Anthropic has been testing a Claude variant called Claude Mythos Preview that, according to the company’s own reporting and partner feedback, changes the cybersecurity equation in a pretty uncomfortable way.
Not because it writes better code. Lots of models do that now.
Because it can allegedly do the thing defenders and attackers both care about most: find real vulnerabilities, turn them into working exploits, and do it fast. Fast enough that the normal timelines of “someone finds a bug, someone triages it, a patch ships, most people update eventually” start to feel… outdated. Like the window between discovery and exploitation shrinks into almost nothing.
That is the core reason Project Glasswing exists.
What “Mythos” actually is (and what “Preview” implies)
Claude Mythos Preview is described as an advanced model in the Claude family tuned for high end software security work, especially vulnerability research.
“Preview” matters here. It is not generally available. Access is restricted because the capability profile is considered risky, and the goal is to figure out how to deploy “Mythos class” models without lighting the internet on fire. Or at least, without making exploitation so cheap and scalable that the whole ecosystem can not keep up.
Anthropic has published a system card for Mythos Preview describing capabilities, safety properties, and general behavior. The high level story is consistent across the material: this model is unusually strong at security tasks, and the company is treating that as a dual use problem, not a normal product launch.
The claim that makes everything else make sense
The headline claim is basically this:
Mythos Preview can autonomously identify and exploit vulnerabilities and can develop exploits without human guidance, compressing work that often takes experts weeks into hours.
If you accept that as even partially true, a bunch of implications follow immediately:
- The bottleneck in offensive security shifts.
- The economics change.
- The volume changes.
- The internet’s “bug discovery to patch to update” cycle becomes the weak link.
And that last part is the scary one. The modern internet kind of assumes attackers do not get infinite elite labor. If exploit development becomes cheap, rapid, and parallelizable, then the fabric of day to day trust online gets brittle. Not one catastrophic break, more like constant cracking.
Reported capabilities: why Mythos is a different kind of powerful
Anthropic’s messaging around Mythos Preview centers on a few specific capabilities that stand out.
1. It finds lots of critical flaws, not just toy bugs
The reported result is thousands of critical flaws, including zero day vulnerabilities. That scale matters.
Human vulnerability researchers are good, but the throughput is limited. A rough point made in the background here is that humans find on the order of ~100 serious vulnerabilities annually in many contexts. Mythos, by contrast, is positioned as an engine that can keep going. No fatigue. No switching costs. No “this codebase is boring, I’m done.”
2. It catches logic level bugs that humans miss
A model that only finds obvious memory safety issues is already useful, but not civilization threatening.
The more worrying category is logic bugs and subtle behavior chains. That is where real exploitation often lives. And it is also where static analyzers and many automated tools tend to struggle, because you need to reason about intent, invariants, state transitions, weird edge cases.
Mythos Preview is reported to be strong exactly there.
3. It collapses exploit development time
This is the difference between “finding vulnerabilities” and “operationalizing them.”
Mythos Preview is described as compressing exploit development from weeks to hours, and in at least one case a vulnerability analysis is framed as costing $20,000 for a decades old vulnerability. The dollar number is less important than what it implies: the model is doing labor that normally demands scarce expertise.
And once you can do that labor quickly, you can do it repeatedly. Across many targets.
4. It apparently hits everything important
A particularly blunt statement in the provided context is that Mythos found high severity vulnerabilities in every major operating system and web browser.
If that holds, it is basically the definition of systemic risk. Because the internet is not one product. It is a dependency graph of a million things, sitting on a small set of foundational components that everyone shares.
Concrete examples that were shared
A few examples get referenced as proof points.
- OpenBSD: a 27 year old vulnerability that could cause remote crashes.
- FFmpeg: a 16 year old vulnerability that was missed by testing tools.
- Linux kernel: vulnerabilities that could enable user access escalation.
The important bit is not the age of the bugs, although that is embarrassing. The important bit is that these are serious, real world targets, and the model is being described as capable of not only identifying weaknesses but also working through exploitation pathways.
Anthropic says reported vulnerabilities were patched, and for unrevealed ones they provide a cryptographic hash (a way to commit to the existence of specific findings without disclosing them publicly).
Benchmarks and performance signals that keep coming up
There is a lot of benchmarking language around Mythos Preview. Some of it is generic “it scores highly,” but a few items matter more for this particular story.
CyberGym benchmark
A named point is that the CyberGym benchmark shows Mythos Preview outperforming Claude Opus 4.6 at cybersecurity vulnerability reproduction.
That is a specific type of skill: recreate and validate vulnerabilities, which is close to what attackers need and what defenders need for reliable patching.
SWE bench, Terminal Bench, BrowseComp
The model is also associated with high scores on coding and tool use tasks, including:
- SWE bench Verified/Pro/Multilingual
- Terminal Bench 2.0 and later Terminal Bench 2.1 updates, with Mythos Preview reportedly reaching 92.1% under a harness called Terminus 2, with long context and adaptive thinking settings described.
- BrowseComp, where Mythos Preview is described as beating Opus 4.6 with 4.9× fewer tokens.
These are not “security benchmarks” directly, but they map to a practical reality: to find and fix vulnerabilities at scale, the model needs to read huge codebases, use tools, run commands, reason across long chains, and not fall apart halfway.
There is also a note that Mythos Preview does well on Humanity’s Last Exam at low effort with a caveat about possible memorization. That is more of an academic footnote, but it shows Anthropic itself is flagging evaluation nuance, at least in some areas.
Why this threatens the current fabric of the internet
The internet’s security posture is not built on perfect software. It is built on timing and asymmetry.
- Attackers have incentives, but limited elite labor.
- Defenders have more total resources, but slower coordination.
- Vulnerabilities get found and patched, but not instantly.
- Many systems do not update quickly, sometimes never.
Now imagine a world where a capable actor can run something like Mythos as a pipeline:
- ingest massive amounts of open source and closed source code (where available)
- locate promising weakness patterns
- generate proof of concept exploits
- validate exploitation in realistic environments
- repeat across OS, browsers, libraries, cloud services
If the “exploit creation” phase drops from weeks to hours, two things happen.
First, the number of exploitable vulnerabilities that can be operationalized explodes. Even if the percentage success rate is not perfect, the volume makes up for it.
Second, the time window defenders rely on collapses. The period between “bug exists” and “bug is actively exploited” becomes extremely small. Sometimes effectively zero. That puts pressure on everything downstream: disclosure processes, triage, patch development, staged rollouts, customer updates, coordinated vulnerability disclosure norms.
So instead of isolated incidents, you risk a steady state where exploitation is the default.
That is what people mean when they say a model like this could break the current fabric of the internet. Not magic hacking. Just relentless scale applied to a system that still depends on humans doing careful work in sequence.
The obvious objection: attackers benefit too
Cybersecurity specialists have been warning about this for a while. Any major leap in automated vulnerability discovery and exploitation is dual use.
If defenders get it, attackers will want it. If attackers get it, defenders might not keep up.
This is the central tension around Mythos Preview. The capability itself is not inherently “good” or “bad,” it is leverage. And leverage spreads.
So Anthropic’s response was not “ship it.” It was “limit it.”
Project Glasswing: what it is and why it was created
Project Glasswing is Anthropic’s controlled access program for Mythos Preview, designed to focus its use on defensive security and on improving security in foundational, widely used systems.
It is essentially a gated deployment strategy:
- give access to a small set of vetted partners
- focus work on vulnerability discovery, reproduction, triage, and patching
- harden open source and critical infrastructure components
- learn what safeguards are required before anything like this can be scaled
Glasswing is positioned as a way to get the benefits of Mythos class models without immediately commoditizing exploitation.
Who is involved (partners list)
Project Glasswing includes organizations across cloud, hardware, OS, security tooling, finance, and open source infrastructure, including:
- Amazon Web Services
- Apple
- Broadcom
- Cisco
- CrowdStrike
- JPMorgan Chase
- Linux Foundation
- Microsoft
- NVIDIA
- Palo Alto Networks
The mix is not random. It is basically a map of where modern computing actually runs and who can push patches, coordinate responses, and harden the supply chain.
What partners are using it for
The stated use is defensive security work, especially:
- identifying vulnerabilities and weaknesses in foundational systems
- helping reproduce issues reliably
- generating fixes and patches
- scaling triage and remediation work that maintainers cannot keep up with
A key theme is open source. Many critical components are maintained by small teams with limited time. If Mythos can help them find and fix flaws faster, that is a big deal. Also a sensitive deal, because the same insights could be weaponized.
Partner feedback is highlighted as supportive of Mythos Preview’s ability to identify and fix vulnerabilities at scale. That “at scale” phrase keeps repeating, because scale is the whole point, and also the whole risk.
Governance and the government angle
Anthropic also mentions ongoing discussions with US government officials about Mythos Preview and its cyber capabilities, and a willingness to collaborate on national security risks and readiness planning.
That is not just PR. Once a model is believed to materially change offensive capability, it becomes a national security issue. Even if the model never leaks. Even if it never gets released broadly. Because others will build similar systems, and because the defensive posture needs to evolve ahead of that curve.
The broader plan: safeguards, standards, and not doing this alone
Mythos Preview is explicitly not framed as the final product state. The stated aim is to enable safe deployment of Mythos class models at scale, with safeguards developed alongside upcoming Claude models.
Project Glasswing is also described as a seed for a larger cross industry and public sector effort. There is even a suggestion that the industry should create standards and potentially an independent third party body to continue the work around large scale cybersecurity projects.
Because if AI collapses the time between vulnerability discovery and exploitation, this stops being a “tool choice” conversation. It becomes an ecosystem redesign conversation.
What to take away from all of this
- Claude Mythos Preview is being positioned as a step change in autonomous vulnerability research and exploit development, with reports of finding thousands of critical flaws and shrinking exploit timelines dramatically.
- That kind of capability, if widely available, could overwhelm current disclosure and patching processes, stressing the internet’s basic security assumptions.
- Project Glasswing exists as the containment and deployment strategy: limited access, defensive focus, partnerships with organizations that can actually patch foundational systems, and funding for open source security.
- The uncomfortable truth sitting underneath: the capability trend is pointing one way. Faster discovery, faster exploitation, less time to react. Glasswing is an attempt to buy time and harden the world before the same power becomes broadly accessible elsewhere.