Anthropic withholds Mythos
Anthropic has limited access to its most powerful model, Mythos, after the system reportedly identified thousands of critical flaws across major operating systems and browsers. (crypto.news) The decision has been framed as a safety-first withholding rather than a standard public launch, with the company coordinating patching and hardening work with industry partners. (x.com)
A software vulnerability is a hidden mistake in code, like a door in a bank that looks locked but opens if you push the frame the right way. Anthropic says its new model, Claude Mythos Preview, got unusually good at finding those doors and then figuring out how to use them. (anthropic.com) Anthropic says Mythos Preview found thousands of high-severity vulnerabilities in every major operating system and every major web browser during just a few weeks of testing. The company says the model can also turn some of those bugs into working exploits, which is the step from “I found a crack” to “I can break in through it.” (anthropic.com) (red.anthropic.com) That is why Anthropic did not do a normal product launch on April 7, 2026. It limited access to a small group of companies and security teams instead of putting the model on a public menu where anyone could try it. (axios.com) (cnbc.com) The company wrapped that limited rollout inside a program called Project Glasswing. Anthropic says the first launch partners include Amazon Web Services, Apple, Cisco, Google, JPMorganChase, Microsoft, NVIDIA, Palo Alto Networks, Broadcom, CrowdStrike, and the Linux Foundation. (anthropic.com) Anthropic says more than 40 additional organizations that build or maintain critical software infrastructure also got access. The company says it is committing up to $100 million in usage credits and $4 million in direct donations to open-source security groups. (anthropic.com) The technical detail that jumps out is age. Anthropic says many of the flaws Mythos found were 10 or 20 years old, and the oldest disclosed example was a now-patched 27-year-old bug in OpenBSD, an operating system with a reputation for security. (red.anthropic.com) Anthropic also says it is withholding specifics because more than 99% of the vulnerabilities it found have not been patched yet. That means the company is treating the model less like a chatbot launch and more like a quiet product recall in reverse: fix first, publish later. (red.anthropic.com) This is not just about one model being good at code. Anthropic’s claim is that frontier artificial intelligence has crossed into a range where it can outperform almost all human researchers at finding and exploiting software flaws, which would change the balance between defenders and attackers if the same capability spreads fast. (anthropic.com) Anthropic’s own executives are describing the rollout as a head start for defenders, not a broad release for customers. Dianne Penn, Anthropic’s head of research product management, told CNBC the company saw it as “a first step” in giving cyber defenders time to prepare for stronger artificial intelligence systems. (cnbc.com) So the immediate story is not that Anthropic built a stronger model. It is that a major artificial intelligence company is publicly saying one of its systems is good enough at breaking software that the safer move, for now, is to keep it mostly behind closed doors while the industry races to patch what it already found. (anthropic.com) (axios.com)
