Anthropic has officially unveiled its next-generation frontier model, Claude Mythos Preview, marking a generational leap in artificial intelligence capabilities—particularly in the realm of cybersecurity. However, in a move that underscores the dual-edged nature of such powerful technology, the company has chosen not to release Mythos to the general public. Instead, Anthropic is channeling its unprecedented vulnerability discovery capabilities through Project Glasswing, a collaborative initiative partnering with over 40 leading institutions to prioritize defensive applications before any broader deployment.

The Genesis of Mythos: From Leaked Draft to Official Preview

On April 7, 2026 (US time), Anthropic formally announced Claude Mythos Preview alongside the launch of Project Glasswing, a comprehensive cybersecurity cooperation program. The announcement came after an internal blog draft—detailing the new model codenamed "Capybara/Mythos"—was accidentally published due to a content management system configuration error. This premature exposure revealed what Anthropic describes as "one of the most powerful models to date," demonstrating capabilities far exceeding previous flagship Claude Opus series in reasoning, coding, and cybersecurity tasks.

It's crucial to understand that Mythos is not a specialized "security model." Rather, it represents a general-purpose large language model whose exceptional security capabilities emerge naturally from comprehensive improvements in code understanding, logical reasoning, and autonomous agent decision-making. This distinction is fundamental: Mythos's prowess in cybersecurity is not the result of targeted security training but rather a byproduct of its elevated general intelligence.

Unprecedented Capabilities: Benchmarks and Engineering Tasks

Anthropic's official disclosures reveal that Mythos significantly outperforms both Claude Opus 4.6 and Claude Sonnet 4.6 across multiple public benchmarks and engineering tasks. On the SWE-bench Verified software engineering benchmark, Mythos achieved a pass rate of approximately 93.9%, compared to Opus 4.6's 80.8%—a remarkable improvement of nearly 13 percentage points. Third-party testing further confirms Mythos's leadership across code generation, reasoning, and knowledge work dimensions relative to contemporary mainstream models.

Perhaps more importantly, Anthropic conducted rigorous "memory/contamination" filtering analysis in their system card. Even after excluding subsets of problems that might have been memorized during training, Mythos maintained substantial performance advantages. This demonstrates that the model's improvements stem from genuine capability enhancements rather than mere "question memorization."

Anthropic's internal red team and engineering testing yielded particularly striking results. In scans covering approximately 7,000 OSS-Fuzz entry points, Mythos achieved complete control-flow hijacking (tier-5 severity) on 10 fully patched targets. By contrast, Opus and Sonnet models typically reached only tier-1/2 levels. These findings indicate that Mythos has transitioned from merely "usable" to "significantly superior to previous generations in adversarial scenarios"—a new paradigm in complex engineering and security tasks.

Security Capabilities: From Vulnerability Discovery to Automated Exploit Generation

Anthropic's official blog dedicates substantial attention to emphasizing that Mythos's security capabilities are not acquired through specialized security training but emerge naturally from enhanced general intelligence. The key facts are both impressive and sobering:

Under human instruction, Mythos can autonomously discover and exploit previously unknown zero-day vulnerabilities targeting major operating systems and mainstream browsers. Anthropic reports that over the past few weeks, Mythos has identified "thousands of high/critical severity vulnerabilities," many of which had existed in codebases for 10 to 20 years. The oldest discovered vulnerability resided in OpenBSD for 27 years before being identified and patched.

In Anthropic's internal testing, Mythos demonstrated capabilities that read like science fiction:

  • Autonomous browser exploit development: The model successfully wrote chain exploits leveraging four vulnerabilities, employing JIT heap spray techniques to escape both renderer and operating system sandboxes.
  • Linux privilege escalation: Through race condition exploitation and KASLR bypass techniques, Mythos completed local privilege escalation attacks.
  • FreeBSD NFS remote code execution: By constructing a 20-gadget ROP (Return-Oriented Programming) chain, Mythos achieved unauthenticated root access on FreeBSD NFS services.
  • Mozilla Firefox exploitation: In vulnerability exploitation tests against Firefox's engine, Opus 4.6 succeeded only twice in hundreds of attempts, while Mythos achieved 181 successful exploits, with an additional 29 attempts resulting in register control.

Anthropic further emphasized that professional security contractors manually verified the model's vulnerability reports. Among 198 sampled reports, approximately 89% of human ratings aligned perfectly with the model's severity assessments, and 98% of evaluation deviations did not exceed one severity level. This validation underscores the reliability and accuracy of Mythos's automated security analysis.

Why Anthropic Hesitates to Release Mythos Publicly

Anthropic has explicitly stated that Mythos will not be fully available to the public at this time, instead restricting access through Project Glasswing to a select group of partner institutions. The rationale behind this cautious approach encompasses multiple critical considerations:

Significantly Amplified Risk Profile

Even in the leaked blog draft, Anthropic warned that Mythos heralds an approaching "model wave" capable of exploiting vulnerabilities at speeds far exceeding defenders' patching capabilities—potentially altering the attack-defense time window fundamentally. Logan Graham, Anthropic's frontier red team lead, noted that Mythos's efficiency in "discovering and exploiting vulnerabilities" is approximately 10 times greater than previous models.

Short-Term Advantage for Attackers, Long-Term Benefit for Defenders

Anthropic's assessment presents a nuanced perspective:

In the short term, unrestricted proliferation of models with such capabilities could enable attackers to discover and exploit vulnerabilities at scale with minimal cost. The asymmetry favors offense initially.

However, in the long term, powerful models equipped with automated remediation capabilities are more likely to become "defender tools," helping elevate the overall security posture of the ecosystem. The same technology that enables rapid vulnerability discovery can accelerate patch development and deployment.

Responsible Disclosure and Practical Constraints

Anthropic emphasized that 99% of discovered vulnerabilities remain unpatched at the time of writing. Out of adherence to responsible disclosure principles, the company cannot publicly release detailed vulnerability information. This constraint directly limits the scope of public model availability, as widespread access without corresponding patch availability would create unacceptable risk.

Project Glasswing: A "Defense First, Then Diffusion" Experiment

To balance "technological leadership" with "security risk," Anthropic launched Project Glasswing with the following framework:

  • Initial deployment to critical partners: Mythos will first be provided to over 40 critical infrastructure operators and leading technology companies for scanning and remediating vulnerabilities in their own systems and important open-source projects.
  • Substantial resource commitment: Anthropic is providing participants with up to approximately $100 million in API usage credits and donating roughly $4 million to open-source security organizations.
  • Prestigious partnership roster: Partners include Amazon AWS, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and other industry leaders.

Anthropic also disclosed that prior to release, the company briefed senior US government officials—including representatives from the Cybersecurity and Infrastructure Security Agency (CISA)—on Mythos's capabilities and associated risks. Anthropic indicated ongoing consultations with federal officials regarding Mythos's usage will continue.

Industry Implications: AI Security Enters the "Automated Offense-Defense" Era

Mythos's emergence signals at least three significant developments for the technology industry:

General Large Models' "Security Capabilities" Are No Longer Ancillary Features

Anthropic explicitly states that Mythos's powerful security capabilities do not derive from specialized security training but from overall advancement in code and reasoning abilities. This implies that next-generation models from other vendors will likely "incidentally" possess similar capabilities. Security is no longer a bolt-on feature—it's an emergent property of advanced general intelligence.

From "Humans Finding Vulnerabilities" to "Models Autonomously Discovering Vulnerabilities + Writing Exploits"

Anthropic internal engineers, even without formal security training, can use Mythos to "run overnight tasks" and receive complete, functional exploit code the next morning. This represents a fundamental shift in the vulnerability discovery paradigm, democratizing capabilities previously reserved for elite security researchers.

Defense Must "Match Speed with Speed" and Establish Institutionalized Collaboration

Security expert Alex Stamos estimates that open-source models may catch up to frontier closed-source models in vulnerability discovery capabilities within approximately six months. This compressed timeline necessitates rapid response and systematic cooperation.

Through Project Glasswing, Anthropic attempts to place "the most dangerous zero-day weapons" in the hands of trusted defenders before model capabilities diffuse widely, patching the most critical systems first. Multiple Glasswing participants emphasize that AI capabilities have crossed a threshold—critical infrastructure protection requires more urgent and systematic approaches.

Guidance for Ordinary Developers and Users

While Mythos remains unavailable to the general public, Anthropic has provided recommendations applicable to the industry at large:

  • Adopt "shift-left security" as the default strategy: Integrate static analysis, fuzz testing, and secure coding practices during the development phase rather than treating security as an afterthought.
  • Prioritize patching critical open-source components: Focus especially on long-unupdated infrastructure-level projects that form the foundation of modern software ecosystems.
  • Establish or enhance automated vulnerability response processes: Prepare for the significant compression of the "vulnerability discovery-to-exploitation time window" anticipated over the coming years.

Conclusion: Greater Capability Demands Greater Responsibility

Anthropic's decision to publicly disclose Mythos's risks and defense plans before the model is available to the public represents a meaningful stance:

  • It reinforces Anthropic's positioning as a "safety-first" laboratory.
  • It acknowledges that models with similar capabilities will inevitably be mastered by more parties over time.

For the entire industry, Mythos serves both as a demonstration of technical capability and as a public lesson on "how to responsibly use powerful AI." It reminds us that technology itself has no inherent立场 (stance), but regulation, disclosure strategies, and collaboration mechanisms will determine whether these capabilities ultimately serve "defense" or "destruction."

Epilogue: When "Myth" Meets Reality, How Do We Guard Civilization's Bottom Line?

"Mythos" means "myth" in Greek. Anthropic's choice of this name for the model may not be coincidental.

When we marvel at Mythos's ability to effortlessly tear through底层 (foundational) code defenses that have existed for 10, 20, or even 27 years, what truly sends chills down our spines may not be AI's invincibility. Rather, it serves as an extreme mirror, reflecting the long-ignored cracks in the foundation of human digital civilization. Through extraordinarily efficient "destruction," it forces us to confront the complacency that has long characterized security investment decisions.

In an era where computational power equals power itself, AI's security capabilities are no longer merely a screwdriver in the toolbox—they represent Prometheus's stolen fire. Anthropic's choice to承接 (承接 means "undertake" or "bear") this flame through the "Glasswing" project carries a metaphor of fragility and transparency in its very name—lightweight yet powerful, requiring extremely careful stewardship.

Once the technological train accelerates, it will never reverse course due to fear. Mythos's emergence is a resounding alarm bell, telling everyone: from today forward, the definition of "AI security" has been completely rewritten. It no longer merely means "preventing models from producing bias or saying the wrong thing"—it now encompasses "preventing models from easily destroying the digital infrastructure upon which we depend for survival."

At the dawn of artificial general intelligence, we must not only gaze at the stars but also bow our heads to repair the path beneath our feet. Because true mythology has never resided in how much power machines can possess, but in humanity's choice to bear mortal responsibility even after acquiring godlike technology.