not one specifically trained for security work, its advanced coding and reasoning abilities have produced extraordinary results in vulnerability research. According to Anthropic's own disclosures, these cyber capabilities emerged as a downstream consequence of broad improvements in the model's intelligence, not from explicit offensive-security training.
The benchmark numbers tell the story. On SWE-bench Pro, the software engineering industry's most closely watched evaluation, Mythos scores 77.8% compared to 53.4% for Claude Opus 4.6, Anthropic's previous flagship. On SWE-bench Verified, the gap is even wider: 93.9% versus 80.8%. The CyberGym vulnerability reproduction benchmark shows Mythos at 83.1% against Opus 4.6's 66.6%, and Terminal-Bench 2.0 results land at 82.0% versus 65.4%. Perhaps the most striking result is SWE-bench Multimodal, where Mythos scores 59.0% compared to just 27.1% for its predecessor -- a leap that suggests a qualitative shift in the model's ability to reason about complex codebases.
Finding Decades-Old Vulnerabilities in Hardened Code
The practical implications of these capabilities are difficult to overstate. During evaluation, Mythos Preview discovered thousands of high- and critical-severity vulnerabilities across operating systems, web browsers, media libraries, cryptography implementations, and web applications. Many of these bugs had survived decades of manual auditing and automated fuzzing.
Among the most notable discoveries: a 27-year-old vulnerability in OpenBSD's TCP SACK handling that could crash systems remotely via a signed integer overflow; a 16-year-old memory corruption flaw in FFmpeg's H.264 codec that evaded five million automated fuzz tests; and a 17-year-old remote code execution vulnerability in FreeBSD's NFS implementation (CVE-2026-4747) that allows unauthenticated root access. On Linux, the model demonstrated the ability to chain two to four separate vulnerabilities together, using techniques like KASLR bypass, to achieve full privilege escalation from an unprivileged user.
In comparative testing on Firefox, Mythos achieved 181 successful vulnerability exploits compared to just 2 for Opus 4.6. In OSS-Fuzz testing across 7,000 entry points, Mythos produced 595 crashes at lower severity tiers and 10 instances of complete control flow hijack, versus essentially zero for the prior generation.
Project Glasswing: A Defensive-First Approach
Rather than releasing Mythos to the public and hoping for the best, Anthropic chose a controlled-access strategy through Project Glasswing. The initiative brings together 11 major technology partners: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. An additional 40-plus organizations responsible for critical software infrastructure will also receive access.
The financial commitment is substantial. Anthropic is providing up to $100 million in model usage credits for participating organizations, along with $2.5 million directed to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5 million to the Apache Software Foundation. Model access is priced at $25 per million input tokens and $125 per million output tokens, available through the Claude API, Amazon Bedrock, Google Vertex AI, and Microsoft Foundry.
For lawyers, that changes the frame. Project Glasswing is not just an AI story. It is a governance story, a disclosure story, a contract story, and a liability story. Anthropic’s own risk report says Claude Mythos Preview is its latest and most capable model, is used heavily inside Anthropic for coding, data generation, and other agentic use cases, is available only to certain customers in a limited-release research preview, and carries an overall risk assessment that is “very low, but higher than for previous models.” That is not the language of ordinary feature shipping. That is the language of controlled deployment under escalating legal and operational stakes.
The structure of the rollout reinforces the point. Anthropic says Project Glasswing brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic also says it extended access to more than 40 additional organizations that build or maintain critical software infrastructure, while committing up to $100 million in usage credits and $4 million in direct donations to open-source security organizations. Google Cloud describes Mythos Preview as available in Private Preview on Vertex AI for a select group of customers, and AWS describes access as a gated research preview for a small number of organizations. In other words, the release model is itself a legal and policy statement: frontier capability now demands staged access, infrastructure partnerships, and enterprise controls.
That is why Claude Mythos Preview should matter to legal departments well beyond cybersecurity counsel. When a model can compress the gap between vulnerability discovery and exploit development from weeks to hours, the legal implications move quickly to the foreground. Software vendors will face tougher questions about “reasonable security.” Boards will need sharper reporting around AI-enabled cyber risk. Contracts will need more precise language around model access, incident response, indemnities, audit rights, and data handling. Regulators will not be far behind. The release of Claude Mythos Preview suggests that the legal issues surrounding frontier AI are no longer hypothetical future concerns. They are present-tense operational concerns.
Law students and young lawyers should pay attention for a different reason. This release is a career signal. The next wave of legal value will not belong only to the lawyer who can describe what a model is. It will belong to the lawyer who can govern where it runs, what it touches, how it is contractually bounded, when it triggers disclosure duties, and what happens when it fails. The firms and legal teams that matter most in the next phase will not treat AI as a novelty layered on top of old workflows. They will treat it as infrastructure. And infrastructure always becomes law. That broader shift is already visible in how Anthropic, Google Cloud, AWS, and security partners are framing Mythos: not as a chatbot event, but as a capability-and-governance event.
The strategic logic is straightforward, if AI models have reached a capability level where they can surpass all but the most skilled human security researchers at finding and exploiting vulnerabilities, then defenders need those same tools before adversaries develop comparable systems. Anthropic has framed this as both a defensive necessity and a national security imperative.
What This Means the Future
The arrival of Mythos-class models represents a fundamental shift in how organizations will need to think about software security. Anthropic's own guidance to the industry is telling: dramatically shorten patch cycles and enable auto-updates, automate incident response pipelines, review and update vulnerability disclosure policies, and begin integrating AI into defensive security workflows now -- even with existing, less powerful models.
Anthropic has committed to responsible disclosure timelines of 90 plus 45 days for the vulnerabilities Mythos has discovered, and has published SHA-3 cryptographic commitments for vulnerabilities that have not yet been publicly patched, allowing future verification without revealing exploit details prematurely. Over 99% of discovered vulnerabilities remain unpatched as of the announcement.
The company also noted important limitations. Mythos cannot exploit every vulnerability it finds, thanks to modern defense-in-depth architectures. It produces false positives on certain vulnerability classes, and human validation remains critical for triage. Still, the scale and speed of automated vulnerability discovery represent a dramatic change from the status quo.
What Everyone on X Is Saying
X exploded the moment the announcement hit. Reactions range from awe to memes:
“Holy smokes… Claude Mythos is so good at finding critical bugs Anthropic is not releasing it publicly. We are cooked 💀”
Developers and security pros are sharing jaw-dropping exploit examples and calling it “the end of manual pentesting as we know it.”
Prediction markets are already pricing in when (or if) a safer public version arrives.
Many are excited about the defensive focus: “Finally, AI that fixes bugs faster than it creates them.”
The buzz has been building since March leaks revealed the model’s existence, but today’s official drop with real examples and the Glasswing partnership has taken it mainstream.
Looking Ahead
Anthropic has indicated plans to develop cybersecurity-specific safeguards, a Cyber Verification Program for legitimate security professionals, and integration of new protections into upcoming Claude Opus models. The clear implication is that Mythos-class capabilities will eventually be more broadly available but only after appropriate guardrails are in place.
For now, Claude Mythos Preview is not available to the general public. Its existence, however, serves as a clear signal: AI-driven vulnerability discovery at scale is no longer theoretical. The question facing every organization that ships software is no longer whether AI will be used to probe their code for weaknesses, but when .