Anthropic just built its most powerful model — and decided not to release it to the public.
Claude Mythos Preview is real, and the reason it’s restricted has nothing to do with business strategy. It found thousands of zero-day vulnerabilities across every major operating system and every major web browser. Some of those bugs had been hiding for decades.
What Is Claude Mythos Preview?
Claude Mythos Preview is Anthropic’s most capable model, released April 7, 2026 — but only to a restricted set of security partners.
It is not available through the standard Claude API. It is not available in Claude.ai. Access is gated through Project Glasswing, Anthropic’s coordinated vulnerability response program.
The model exists. It works. Anthropic just decided the risk of public release is too high right now.
Claude Mythos Benchmark Numbers
The performance gap is significant. According to Anthropic’s system card:
| Benchmark | Score |
|---|---|
| SWE-bench Verified | 93.9% |
| Terminal-Bench 2.0 | 82% |
| SWE-bench Pro | 77.8% |
For context: Claude Opus 4.6 scores around 72% on SWE-bench Verified. GPT-5.4 is in a similar range. Mythos is not an incremental improvement — it is a different category of capability.
93.9% on SWE-bench Verified means Mythos can resolve the vast majority of curated GitHub issues in the benchmark suite — autonomously, without human guidance.
Zero-Day Vulnerabilities Found by Claude Mythos
Anthropic ran Mythos against real software. The results were alarming.
Mythos found thousands of zero-day vulnerabilities — unpatched, previously unknown flaws — across:
- Every major operating system (Linux, macOS, Windows, FreeBSD, OpenBSD)
- Every major web browser (Chrome, Firefox, Safari, Edge)
- Widely used open-source libraries
It did not just find them. It exploited them. Fully autonomously. No human in the loop.
The 27-Year-Old Bug
One example stands out.
Mythos found a vulnerability in OpenBSD that had been in the codebase for 27 years. It was not just discovered — Mythos built a working exploit for it with no human guidance.
A separate case: a 16-year-old FFmpeg bug, also autonomously exploited.
And perhaps the most significant: CVE-2026-4747, a 17-year-old remote code execution vulnerability in FreeBSD’s NFS implementation. Unauthenticated. Full root access from the internet. Mythos built a 20-gadget ROP chain to exploit it — on its own.
These are not simple memory bugs. ROP chains require deep understanding of CPU architecture, memory layout, and exploit technique. Mythos did this without being asked to explain itself or wait for human review.
Why Anthropic Refused to Release It
Anthropic made the decision that releasing Mythos publicly would give attackers a significant advantage before defenders could respond.
The model can find and exploit vulnerabilities faster than most security teams can patch them. If it were widely available, the window between “discovered” and “exploited in the wild” would collapse from weeks to hours.
On April 10, US Treasury Secretary Bessent and Fed Chair Powell held an emergency meeting with major bank CEOs specifically to discuss Mythos-level cybersecurity risk. That is not a normal event.
Project Glasswing: Using AI to Defend the Internet
Instead of a public release, Anthropic launched Project Glasswing — a coordinated program to use Mythos offensively for defense before attackers can use it offensively for attack.
12 launch partners signed on immediately:
- Amazon Web Services
- Apple
- Cisco
- CrowdStrike
- JPMorganChase
- Linux Foundation
- Microsoft
- NVIDIA
- Palo Alto Networks
- Broadcom
40+ additional organizations joined the broader program.
Anthropic committed $100 million in API usage credits and $4 million in open-source grants to fund the patching effort.
Access to Mythos through Glasswing is priced at $25 per million input tokens and $125 per million output tokens — available on Claude API, Amazon Bedrock, Google Vertex AI, and Microsoft Foundry.
The goal: find and patch the vulnerabilities Mythos discovered before anyone else finds them independently.
What This Means for Developers
A few practical takeaways.
The security landscape just changed. If Mythos can find thousands of zero-days in mature, widely audited codebases, every assumption about software security needs updating. The bugs Mythos found were not obvious. They had survived decades of human review.
AI-assisted security is now real. Not in the “AI helps you write a regex to parse logs” sense. In the “AI builds working exploits for 17-year-old kernel bugs” sense. Security teams that are not using AI-level tooling will be at a structural disadvantage.
The responsible disclosure model is under pressure. The traditional timeline — find, report, wait 90 days, publish — assumes human-speed discovery. Mythos breaks that assumption. If one model can find this many bugs this fast, the coordinated response needs to scale accordingly.
Glasswing is a template, not a solution. Even with $100M in credits and 50+ partners, patching everything Mythos found will take time. In the meantime, the vulnerabilities exist.
What Should You Do?
If you maintain open-source software or run infrastructure, check whether your organization qualifies for Project Glasswing access. Even if you don’t, the lesson is clear: start integrating AI-powered security scanning into your pipeline now. The gap between AI-discovered vulnerabilities and human-speed patching is only going to widen.
Related Articles