Anthropic limits Mythos preview access

Anthropic built a model that can find software flaws so well that it is not putting the model on the normal market at all. Instead, since April 7, it has kept Claude Mythos Preview inside a closed program called Project Glasswing with a small set of launch partners and about 40 additional infrastructure groups. (anthropic.com) The reason is simple: the same system that helps a defender spot a hole can help an attacker crawl through it. Anthropic says Mythos Preview can identify and exploit previously unknown flaws in every major operating system and every major web browser it tested, and that it has already found thousands of high-severity vulnerabilities. (anthropic.com) A previously unknown flaw is called a zero-day, which is the software version of a house key nobody knew was missing. If a model can discover those keys faster than humans can change the locks, the safe move is to keep the model behind a guarded counter instead of shipping it like a normal chatbot. (anthropic.com) Anthropic says more than 99 percent of the bugs it found are still unpatched, which is why its public write-up is thin on details. The company says even the oldest bug it found was a now-patched 27-year-old flaw in OpenBSD, an operating system with a long security-first reputation. (anthropic.com) That is why the first users are not random developers. Project Glasswing’s launch group includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks, and Anthropic says those groups are using the model for defensive work only. (anthropic.com) Anthropic is also putting money behind the closed rollout. The company says it is committing up to $100 million in usage credits for Mythos Preview and $4 million in direct donations to open-source security groups, including funding routed through the Linux Foundation and the Apache Software Foundation. (anthropic.com) (linuxfoundation.org) This did not land like a normal product launch on Wall Street. Reuters reported that a Fortune report about Mythos’s cyber capabilities had already knocked down shares of cybersecurity firms such as Palo Alto Networks and CrowdStrike, because investors immediately started asking what happens when bug-hunting shifts from human teams to frontier models. (reuters.com) (finance.yahoo.com) Anthropic is framing the decision as part of a broader safety playbook, not a one-off panic move. In February 2026, the company updated its Responsible Scaling Policy, which says stronger safeguards should kick in when models cross higher-risk capability thresholds. (anthropic.com) That matters because the old assumption was that powerful models would arrive first as public assistants and only later as specialized security tools. Mythos flips that order: the model is arriving first as a tightly controlled instrument for banks, cloud companies, browser makers, and open-source maintainers, with broader access delayed until Anthropic thinks the guardrails are good enough. (cnbc.com) (reuters.com) The deeper shift is that artificial intelligence companies are starting to treat some models less like apps and more like dual-use machinery. A normal language model gets judged on how many people can use it; Mythos is being judged on how few people should. (anthropic.com 1) (anthropic.com 2)