Anthropic has decided to do something unusual in the AI industry: announce one of its most advanced models while making it clear that it does not plan to release it to the general public. The company unveiled on April 7th Claude Mythos Preview, a new general-purpose model that, according to its own assessments, has made a significant leap forward in offensive and defensive cybersecurity tasks. The firm claims that the system has been capable of finding and exploiting zero-day vulnerabilities in major operating systems and browsers during internal testing, and that this improvement is serious enough to justify a highly restricted deployment.
Instead of marketing Mythos as a new premium version of Claude, Anthropic launched Project Glasswing — a joint initiative with Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The goal is for a limited group of major players to use the model to reinforce critical software and infrastructure before similar capabilities start to proliferate across other systems. Anthropic has committed up to $100 million in usage credits for the model and an additional $4 million for open source security organizations.
The message is not “we’ve launched a model,” but “we’ve crossed a threshold”
The most significant aspect of the announcement is not just the performance metrics but the thesis that Anthropic presents. The company states that Mythos Preview was not specifically trained to exploit software vulnerabilities; rather, its cybersecurity capabilities emerged from broader improvements in reasoning, programming, and autonomy. This distinction is important because it suggests that the offensive leap does not necessarily depend on ultra-specialized training but on general-purpose models continuing to improve in coding and task coordination.
In its technical report, Anthropic claims that Mythos identified high-impact flaws in OpenBSD, FFmpeg, FreeBSD, cryptographic libraries, web applications, virtual machines, and the Linux kernel. It also states that the model could chain multiple vulnerabilities to craft operational exploits, surpassing Opus 4.6 in autonomous exploitation tasks. Among the publicly disclosed examples are a 27-year-old bug in OpenBSD, a 16-year-old vulnerability in FFmpeg, and a remote code execution in the FreeBSD NFS server identified as CVE-2026-4747. Anthropic further emphasizes that over 99% of the findings were still unpatched at the time of reporting, limiting the details it can disclose for responsible reasons.
Glasswing is a defensive reaction but also a market warning
The approach chosen by Anthropic reveals that the company considers Mythos significantly more sensitive than a typical model. Glasswing is not meant as a beta for curious clients but as a controlled deployment for actors with clear responsibilities over critical software. Reuters summarized this as an attempt to put potentially very dangerous technology into the hands of defenders first, before similar capabilities become widely accessible.
This stance markedly shifts the industry’s usual tone. Over the past two years, the industry has tended to present every capacity leap as a direct commercial improvement. Here, instead, the narrative is almost the opposite: Anthropic suggests that the model is too powerful in a specific dimension to be released freely. The implicit message is that cybersecurity is ceasing to be a secondary domain within AI and is becoming one where technical advances could alter the balance of power between defenders and attackers more quickly.
Beyond marketing: what’s changing for the tech ecosystem
For a tech-focused outlet, the interesting takeaway is not just whether Anthropic is exaggerating or not but what trend it is attempting to anticipate. If models like Mythos greatly reduce the cost of discovering, classifying, and exploiting bugs, then the traditional security cycle — discovery, validation, patching, deployment — accelerates and becomes more aggressive. This impacts software vendors, open source maintainers, distributors, cloud infrastructure teams, and incident response units. Anthropic emphasizes precisely this: not only should vulnerabilities be found faster, but they should also be triaged, patched, and deployed with less delay.
Glasswing also clearly signals that the next phase of offensive and defensive security will be much more industrialized. It is no coincidence that hyperscalers, cybersecurity providers, major banks, and open source organizations are involved. Each controls part of the global attack surface: cloud, endpoints, financial services, critical libraries, compilers, kernels, cryptographic frameworks, and core software. If Anthropic is correct and the volume of vulnerabilities that AI can uncover will grow drastically, no large organization will be able to manage this with purely manual processes.
Benchmarks matter, but the key point is the decision not to open it
Anthropic supports its announcement with comparisons across CyberGym and various development benchmarks such as SWE-bench Verified, SWE-bench Pro, Terminal-Bench 2.0, BrowseComp, among others. In all of them, Mythos ranks higher than Opus 4.6, sometimes with significant margins. The company also acknowledges some technical nuances, such as possible memorization signals in Humanity’s Last Exam and methodological differences in some multimodal tests. While these details matter, the truly crucial point is another: the company has chosen to treat this model as a restricted-use tool rather than an open-market product.
This decision makes Mythos a broader signal for the industry. Even if other labs do not share the same pace or risk assessment, the direction seems clear: the combination of more autonomous models, better coding, and improved reasoning is beginning to touch an especially sensitive area — the automated exploitation of vulnerabilities. Anthropic itself argues that, long-term, these capabilities should benefit defenders more than attackers, much like fuzzers did. But it also admits that the transition period could be turbulent. That is likely the most important takeaway from this entire announcement.
Frequently Asked Questions
What exactly is Claude Mythos Preview?
It’s a general-purpose model from Anthropic announced on April 7, 2026, with particularly strong performance in cybersecurity tasks such as vulnerability hunting, exploit generation, reverse engineering, and attack chaining, according to the company’s internal evaluations. Anthropic does not intend to make it publicly available for now.
What is Project Glasswing?
It’s a coordinated initiative led by Anthropic for a limited group of major companies and organizations managing critical software to use Mythos Preview for defensive purposes. Partners include AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
Has Anthropic independently demonstrated that Mythos finds thousands of zero-days?
Not fully or independently at this point. The company has published concrete technical examples and states that the vast majority of the findings remain undisclosed because they were not yet patched when writing the report. Thus, some of its strongest claims are still pending independent verification.
Can Mythos be used via API or on major cloud platforms?
Yes, but only within the program and by invitation. Anthropic indicates that participants can access the model through its API and platforms like Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.
Source: Anthropic presents Mythos