Anthropic limits Mythos preview

Anthropic has built a new Claude model that is good enough at finding software flaws that the company is not releasing it to the public. Instead, Anthropic is keeping “Claude Mythos Preview” inside a tightly controlled trial because it says the same system that can help defenders patch holes could also help attackers break in faster. (anthropic.com) (cnbc.com) The model sits inside a new Anthropic program called Project Glasswing, announced on April 7, 2026. Anthropic says the project is meant to use frontier artificial intelligence for defensive security work before similar capabilities spread widely enough to make cyberattacks easier and cheaper. (anthropic.com) (red.anthropic.com) To understand why Anthropic is treating Mythos differently, it helps to start with what security teams actually do. Modern software is a giant stack of code written by thousands of people across operating systems, web browsers, cloud services, and open-source libraries, and a single overlooked mistake can become a doorway for an intruder. (anthropic.com) (nytimes.com) A vulnerability is that doorway. It can be a bug that lets an outsider read data, run malicious code, or move from one machine to another, often without the victim noticing until after damage is done. (anthropic.com) (securityweek.com) Security researchers spend much of their time looking for these weaknesses before criminals do. They test software, inspect code, and try to reproduce strange behavior, because a flaw is much easier to fix before someone turns it into an exploit, which is a working method for abusing the flaw. (anthropic.com) (nytimes.com) Artificial intelligence can speed up that hunt because a strong model can read huge amounts of code, compare patterns across systems, and keep testing ideas without getting tired. In the best case, that gives defenders a tireless junior analyst that can surface subtle bugs humans might miss. (anthropic.com) (techcrunch.com) The problem is that the same skill works on offense. A model that can spot a hidden weakness can also help reverse-engineer how to exploit it, especially when the target has published a patch but many customers have not installed it yet. (red.anthropic.com) (securityweek.com) Anthropic says Mythos crossed that line. In its technical write-up, the company says the preview model showed an unusual ability to identify and exploit zero-day vulnerabilities, meaning flaws that are not yet known or patched, across major operating systems and major web browsers. (red.anthropic.com) Anthropic also says Mythos can turn “N-day” vulnerabilities into exploits. In plain English, that means the model can take a flaw that has become known to vendors or researchers and quickly figure out how to weaponize it before the rest of the world finishes patching affected systems. (red.anthropic.com) That is why Mythos is not being added to the normal Claude menu. Anthropic says it does not plan to make Claude Mythos Preview generally available, and instead wants to learn how to deploy “Mythos-class” systems safely through a limited program first. (red.anthropic.com) The first group in that program is a small set of major technology partners. Reported launch and preview partners include Apple, Google, Microsoft, Nvidia, and Amazon Web Services, which is Amazon’s cloud computing division. (techcrunch.com) (bloomberg.com) Anthropic’s own Project Glasswing page says the launch partners will use Mythos Preview for defensive security work, and the company says it has also extended access to more than 40 additional organizations that build or maintain critical software infrastructure. Anthropic says it will share lessons from that work so the broader industry can benefit without getting direct access to the model itself. (anthropic.com) Several reports add another detail that helps explain the scale of the effort. VentureBeat reported that Project Glasswing includes up to $100 million in model credits, while outside coverage described the partner list as spanning major technology firms, financial institutions, and infrastructure groups. (venturebeat.com) (computing.net) Anthropic says Mythos has already found “thousands” of major vulnerabilities, but it is withholding almost all specifics because more than 99 percent of the flaws it found have not yet been patched. That is standard coordinated disclosure logic: if you publish details too early, you may be handing attackers a map before defenders can lock the doors. (red.anthropic.com) (tech.yahoo.com) One example from reported coverage shows why Anthropic is being cautious. Computing cited Anthropic’s claims that Mythos uncovered a flaw in OpenBSD that had existed for 27 years, along with older issues in FreeBSD and the FFmpeg media library, which suggests the model may be surfacing bugs that survived decades of human review. (computing.net) This is not the first time Anthropic has framed a model release around safety limits, but Mythos pushes that logic into a new area. The company is effectively arguing that some artificial intelligence systems may become dangerous not because they generate bad text, but because they become unusually effective at practical, high-value attack work in the real world. (anthropic.com) (red.anthropic.com) That puts Anthropic in an awkward but revealing position. It wants to show that its newest system is powerful, but the evidence for that power is exactly why it says broad access would be irresponsible. (cnbc.com) (nytimes.com) The bigger question is whether this becomes a one-off exception or a template for future releases. If more frontier models become good at vulnerability discovery, exploit development, and automated security testing, artificial intelligence companies may end up acting less like app makers and more like firms handling controlled dual-use technology. (anthropic.com) (securityweek.com) For now, the headline is simple: on April