Anthropic has announced Claude Mythos Preview, a new frontier AI model with cybersecurity capabilities so advanced that the company decided not to release it publicly. Instead, Anthropic launched Project Glasswing — a defensive coalition that includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
The goal: use Mythos Preview to find and patch critical software vulnerabilities before attackers develop models with similar capabilities.
What Claude Mythos Preview Can Do
During internal testing over the past few weeks, Anthropic’s research team used Mythos Preview to identify thousands of zero-day vulnerabilities — security flaws previously unknown to software developers — across every major operating system and web browser. In many cases, these bugs had survived decades of human code review and millions of automated security tests.
Three examples stand out. Mythos Preview discovered a 27-year-old denial-of-service vulnerability in OpenBSD, one of the most security-hardened operating systems in the world. It found a 16-year-old flaw in FFmpeg’s H.264 codec that automated fuzzers had run over five million times without catching. And it autonomously identified and fully exploited a 17-year-old remote code execution vulnerability in FreeBSD’s NFS server, granting unauthenticated root access — all without human guidance after the initial prompt.
The model’s exploit development rate is what sets it apart. On Firefox JavaScript engine vulnerabilities, Mythos Preview successfully built working exploits 72.4% of the time. Its predecessor, Claude Opus 4.6, managed close to zero percent on the same tasks. On the CyberGym benchmark, Mythos Preview scored 83.1% compared to Opus 4.6’s 66.6%.
Also Read: OpenAI Raised $122 Billion. The Math Still Doesn’t Close
The Emergent Capability Problem
Anthropic emphasized that these offensive capabilities were not explicitly trained. They emerged as a downstream consequence of improvements in coding, reasoning, and autonomous task execution. The same skills that make the model better at writing and fixing code also make it better at breaking it.
This raises a critical question for the AI industry: if one lab’s general-purpose model can accidentally develop elite-level hacking capabilities, how long before another model does the same — potentially without the same safety culture?
Project Glasswing: the Defensive Play
Rather than releasing Mythos Preview commercially, Anthropic is restricting access to Project Glasswing partners and a group of over 40 additional organizations that maintain critical software infrastructure. The company is committing up to $100 million in usage credits for Mythos Preview across these defensive efforts, along with $4 million in direct donations to open-source security organizations.
Partners use the model exclusively to scan and fix vulnerabilities in their own software and open-source projects they maintain. All discovered vulnerabilities go through coordinated disclosure.
Currently, over 99% of the zero-day vulnerabilities discovered by Mythos Preview remain unpatched.
What This Means For The AI Industry
This is the first time a major AI lab has withheld a frontier model from public release specifically because of its offensive cybersecurity capabilities. It sets a precedent — but also exposes a tension. The defensive advantage Anthropic is building through Project Glasswing is real, but it is inherently temporary. As frontier model capabilities continue to advance, similar abilities will likely emerge in competing models.
Anthropic acknowledged this directly: given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors committed to deploying them safely. The race between AI-powered attackers and AI-powered defenders has officially started.
