Anshuman Biswas
Anthropic just did something nobody expected. They built a model so good at finding security vulnerabilities that they're scared to release it publicly.
Claude Mythos Preview shipped to a handful of companies today — not as a product launch or a press event, but as a coordinated defensive operation. Anthropic gave early access to Amazon, Apple, Google, Microsoft, CrowdStrike, Nvidia, Cisco, JPMorgan Chase, and about 40 other organizations through something called Project Glasswing.
Their idea seems simple: let defenders secure the most important systems before models with similar capabilities become broadly available. Because they will. And probably sooner than anyone's comfortable with.
I've spent the last few hours reading through the technical report and the CrowdStrike partnership announcement. What follows is my take on what this means — not just for AI, but for the entire cybersecurity industry.
What Mythos Actually Is
Let me start with what it's not. Mythos is not a cybersecurity-specific model. It wasn't trained on exploit databases or vulnerability datasets. It's a general-purpose language model — the next step beyond Opus 4.6 — that happens to be strikingly capable at security tasks.
That distinction is important. These capabilities emerged from improvements in code understanding, reasoning, and autonomy. They weren't engineered. They fell out of making the model smarter.
This has major implications for the next generation of models from every major lab.
The Numbers Are Hard to Ignore
Anthropic tested Mythos against roughly 7,000 open-source repositories. The results compared to their current best models:
The jump from Opus 4.6 to Mythos isn't incremental. It's categorical. At Tier 1-2 (crashes and denial-of-service), the model more than doubled its predecessor. At Tier 5 — full remote code execution, the kind of bug that keeps CISOs up at night — Opus 4.6 scored zero. Mythos scored ten.[1]
But the individual vulnerability finds are what made me stop scrolling.
The Bugs Nobody Found
A 27-year-old vulnerability in OpenBSD's SACK handling. A 16-year-old bug in FFmpeg's H.264 codec that survived decades of fuzzing. A 17-year-old FreeBSD NFS vulnerability that grants unauthenticated root access.[2]
These aren't toy bugs in student projects. OpenBSD is one of the most security-audited codebases on the planet. FFmpeg runs on billions of devices. That an AI model found bugs that two decades of human auditors and automated fuzzers missed — in these specific codebases — should make every security engineer reconsider their assumptions about what's been lurking in their infrastructure.
How It Actually Works
The research team uses an agentic scaffold — essentially Claude Code running Mythos Preview inside isolated containers:
The model autonomously reads code, forms hypotheses about where bugs might live, writes test cases, validates its findings, and — here's the part that changes the game — develops working exploits.
Opus 4.6 had a near-0% success rate at autonomous exploit development. Against Firefox vulnerabilities, it succeeded twice. Mythos? 181 times.[3]
That's not a model that finds bugs. That's a model that weaponizes them.
And the cost? Under $50 to $2,000 per critical vulnerability. A typical campaign against a major codebase runs around $10,000-$20,000 in API costs. For context, a single zero-day broker pays $500,000 to $2.5 million per exploit.
Tier 1 Without Tier 2: What Does This Means
Here's the nuance. Anthropic is clear about where Mythos sits in its own tier system:
Tier 1 capabilities are operational. The model finds real vulnerabilities, develops real exploits, and does it faster and cheaper than human teams. For defensive work — the kind being done through Project Glasswing — this is transformational.
Tier 2 is what Anthropic is afraid of. Tier 2 means the model can "significantly uplift" a sophisticated attacker to the level of a nation-state operation. Anthropic says Mythos is not there yet. They're being careful about that distinction, and I believe them — but the gap is narrowing fast.
The critical question isn't whether Mythos reaches Tier 2. It's what happens when the next model does, and it's built by a lab without Anthropic's disclosure culture.
The Cybersecurity Industry Has a Problem
What does this means for incumbent cybersecurity vendors?
The day Mythos was publicly disclosed, cybersecurity stocks dropped 5-11%.[4]. That's the market processing a specific realization: if a frontier model can find thousands of zero-days in weeks, what is a legacy vulnerability scanner actually worth?
Here's what's changing:
1. Attack surfaces are exploding. Every organization is deploying AI agents — in code editors, in production orchestration, in customer-facing systems. Each agent is a new attack surface. MCP servers, tool-use chains, prompt injection vectors — the surface area that needs defending just tripled in the last year alone.
2. Speed matters more than coverage. Traditional security operates on a scan-patch-verify cycle measured in days or weeks. Mythos finds and validates a vulnerability in minutes. When your attacker has access to a model with similar capabilities, your mean time to detect needs to be measured in seconds.
3. The moat is evaporating. Crowdstrike has 280+ tracked adversary groups and a trillion events per day of telemetry.[5] That was an unassailable moat — until a model that costs pennies per query can match (and exceed) the vulnerability discovery capability of entire teams. The moat shifts from data accumulation to response speed and AI integration.
Project Glasswing: The New Defense Model
The smart cybersecurity companies are already adapting. CrowdStrike's positioning is instructive: "Model safety is the builder's responsibility. Deployment governance is ours."[5]
They're not trying to build their own Mythos. They're providing the deployment layer — the runtime security, the governance, the audit trails — that enterprises need to safely deploy frontier AI. CrowdStrike's Falcon platform already has sensor-level visibility across every endpoint in their customer base. Their bet is that this infrastructure becomes more valuable in an AI-first world, not less.
Here's what the Project Glasswing coalition looks like:
Model builders: Anthropic (builds the frontier model with safeguards)
Cloud providers: AWS, Google Cloud, Azure (deployment infrastructure)
Security vendors: CrowdStrike, Cisco, Broadcom (runtime governance + enforcement)
Hardware: Nvidia (supply chain security)
Critical targets: Apple, JPMorgan Chase (defending high-value systems)
Open source: ~40 organizations maintaining critical infrastructure
The EU AI Act's August 2, 2026 deadline adds regulatory urgency. Automated audit trails and cybersecurity measures for high-risk AI systems aren't optional anymore — they're law.[6]
Where This Goes
I keep coming back to one line from Anthropic's report: "The transitional period may be tumultuous regardless."
They're right. Here's what I think happens over the next 12-18 months:
Near-term (2026): Defenders get a head start through initiatives like Glasswing. Patching velocity increases dramatically. But commodity attackers also gain access to models with similar capabilities as frontier labs iterate and older models proliferate.
Medium-term (2027): We see the first confirmed AI-discovered zero-day used in a real-world attack. Not by a nation-state — by a mid-tier criminal group using a fine-tuned open-source model. The cybersecurity industry consolidates around AI-native platforms. Legacy SIEMs and vulnerability scanners get acquired or displaced.
Long-term: Anthropic's bet is that defense ultimately wins. "We believe that the equilibrium state strongly favors defense," they write. If models can find every bug in a codebase in hours, you don't need to detect attacks — you've already patched all the vulnerabilities. The security industry transforms from reactive monitoring to proactive elimination.
My Take
What Anthropic did today is genuinely unprecedented. They built a weapon, perhaps unknowingly, then told everyone it was a weapon, and then gave it to the people most likely to need defenses against it — before making it publicly available.
That's not how this industry usually works. The normal playbook is: build it, ship it, deal with the consequences. Anthropic is trying to front-run the consequences. And I believe this is the right approach (although I would love to start tinkering with the model myself).
Will it work? I don't know. Mythos isn't the only frontier model pipeline, and not every lab shares Anthropic's disclosure culture. The capabilities Mythos demonstrates will appear in other models — OpenAI, DeepSeek, Google — on their own timelines, with their own safety decisions.
What I am sure about is that if you're running a security team, you need to start thinking about this now. Not because Mythos is coming for your job — but because someone else's model might, and the organizations that integrated AI-native security earliest will be the ones still standing when the dust settles.
The 27-year-old bug in OpenBSD isn't the story (although it's impressive a bug was able to hide for so long). The story is that it took a model to find it. And that model is just the preview.
This article is tagged for syndication to AI Agent Lens. If you're building or deploying AI agents and care about runtime security, take a look at AgentShield — open-source MCP security for the agent era.
References
- ↩Anthropic — Claude Mythos Preview: Technical Report (April 2026)
- ↩Anthropic Red Team — Zero-day vulnerability disclosures documented in the Mythos Preview technical report, including OpenBSD SACK (27 years), FFmpeg H.264 (16 years), FreeBSD NFS (17 years)
- ↩Mythos Preview vs Opus 4.6 exploit development comparison — Firefox vulnerability testing: 181 vs 2 successful autonomous exploits
- ↩Fortune — Anthropic is giving some firms early access to Claude Mythos to bolster cybersecurity defenses (April 2026)
- ↩CrowdStrike — CrowdStrike: Founding Member of Anthropic's Mythos Frontier Model Initiative (April 2026)
- ↩EU AI Act — Article 15: Cybersecurity requirements for high-risk AI systems, enforcement deadline August 2, 2026
Loading comments...