An engineer without cybersecurity experience gives Mythos a task: find a vulnerability for remote code execution. By morning, he has a ready, working exploit. This is not a hypothetical scenario — this is exactly how Anthropic describes the capabilities of its new model in a technical report from April 7, 2026.
What Mythos can do — and why it's a problem
According to Anthropic, over several weeks Claude Mythos Preview autonomously discovered thousands of critical zero-day vulnerabilities in every major operating system and every major browser. Among them — a 27-year-old bug in OpenBSD and a 17-year-old vulnerability in FreeBSD that granted full root access to any unauthorized user on the internet via NFS. The latter received the identifier CVE-2026-4747.
The model doesn't just find bugs — it writes exploits. In one documented case, Mythos chained four vulnerabilities into a browser exploit with a complex JIT heap spray that broke through both renderer protection and OS sandbox. This isn't a "proof of concept" — it's a full-fledged weapon.
"The fallout — for economies, public safety and national security — could be serious"
Newton Cheng, Frontier Red Team Cyber Lead, Anthropic — VentureBeat
Notably, Mythos was not specifically trained on cybersecurity. It's a general frontier model with strong agentic and coding abilities — and this "side" competency turned out to be dangerous. For comparison: Anthropic's previous public model, Opus 4.6, found approximately 500 zero-days in open source software. Mythos — orders of magnitude more.
Project Glasswing: controlled access instead of blocking
Instead of shelving the model or releasing it publicly, Anthropic chose a third path. Project Glasswing — an initiative with 12 partners given access exclusively for defensive tasks: scanning their own and open-source code. The consortium includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, Nvidia and Palo Alto Networks.
The name is no accident: glasswing is a butterfly with transparent wings. According to an Anthropic representative Penn, the metaphor reflects the nature of software vulnerabilities — they are "relatively invisible" until someone knows where to look.
- Partners gain access to the model for scanning their own code
- Discovered vulnerabilities — those already identified — must be closed before similar capabilities appear in less controlled models
- Anthropic plans to gradually develop safeguards on weaker Opus-class models to eventually scale Mythos-class more broadly
According to CNBC, Anthropic is conducting "ongoing consultations" with the US government — including with CISA and the Center for Standards and Innovation in AI. A company representative refused to confirm whether the Pentagon was informed.
Where the logic cracks
The Glasswing scheme relies on a premise that should be stated plainly: Anthropic believes other labs will soon have similar capabilities — and wants defenders to get there first. But the same argument can be turned around: if proliferation is inevitable, why is a closed consortium of 12 corporations the right answer rather than, say, coordinated disclosure through CERT?
As The Register notes, Anthropic is effectively describing a zero-day engine — a system capable of massively generating cyber weapons. The fact that it's being used for patching now doesn't change the architectural fact: the model is equally well suited for attack.
Mythos Preview reproduces known vulnerabilities and generates working proof-of-concept exploits on the first try in 83.1% of cases — a level unreachable for most human researchers.
If Anthropic truly expects competitors — OpenAI, Google, Chinese open-source projects — to have similar toolkits within months rather than years, then the real question is not "should Mythos be released," but rather: will Glasswing be able to close critical vulnerabilities faster than the first copy of a similar model ends up in unrestricted hands?
