Anthropic limits Mythos preview

Cybersecurity is the part of AI that suddenly stopped feeling theoretical. Anthropic’s Mythos Preview is not just a better chatbot or coding assistant — it’s a model the company says can find and exploit serious software bugs across major systems. That is why Anthropic did not ship it like a normal product. It limited access, wrapped the rollout in a defensive program called Project Glasswing, and treated the model less like a consumer launch than a controlled security event. ### What is Mythos, exactly? Mythos Preview is Anthropic’s new general-purpose model, but the important part is its cybersecurity performance. Anthropic says the model is unusually strong at identifying zero-day vulnerabilities — bugs nobody has publicly found yet — and at turning known but unpatched flaws into workable exploits. That moves it out of the “helpful coding tool” bucket and into something closer to an automated vulnerability researcher. (red.anthropic.com) ### Why did Anthropic limit the release? Because the company seems to believe the capability crossed a threshold. Anthropic said Mythos could identify and exploit zero-days in every major operating system and every major web browser during testing. It also said more than 99% of the vulnerabilities it found were still unpatched, which is why the company withheld most technical detail and restricted access to a small set of U.S. companies including Apple, Amazon, JPMorgan Chase, and Palo Alto Networks. (red.anthropic.com) ### What made people pay attention? The age and breadth of the bugs. Anthropic said many of the flaws Mythos found were 10 or 20 years old, and the oldest disclosed example was a now-patched 27-year-old bug in OpenBSD — an operating system with a reputation for being unusually secure. That matters because it suggests the model is not just speeding up ordinary bug hunting. It may be surfacing classes of weakness that sat in plain sight for decades. (red.anthropic.com) ### Is this only about Mythos? Not really — and that’s the unnerving part. Security researchers told CNBC that the kinds of vulnerabilities Mythos exposed can already be reproduced with older public models from Anthropic and OpenAI if you orchestrate them cleverly enough. So the panic is not just “this one dangerous unreleased model exists.” The deeper problem is that offense is getting automated faster than defense is getting patched. (red.anthropic.com) ### Where does the water utility story fit? It is the real-world proof that AI is already showing up inside intrusion workflows. Dragos described a campaign tied to compromises of Mexican government organizations between December 2025 and February 2026, where attackers used Anthropic’s Claude and OpenAI’s GPT tools during core intrusion activity. In one municipal water and drainage utility case, Claude helped identify the operational technology environment as a valuable target and explored paths across the IT-OT boundary. (cnbc.com) ### Does that mean AI can now autonomously hack infrastructure? Not quite. Dragos was careful here. The firm said current models are not showing novel OT-specific attack powers in the wild, and it warned against hype about fully autonomous infrastructure compromise. But it also said AI makes critical systems more visible to intruders already inside enterprise networks, which is bad enough. Think of it less as a robot hacker and more as a fast, tireless junior operator that shortens the path from foothold to target. (dragos.com) ### Why are banks and governments reacting so hard? Because patching is slow and exposure is huge. CNBC described banks, software companies, and governments scrambling after Mythos appeared, and Anthropic’s own framing was basically that defenders need a head start before these capabilities spread. If AI can find bugs in hours while organizations still take days or weeks to patch, the gap compounds fast. (dragos.com) ### So what’s the real story? The real story is not that Anthropic built one scary model and hit pause. It’s that Mythos made visible a shift that was already underway — AI is compressing the time between “bug exists” and “attacker knows how to use it.” Anthropic’s limited rollout buys some time. But the catch is that time may be the only thing it buys. (red.anthropic.com) (cnbc.com)