claudio and its numerous models have been popular among experienced developers, vibration encodersand everyone else in between, but Anthropic’s latest announcement is a departure from anything it’s released before. The model, called the “Claude Mythos Preview,” is touted as the most capable model the company has ever developed, and it will also not be available to the public.
Anthropic has decided to restrict access entirely, making the advanced model only for use by its selected list of partners via Glass Wing Projectwhich is an initiative aimed at deploying Mythos defensively to power and protect the world’s most critical software, perhaps for good reason.
What do we know about Claude Mythos?
Everything Anthropic has said, so far
Claude Mythos Preview is a substantial leap from its previous models, and the benchmarks attest to that. Myths noted 93.9% on SWE-bench Verified (which is the industry standard benchmark for standalone software) compared to Claude Opus 4.6 80.8%. To put it in context, Google’s flagship Gemini 3.1 Pro is currently in 80.6% at the same reference point.
However, it is the model’s capabilities in cybersecurity applications that have made headlines. According to the System card published by AnthropicFrontier Red Team results noted that Mythos solved every single challenge in its proprietary Cybench evaluation with a 100% success rate across all challenges tested, which is so definitive that the company was forced to acknowledge that the benchmark is no longer a useful measure of the model’s capabilities, as Mythos passed the tests designed to evaluate it every time.
Claude is no longer “just squishing bugs”
Mythos can find zero-day vulnerabilities and autonomous exploits
Anthropic’s claims about Mythos are not unfounded. During the internal testing phase, the model was able to discover and exploit several “zero-day” vulnerabilities, some of which were several decades old.
The most notable discovery, according to Anthropic, was a 27-year-old critical defect in OpenBSD. Mythos was able to find a very subtle signed integer overflow in the way the operating system handles TCP connections, which could allow cyber threat actors to potentially crash any OpenBSD servers. This specific vulnerability was discovered after a thousand runs and the company managed to keep the total compute cost below $20,000.
The practice may seem expensive, but the computing budget produced more than simply discovering this vulnerability. Anthropic has noted that they have identified “thousands of additional high severity and critical vulnerabilities” that they seek to responsibly disclose to a myriad of open and closed source vendors. Since several of these vulnerabilities have not yet been fixed and could be exploited, the company stated that they could not delve into further details for security reasons. Interestingly, this also means that the full extent of the model’s autonomous exploitation capabilities have yet to be highlighted.
Interestingly, this also means that the full extent of the model’s autonomous exploitation capabilities have yet to be highlighted.
Why is Anthropic keeping Mythos a secret?
For your own safety, says Anthropic
There are two notable reasons behind Anthropic’s decision to block Mythos, the first of which is a simple concern surrounding the use of this technology. Since security research is inherently dual-use, a model that is as proficient as Mythos at identifying subtle logical errors also has the potential to autonomously weaponize them into functional exploits. If made public, cyber threat actors could leverage Mythos and its capabilities to discover flaws in modern operating systems and browsers, inadvertently escalating cyberattacks at a pace that cybersecurity infrastructure cannot reasonably match.
Mythos is being treated as a strictly defensive asset. Through Project Glasswing, access to the model is limited to a consortium of technology and infrastructure giants, also including some financial and security organizations.
The other, more interesting reason is that during testing, the Frontier Red Team found cases where the model “misbehaved” in ways that demonstrated alarming levels of autonomy, recklessness, and deception. The team noted that early iterations managed to escape secure environments, collect restricted credentials, and even initiated spontaneous actions. Perhaps most troubling of all was the model’s acknowledgment of his own rule violations and subsequent attempts to conceal them. The model would manipulate git histories and actively obfuscate permissions to hide its deceptive actions from human testers.
A revolutionary confluence between AI and cybersecurity?
Although benchmarks and tests clearly reveal the impressive capabilities of Anthropic’s new model, it is still relatively early to give a verdict on whether or not it will revolutionize cybersecurity. On various tech forums, a vocal contingent of developers and enthusiasts have dismissed Project Glasswing’s exclusivity as a calculated marketing trickalthough if it happens, it wouldn’t be the first time.
Whether this restricted version is holding back genuine threats or generating manufactured hype, there is no denying that frontier models are evolving at a dizzying pace, and it doesn’t seem too far-fetched to believe that they will soon be able to move from identifying vulnerabilities to safeguarding critical cybersecurity infrastructure.
