On February 24, 2026, Anthropic engineers turned on their new artificial intelligence model for the first time. They had given him a mythological name: Claude Mythos Preview. What happened next was disruptive enough that the company made a decision that no technology company had made before in the consumer AI sector: introduce the model to the world while announcing that it would not release it publicly. That existed. Which worked. Which was extraordinarily powerful. And that is precisely why it couldn't be in the hands of just anyone.
The reason, laid out with unusual transparency on Anthropic's official blog, was this: Mythos had demonstrated a spectacular leap in its cybersecurity capabilities with respect to all previous models, including an ability that until then was considered exclusive to the most specialized hackers on the planet: the ability to autonomously discover and exploit zero-day vulnerabilities in the main operating systems and web browsers on the market.
Zero-day is the technical term for a security vulnerability that has not been discovered or patched. It is called that because when it is discovered, the developers have been working on a solution for "zero days." They are the most valuable weapon on the cybercrime black market: a zero-day in Windows, Chrome or iOS can be worth millions of dollars because it allows an attacker to enter systems without anyone knowing or being able to defend themselves.
The numbers that change everything
In a matter of weeks, Mythos identified thousands of high-severity zero-day vulnerabilities across all major operating systems and all widely used web browsers. Not dozens. Not hundreds. Thousands. The number itself is disturbing, but the concrete examples Anthropic chose to share are what make the magnitude of the matter completely real.
The most striking case was a failure in the TCP protocol of the OpenBSD operating system. OpenBSD is precisely the operating system best known for its extreme security: it was designed from the ground up prioritizing security above everything else, and is used by organizations that need the maximum possible robustness, from government agencies to critical infrastructures. And that ruling had been there for 27 years. More than a quarter of a century of engineers, security auditors, academic researchers and hackers around the world passing over it without seeing it. Mythos found him.
Vulnerabilities identified by Mythos Preview (April 2026)
- Thousands of zero-days on all major operating systems (Windows, Linux, macOS, OpenBSD)
- Vulnerabilities in all major web browsers (Chrome, Firefox, Safari, Edge)
- 27-year-old bug in OpenBSD TCP protocol — now patched
- 16-year-old FFmpeg bug found after 5 million previous failed human analysis tests
- Memory corruption vulnerability in a memory safety virtual machine monitor
- Limited access: only 12 founding partners + 40 critical infrastructure organizations
But if the case of OpenBSD is shocking because of its history, that of FFmpeg is shocking because of its process. FFmpeg is the most used audio and video processing library in the world; It is present on literally billions of devices, from cell phones to security cameras. The flaw that Mythos detected had survived more than five million automated security tests over sixteen years. It's not that no one had looked for it: it's that no existing tool had been able to find it. Mythos found him.
Project Glasswing: the institutional response
Given this, Anthropic designed a controlled access system which it called Project Glasswing. Instead of publishing the model as it normally would, the company distributed it only to twelve partner organizations, all of them technology giants or top-tier cybersecurity companies: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks and Anthropic itself.
The mandate for all of them was purely defensive: use Mythos to scan their own code and open source software for vulnerabilities, patch them before someone exploited them, and share the findings with the rest of the industry. Anthropic also committed $100 million in API usage credits and $4 million in donations to open source security projects.
"The level of coding capability is such that the model can outperform all but the most skilled humans in finding and exploiting software vulnerabilities." — Anthropic, official blog, April 2026
Logan Graham, head of the Anthropic team that evaluates dangerous capabilities in new models, described Mythos as the "starting point for what we believe will be a turning point, or reckoning, for the industry." It is not the usual prose of a public relations statement. It is the description of someone who has seen something they did not expect to see and who does not quite know how to handle it.
The problem that no one wants to name directly
Anthropic's decision not to publish Mythos is understandable. But it carries with it a consequence that the company implicitly recognizes without fully developing it: a model trained to program well is, by definition, a model trained to find bugs in code. They are not two different capacities; They are the same view from two different perspectives.
If Anthropic can create Mythos, so can Google DeepMind, OpenAI, Meta AI, xAI and the Chinese, Russian and other government laboratories that have been investing massively in artificial intelligence for years. The real question is not whether Mythos exists. The real question is how many Mythos already exist, in the hands of actors who have no incentive to issue a press release or create a responsible security initiative.
French cybersecurity researcher Jacques Dupont, in an analysis published in The Conversation, noted that Mythos reveals a structural problem that goes beyond conventional cybersecurity: the asymmetry between offensive and defensive capabilities is widening at a speed that existing response mechanisms cannot keep up. When an AI can discover in weeks what human teams have not found in decades, the window between the discovery of a vulnerability and its exploitation by malicious actors is reduced from months to hours.
Is this sophisticated advertising or a genuine alarm?
Analysts have pointed out that the way Anthropic presented Mythos—with an emphasis on how dangerous it is and why it can't be in the public's hands—also serves perfectly as a marketing campaign. A company that can say "our model is so powerful that we decided not to publish it" is communicating something very concrete about its position in the AI race.
The criticism is legitimate. But it does not invalidate the substance of the problem. The vulnerabilities Mythos found are real, they have been patched, and the discovery process was genuinely new. What is up for debate is whether Anthropic's communication optimized the alarm more than was necessary for its own commercial interests. The honest answer is probably: yes, in part. But the fact that there is a marketing component in the presentation does not make the phenomenon false.
Direct implication for companies and users: If an AI can find zero-days in weeks that have gone undetected for decades, the pace at which companies patch their software has to change radically. Annual or quarterly security audits are no longer sufficient. The reactive cybersecurity model—we patch when someone finds the bug—has reached its limit.
What's next
Anthropic has announced that it will continue to progressively expand access to Mythos as it develops better tools to ensure the model is only used defensively. The company is also working with US government officials to discuss the national security implications of the model. OpenAI launched its own limited-access cyber defense program a week after Mythos' announcement, suggesting the race to be first in this space is already on.
The question that everyone in the industry avoids answering directly is this: How long can the controlled-access model be maintained before a Mythos-equivalent model is available to anyone, either because someone leaks it, because a state actor develops it independently, or because the speed of improvement of smaller models brings them to that level of capability? The answer from most experts is: not much.
Share this article



