Anthropic's Mythos flags vulnerability wins

Cybersecurity is the domain here — and the stakes are unusually direct. If one model can find and exploit software flaws faster than human teams, then the gap is no longer “can AI help with security?” It’s whether defenders can adopt the new tool before attackers do. That’s why Anthropic’s April 7 move mattered: it introduced Claude Mythos Preview as a highly capable general model with standout cyber skills, then kept it out of general release and funneled it into a restricted defense program called Project Glasswing. (anthropic.com) ### What actually launched? Project Glasswing is Anthropic’s controlled rollout for Mythos Preview. Launch partners include AWS, Apple, Cisco, Google, JPMorganChase, Microsoft, NVIDIA, Palo Alto Networks, the Linux Foundation, and others, with over 40 additional organizations getting access to scan and secure critical software. Anthropic also committed up to $100 million in usage credits and $4 million in donations to open-source security groups. (anthropic.com) ### Why is Mythos different? Anthropic is not pitching Mythos as a narrow bug-finding appliance. It describes Mythos Preview as its most capable frontier model overall, but says the jump in cybersecurity performance was strong enough that it changed the release decision. The system card says Anthropic chose not to make the model generally available and instead limited it to defensive cybersecurity work wi(anthropic.com)s the model crossed a threshold where normal product rollout would be too risky. (www-cdn.anthropic.com) ### What did it actually find? The headline claim is big. Anthropic says Mythos identified and exploited zero-day vulnerabilities in every major operating system and every major web browser during testing, and that many of the bugs were subtle, old, and hard to detect. The oldest disclosed example was a now-patched 27-year-old OpenBSD bug. Anthropic also says more th(www-cdn.anthropic.com)why the public evidence looks thinner than the internal claim. (red.anthropic.com) ### Why do the OpenBSD and FFmpeg examples matter? Because those are not toy targets. OpenBSD has a reputation for aggressive security hardening, so a 27-year-old flaw surviving there is a strong signal that the model is surfacing things humans missed for decades. FFmpeg matters for a different reason — it is ancient, everywhere, and hammered constantly by researchers and fuzzers. If Mythos can sti(red.anthropic.com)e is that “well-reviewed” no longer means “well-exhausted.” (red.anthropic.com) ### Why are banks suddenly in this story? Because banks run sprawling, old, business-critical systems — exactly the kind of environment where latent vulnerabilities can hide. In April, major Wall Street banks began testing Mythos internally, while U.S. officials encouraged evaluation of the model for defensive use. European regulators and bank executives also started discussing access and risk revi(red.anthropic.com)y a shield, a threat, or both. (bloomberg.com) ### Why keep it locked down? The catch is simple — a model that helps defenders find weaknesses can also help attackers chain them together. Anthropic briefed senior U.S. officials before any outside release and discussed the model with agencies including CISA and NIST’s Center for AI Standards and Innovation. Nextgov also reported in(bloomberg.com)nse, espionage, and offense all at once. (nextgov.com) ### So what’s the real story? It’s not just that Anthropic built a strong security model. It’s that the company is treating frontier cyber capability as something closer to controlled infrastructure than a normal AI launch. If Mythos scales inside enterprise and open-source defense workflows, Glasswing could look like the first serious template for how to deploy dangerous-but-useful models without just throwing them onto the open market. (anthropic.com) ### Bottom line Mythos matters because it suggests software defense may be entering an arms-race phase where the winning move is not better alerts, but machine-speed vulnerability discovery. Anthropic’s bet is that the safest first customer for that power is the defender. (anthropic.com)