Claude Mythos & Project Glasswing: What You Need to Know
The AI Model Too Dangerous to Release
On March 26, 2026, a routine configuration error inside Anthropic's content management system accidentally exposed nearly 3,000 unpublished internal assets to the public internet — no authentication required, fully searchable. Among those files was a draft blog post announcing what Anthropic described as "by far the most powerful AI model we've ever developed." The model's name: Claude Mythos.
Security researchers Roy Paz of LayerX Security and Alexandre Pauwels of the University of Cambridge were the first to spot the exposed data store. Fortune magazine reviewed the documents and contacted Anthropic, which promptly locked down public access and attributed the incident to "human error" in the CMS configuration. But by then, the details were already spreading across forums, social media, and newsrooms worldwide.
Anthropic's response was unusually candid. Rather than deny or deflect, a company spokesperson confirmed the leak: "We're developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. Given the strength of its capabilities, we're being deliberate about how we release it. We consider this model a step change and the most capable we've built to date."
What makes Claude Mythos unlike any previous Anthropic release is not just its performance — it is Anthropic's own fear of what the model could do in the wrong hands. Eleven days after the leak became public news, on April 7, 2026, Anthropic officially announced the limited deployment of Claude Mythos Preview through a new initiative called Project Glasswing, making it available exclusively to 12 major technology and finance companies for defensive cybersecurity work. The general public will not get access — and Anthropic has made clear it does not plan to change that anytime soon.
This is the complete story of Claude Mythos, how it was discovered, what it can do, why it remains restricted, and what Project Glasswing means for the future of AI-augmented cybersecurity.
Understanding Claude Mythos: What It Is and Where It Came From
The Accidental Leak That Changed Everything
Anthropic's CMS misconfiguration on March 26, 2026 exposed a trove of internal development material that was never intended for public view. The exposed cache included draft blog posts, model specifications, internal development files, and product planning documents. In total, close to 3,000 unpublished assets linked to Anthropic's blog were publicly searchable in the unsecured data store — assets that were set to public by default unless a user explicitly changed that setting.
The draft blog post that triggered the most attention described a model it called "Capybara" and "Claude Mythos" — both names appearing to refer to the same underlying model. The document made no attempt to hide the magnitude of what Anthropic had built. It called Mythos "by far the most powerful AI model we've ever developed" and described it as "currently far ahead of any other AI model in cyber capabilities," warning that it "presages an upcoming wave of models that can exploit vulnerabilities" in ways that defenders are not yet prepared to handle.
Anthropic called the exposed material "early drafts of content considered for publication" and chalked the incident up to human error rather than any external breach. That context mattered little to the security research community and AI observers, who found themselves reading what amounted to an unvarnished internal assessment of a frontier model's capabilities — the kind of document companies rarely publish even after a controlled release.
The timing carried a particular irony that several reporters noted: Anthropic had just disclosed that a Chinese state-sponsored hacking group had used an earlier Claude model to carry out 80–90% of a coordinated attack campaign entirely autonomously, working through roughly 30 organizations — including technology companies, financial institutions, and government agencies — before Anthropic detected and shut it down. Anthropic was already navigating the dual-use problem at the frontier of AI. Mythos brought that problem into sharp relief.
Capybara: A New Tier Above Opus
To understand what makes Mythos significant, you need to understand how Anthropic structures its model family. The company's public lineup runs three tiers, introduced with the Claude 3 series:
Haiku — Optimized for speed and cost efficiency. Best for high-volume tasks that do not require deep reasoning. Lowest latency, lowest price.
Sonnet — The balanced middle tier. Strong performance across most tasks while remaining fast enough for real-time applications. Claude 3.7 Sonnet introduced extended thinking capabilities that began blurring the line between Sonnet and Opus performance.
Opus — Anthropic's most capable publicly available model. Designed for complex reasoning, nuanced instruction-following, and advanced agentic tasks. Claude Opus 4.6, released in early 2026, topped Terminal-Bench 2.0 at 65.4%, surpassing GPT-5.2-Codex, and became the highest-performing model on SWE-bench Verified at 76.8%.
Mythos does not fit into this taxonomy. The leaked draft was explicit: "Capybara is a new name for a new tier of model: larger and more intelligent than our Opus models — which were, until now, our most powerful." Capybara — the internal codename — and Mythos are two names for the same model. Anthropic chose the name "Mythos" deliberately, drawing from the Greek μῦθος to evoke "the deep connective tissue that links together knowledge and ideas," suggesting the model represents a fundamental reconceptualization of what AI systems can do, not just an incremental improvement.
The leaked documents described Mythos achieving "dramatically higher scores" than Claude Opus 4.6 on tests of software coding, academic reasoning, and cybersecurity. On the CyberGym benchmark — which evaluates AI agents on vulnerability analysis tasks — Claude Mythos Preview scores 83.1%, compared to Claude Opus 4.6's 66.6%. That 16.5-point gap represents a substantial jump in a domain where every percentage point corresponds to real-world capability over software systems that protect millions of people.
Architecture and Scale
Anthropic has not officially confirmed the architectural specifics of Mythos, but circulating reports and leaked material point to a parameter count in the range of 10 trillion — which, if accurate, would make it one of the largest models ever trained by any organization. The scale of that claim requires context: training and serving a model of this size at production quality is extraordinarily expensive and computationally intensive.
The same day Project Glasswing launched, Anthropic separately disclosed that Broadcom had signed an expanded infrastructure deal giving the company access to approximately 3.5 gigawatts of computing capacity drawing on Google's AI processors. That level of compute infrastructure helps explain both the scale at which Mythos was trained and why Anthropic has cited efficiency as a prerequisite for any broader public release.
The model most likely employs a Mixture-of-Experts (MoE) architecture — routing queries to specialized subnetworks rather than activating the full parameter count for every inference — which makes serving a 10-trillion-parameter model tractable in practice. Anthropic has explicitly stated they are continuing efficiency work before any general release, echoing the approach other frontier labs have taken with large-scale models.
What distinguishes Mythos architecturally from previous Claude generations is its agentic behavior. Where prior models respond to instructions one step at a time, Mythos plans and executes sequences of actions independently — moving across systems, making decisions, and completing operations without waiting for human input at each stage. This autonomous planning capability is central to both its power and its danger.
Why Anthropic Is Withholding Claude Mythos from the Public
The Dual-Use Problem at Frontier Scale
Every powerful AI model carries inherent dual-use risk: the same capabilities that make it useful for legitimate purposes make it dangerous in adversarial hands. For most models released to date, this tradeoff has been manageable — the model might help someone understand a vulnerability, but translating that understanding into a working exploit still required substantial human expertise.
Claude Mythos changes that calculus fundamentally. According to Newton Cheng, Frontier Red Team Cyber Lead at Anthropic, the model "can surpass all but the most skilled humans at finding and exploiting software vulnerabilities." Unlike past models, Mythos does not just identify vulnerabilities — it can write the working exploits to go with them, entirely autonomously, without human steering. Logan Graham, who leads Anthropic's frontier red team, described Mythos Preview as "extremely autonomous" with reasoning capabilities that give it the skills of an advanced security researcher — able to find "tens of thousands of vulnerabilities" that even the most experienced bug hunter would struggle to identify.
For comparison: Claude Opus 4.6, released publicly in early 2026, found approximately 500 zero-day vulnerabilities in open-source software — a meaningful capability that had already drawn significant attention. Mythos Preview's output is a fraction of that output in volume alone. And where Opus 4.6 found vulnerabilities, Mythos Preview found vulnerabilities and built functional exploits for them.
Anthropic's own internal framing was blunt: the company has been privately briefing senior government officials, warning that Mythos makes large-scale cyberattacks significantly more likely in 2026, and that AI agents running on systems at this capability level can plan and carry out complex operations with minimal human involvement. The company also briefed the Cybersecurity and Infrastructure Security Agency (CISA) and the Commerce Department on Mythos Preview's capabilities.
"We do not plan to make Claude Mythos Preview generally available due to its cybersecurity capabilities," Cheng told VentureBeat. "However, given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout — for economies, public safety, and national security — could be severe."
The Timeline Problem
One of the most sobering aspects of Anthropic's public statements around Mythos is the timeline they attach to the competitive landscape. Logan Graham was direct in an interview with Axios: other AI companies — including OpenAI — are already working on models with capabilities similar to Mythos Preview. The window between Mythos being a uniquely Anthropic capability and being a broadly available frontier capability is "as soon as six months or as far out as 18" months.
"It's very clear to us that we need to talk publicly about this," Graham said. "The security industry needs to understand that these capabilities may come soon."
Dario Amodei reinforced this in a video released alongside the Project Glasswing announcement: "More powerful models are going to come from us and from others, and so we do need a plan to respond to this."
The strategic calculus Anthropic is making is explicit: defenders need a head start. If Mythos-class capabilities are going to be available to everyone — including adversaries — within the next 12 to 18 months, the window to use those capabilities for defensive purposes first is narrow. Project Glasswing is Anthropic's attempt to use that window.
The Cost Problem
Beyond safety concerns, there is a practical barrier to public release: scale economics. The leaked documents and subsequent coverage confirm that Mythos remains expensive to run at scale. Anthropic has explicitly stated that ongoing efficiency work is a prerequisite before any broader release.
The company is developing new safeguards in an upcoming Claude Opus model, which will allow them to "improve and refine them with a model that does not pose the same level of risk as Mythos Preview," according to Cheng. Security professionals whose legitimate work is affected by those safeguards will be able to apply to an upcoming Cyber Verification Program that Anthropic is building specifically to handle the complexity of responsible access at scale.
Project Glasswing: What It Is and How It Works
The Initiative Explained
Project Glasswing is Anthropic's answer to the window problem — a structured, controlled deployment of Claude Mythos Preview exclusively for defensive cybersecurity purposes, shared with a coalition of organizations who collectively maintain some of the world's most critical software infrastructure.
Announced on April 7, 2026, the initiative brings together 12 founding partner organizations: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Beyond the founding partners, Anthropic has extended access to more than 40 additional organizations that build or maintain critical software, giving them the ability to use Mythos Preview to scan and secure both their own first-party software and open-source systems they depend on.
The financial commitment is substantial: Anthropic is providing up to $100 million in usage credits for Mythos Preview across all participating organizations, plus $4 million in direct donations to open-source security organizations — specifically OpenSSF (Open Source Security Foundation), Alpha-Omega, and the Apache Software Foundation.
The name "Glasswing" is a reference to the glasswing butterfly (Greta oto), a species whose wings are almost entirely transparent — a metaphor for the kind of radical visibility into hidden vulnerabilities that the initiative aims to achieve. Software that looks solid from the outside may have weaknesses that only become apparent when examined at a level of sophistication that previously only a handful of elite human researchers could bring to bear.
How Partners Use Mythos Preview
The model is being deployed for a specific and bounded purpose: scanning software systems for code vulnerabilities and developing working exploits to confirm those vulnerabilities are real and actionable — then reporting them to maintainers so they can be patched. This is classic offensive security research, but executed at a scale and speed that no human team could match.
Partners are using Mythos Preview to scan their own first-party codebases — the internal software they build and maintain — as well as the open-source dependencies that underpin those systems. The Linux Foundation's involvement is particularly significant here: open-source software runs much of the world's critical infrastructure, from banking backends to medical record systems, and open-source maintainers have historically had access to far fewer security resources than large enterprise teams.
"Open source maintainers — whose software underpins much of the world's critical infrastructure — have historically been left to figure out security on their own," said one partner representative in statements published by The New Stack. "By giving the maintainers of these critical open source codebases access to a new generation of AI models that can proactively identify and fix vulnerabilities at scale, Project Glasswing offers a credible path to changing that equation."
As part of the initiative, Anthropic will share what participating organizations learn from using the model so the broader tech industry can benefit — a knowledge-sharing component designed to extend the impact of the program beyond the 40+ organizations with direct access.
The Vulnerabilities Already Found
Before Project Glasswing's public launch on April 7, Anthropic had already been running Mythos Preview internally and sharing it with a subset of partners for several weeks. The results established the model's capabilities in concrete, documented terms.
Over that period, Mythos Preview identified thousands of zero-day vulnerabilities — meaning flaws previously unknown to the software's developers — across every major operating system and every major web browser, along with a range of other critical software. Many of these vulnerabilities had survived years or decades of human review and automated security scanning without being caught.
Anthropic published detailed technical examples on its Frontier Red Team blog. Three case studies stand out:
The 27-Year-Old OpenBSD Vulnerability: OpenBSD has a well-earned reputation as one of the most security-hardened open-source operating systems in existence. It is used to run firewalls, high-security servers, and other critical infrastructure precisely because of its track record. Mythos Preview found a vulnerability in OpenBSD that had gone undetected for 27 years — a flaw that allowed an attacker to remotely crash any machine running the operating system simply by connecting to it. No authentication. No prior access. Just a network connection.
The 16-Year-Old FFmpeg Vulnerability: FFmpeg is one of the most widely deployed software libraries in the world, used by countless applications to encode and decode video. Mythos Preview identified a 16-year-old vulnerability in a single line of FFmpeg code — a line that had been hit by automated testing tools more than five million times without any of those tools catching the problem. The model found what five million automated passes missed.
The Linux Kernel Privilege Escalation Chain: The Linux kernel runs the majority of the world's servers. Mythos Preview autonomously found and chained together several separate vulnerabilities in the kernel to construct a privilege escalation attack — allowing an attacker to move from ordinary user access to complete control of the machine. Each individual vulnerability might have been considered low-severity; the chain, assembled by the model without human guidance, created a critical exploit path.
All three of these vulnerabilities have since been reported to the relevant maintainers and patched. For many other vulnerabilities discovered during the preview period, Anthropic published cryptographic hashes of the details on its Red Team blog, committing to reveal the specifics after patches are in place — a responsible disclosure practice applied at unprecedented scale.
The Broader Context: AI, Cybersecurity, and National Security
State-Sponsored Actors and the Existing Threat Landscape
The launch of Project Glasswing does not happen in a vacuum. Anthropic and other AI companies have spent the past year documenting how state-sponsored hacking groups are already using frontier AI models — including Anthropic's own Claude — to augment offensive cyber operations.
The Chinese state-sponsored attack campaign mentioned in the initial Mythos coverage is not hypothetical. A group linked to the Chinese government ran a coordinated campaign using Claude Code to infiltrate approximately 30 organizations — technology companies, financial institutions, and government agencies — with the model handling 80–90% of the attack operations autonomously. Anthropic detected the campaign over roughly 10 days, banned the accounts involved, and notified affected organizations, but the incident established a troubling baseline: frontier AI models were already being used for coordinated offensive operations at scale.
Iranian-linked hacking groups have also been active. In the weeks surrounding Project Glasswing's launch, an Iranian-linked group claimed responsibility for a disruptive cyberattack on U.S. medical technology company Stryker, causing widespread system outages and raising concerns about the vulnerability of healthcare infrastructure. Logan Graham cited these developments directly: "The fact that cyber is a part of even active warfare, and a very common part of active warfare, I think, underscores its importance."
The global financial cost of cybercrime is estimated at around $500 billion per year, according to governance research cited in Anthropic's Project Glasswing announcement. Critical infrastructure attacks — on healthcare systems, energy grids, financial institutions, and government agencies — have caused documented harm to civilian life and economic stability. Anthropic frames Project Glasswing explicitly in this context: the question is not whether AI will reshape cybersecurity, but whether defenders or attackers will benefit first.
The Pentagon Dispute
The relationship between Anthropic and the U.S. government has grown complicated in ways that matter to Project Glasswing's political context. The company is engaged in a legal dispute with the Department of Defense following the Pentagon's decision to label Anthropic a supply-chain risk — a consequence of Anthropic's refusal to allow its models to be used for autonomous targeting or surveillance of U.S. citizens. A judge has temporarily halted that order, but the dispute remains unresolved.
Despite this, Anthropic states it has engaged in "ongoing discussions" with federal officials about Mythos Preview's capabilities. The company has briefed CISA and the Commerce Department, and Anthropic's position is that government engagement is essential regardless of the Pentagon dispute. "The Anthropic official said the company's relationship with the Pentagon does not diminish the value of the new cybersecurity technology," the Washington Examiner reported. "The official said discussions with the government will continue because of the critical role agencies play in both cyber defense and offense."
The tensions here are real: a company that has established redlines against certain military uses of its technology is simultaneously seeking government cooperation on the defensive applications of its most powerful model. How that tension resolves will shape the regulatory and deployment environment for Mythos-class capabilities going forward.
Market Reactions and Industry Implications
The initial leak of Claude Mythos details in late March 2026 had immediate market consequences. Shares of major cybersecurity vendors — CrowdStrike, Palo Alto Networks, Zscaler, and Fortinet — fell as investors began processing what frontier AI capabilities embedded in security tools could mean for the competitive structure of the cybersecurity industry. If a single AI model can autonomously find tens of thousands of vulnerabilities across every major OS and browser, the traditional market for human-led penetration testing and vulnerability assessment faces structural disruption.
The same dynamics that make Mythos Preview a defensive asset for Project Glasswing partners also make it a potential competitive advantage. Companies with early access to Mythos-class vulnerability scanning are in a fundamentally different security posture than companies operating without it. That asymmetry — between organizations inside Project Glasswing and those outside it — is one reason the initiative's open-source and knowledge-sharing components matter: Anthropic is explicitly trying to prevent the benefits from concentrating in a small number of large enterprises.
Claude Mythos vs. Current Public Models: A Full Comparison
Model Tier Positioning
Understanding where Mythos sits in Anthropic's model hierarchy requires stepping back from the standard three-tier framework entirely. The leaked documentation was explicit: Mythos (Capybara) is not an Opus upgrade. It is a fourth tier that sits above Opus in both capability and cost.
Model Tier | Performance | Cost | Status |
|---|---|---|---|
Claude Haiku | Fastest, lowest capability | Lowest | Public |
Claude Sonnet | Balanced | Mid-range | Public |
Claude Opus 4.6 | Most capable (public) | High | Public |
Claude Mythos (Capybara) | "Step change" above Opus | Higher than Opus | Restricted — Project Glasswing only |
The naming departure itself signals the categorical difference. Anthropic has consistently used Haiku/Sonnet/Opus to communicate relative positioning within its lineup. Choosing "Mythos" — a term with no established place in that hierarchy — communicates that the model represents something qualitatively different, not just a version increment.
Benchmark Performance
CyberGym (Vulnerability Analysis):
Claude Mythos Preview: 83.1%
Claude Opus 4.6: 66.6%
Gap: 16.5 percentage points
SWE-bench Verified (Software Engineering):
Claude Opus 4.6: 76.8% (current public leader)
Claude Mythos Preview: Expected to score "dramatically higher" — specific figures not yet published
Terminal-Bench 2.0:
Claude Opus 4.6: 65.4% (led rankings at release, surpassing GPT-5.2-Codex)
Claude Mythos Preview: Expected to exceed — specifics pending full release
Zero-Day Vulnerability Discovery:
Claude Opus 4.6: ~500 zero-days in open-source software (publicly available capability)
Claude Mythos Preview: "Tens of thousands" — identified across every major OS and browser in initial testing
Autonomous Operation:
Previous Claude models: Respond to instructions step by step, require human input at each stage
Claude Mythos: Plans and executes sequences of actions autonomously — moves across systems, makes decisions, completes operations without waiting for human input
Agentic Behavior: The Key Differentiator
The most significant capability gap between Mythos and its predecessors is not raw benchmark performance — it is the depth of autonomous operation. Previous Claude models, including Opus 4.6, can use tools and execute multi-step workflows, but they operate within the bounds of explicit human guidance. The user defines the task, the model executes it, and checks back in when it needs direction.
Mythos operates differently. The model plans sequences of operations, navigates across systems, identifies intermediate objectives, and completes complex tasks without human involvement at each decision point. In the context of cybersecurity, this means the model does not just flag a vulnerability — it investigates the codebase, identifies related vulnerabilities, constructs an exploit chain connecting them, tests the chain, and reports the full attack path, all without being guided through each step.
This is what Graham means when he describes Mythos as having "the skills of an advanced security researcher." A skilled human researcher does not ask for instructions at every step of an investigation. Neither does Mythos Preview.
The Naming: Why "Mythos" and Why "Glasswing"
The Significance of the Names
Product naming at frontier AI companies is rarely accidental, and both "Mythos" and "Glasswing" were clearly chosen with intention.
Mythos derives from the Greek μῦθος, which refers not simply to a story or myth but to a foundational narrative that shapes how a community understands its reality. In ancient Greek usage, mythos was the deep grammar of meaning underlying a culture — the connective tissue between disparate ideas, events, and values. Anthropic's leaked draft blog described the name as chosen to "evoke the deep connective tissue that links together knowledge and ideas." The implication is that Mythos is not a model that performs better at existing tasks — it is a model that links and reasons across domains at a level that changes what those tasks look like. The name is aspirational in the strongest sense.
Glasswing references the glasswing butterfly (Greta oto), an insect found primarily in Central and South America whose wings are almost entirely transparent — the wing tissue is clear, with only a thin border of color, making the butterfly nearly invisible in flight. The transparency metaphor is apt for a cybersecurity initiative: vulnerabilities that have been invisible for decades become visible when examined with Mythos-class AI capabilities. The glasswing butterfly's transparency is also a survival mechanism — it is hard to target what you cannot see. For software systems, the goal of Project Glasswing is to achieve transparency about hidden flaws before attackers can exploit them.
What Comes Next: The Roadmap for Mythos-Class Models
Anthropic's Stated Plans
Anthropic has been explicit that the current restricted deployment of Mythos Preview is not a permanent state. The company's stated goal is to "enable our users to safely deploy Mythos-class models at scale," including for general use cases beyond cybersecurity. But reaching that point requires solving problems that do not yet have complete solutions.
The path forward, as Anthropic has described it, involves three parallel workstreams:
Safeguard Development: Building safety measures specifically designed for models with Mythos-class cyber capabilities. Anthropic is developing these in the context of an upcoming Claude Opus model — one that does not pose the same level of risk as Mythos Preview but that can serve as a testbed for the safeguard infrastructure. This approach lets Anthropic iterate on safety measures without risking deployment of the most capable model.
Cyber Verification Program: An upcoming program that will allow security professionals whose legitimate work is affected by Mythos-class safeguards to apply for verified access. The existence of this program reflects an acknowledgment that blanket restrictions create their own problems — legitimate security researchers need access to tools that match the capabilities of adversaries.
Efficiency Optimization: Making Mythos Preview — or a successor — cost-effective enough to serve at scale. The current model is expensive to run, which limits who can realistically use it even within the Project Glasswing framework. Efficiency improvements, potentially including quantization, distillation, and speculative decoding, are prerequisites for broader access.
The Competitive Timeline
Logan Graham's estimate of 6 to 18 months before other AI companies release models with capabilities comparable to Mythos Preview sets a hard deadline on the defensive-first strategy. If that estimate holds, the window during which Project Glasswing provides a meaningful asymmetric advantage for defenders is narrow.
"Frontier AI capabilities are likely to advance substantially over just the next few months," Cheng told VentureBeat. "For cyber defenders to come out ahead, we need to act now."
This urgency is baked into every aspect of the Project Glasswing design — the $100 million in usage credits committed upfront, the knowledge-sharing component requiring partners to publish what they learn, the inclusion of open-source security organizations alongside large enterprise partners. Anthropic is not building a moat. It is trying to raise the floor for everyone before the same capabilities become available to everyone — including adversaries.
The Broader Industry Impact
Project Glasswing has implications that extend well beyond the immediate group of participating organizations. The vulnerabilities being found and patched through the initiative are in software that underpins systems used by billions of people globally — every major OS, every major browser, the Linux kernel, FFmpeg, OpenBSD. Patches for these vulnerabilities will ship to every user of that software, not just to Project Glasswing participants.
The knowledge-sharing component — partners publishing what they have learned — creates a public record of how AI-augmented vulnerability research works at this capability level, which will inform how the broader security research community adapts. The $4 million in donations to open-source security organizations provides direct funding to the maintainers who will need to process, validate, and implement the patches that Mythos Preview's findings generate.
And the precedent set by Anthropic's approach — controlled, partner-limited deployment of a capability deemed too dangerous for public release — will be studied by every AI lab that follows with models in this capability class. How Anthropic handles the 6-to-18-month window before the capability proliferates will serve as a case study for responsible deployment at the frontier.
Key Takeaways: What Claude Mythos and Project Glasswing Mean for Developers and Businesses
For Developers
The existence of Mythos Preview and Project Glasswing has immediate practical implications for developers working with open-source software, production codebases, or any system that depends on widely-used libraries and operating systems:
Vulnerabilities you thought were patched may not be. Mythos Preview found a 16-year-old bug in FFmpeg that automated tools had tested five million times without catching. If you depend on open-source software — and virtually every modern application does — your attack surface includes vulnerabilities that conventional security tooling has not detected.
The pace of vulnerability discovery is about to accelerate dramatically. Whether through Project Glasswing's controlled deployment or through competitive models released over the next 18 months, AI-augmented vulnerability scanning is going to change what "comprehensive security audit" means. Development teams that are not thinking about this transition now will be behind it.
Agentic AI capabilities require new security thinking. Mythos Preview operates with a level of autonomous action that previous AI models did not approach. Building applications that integrate AI agents — whether Claude or any other model — requires security architecture that accounts for the possibility of highly capable, semi-autonomous code execution.
For Businesses
Supply chain security is the critical exposure. The vulnerabilities Mythos Preview has found in FFmpeg, OpenBSD, and the Linux kernel affect software that millions of applications depend on. Organizations that have been relying on the security of these foundational components without verifying it independently are exposed in ways that traditional security scanning may not reveal.
The cybersecurity talent advantage is narrowing. A model that can match the output of elite human security researchers changes the competitive dynamics for organizations that have relied on having better security talent than their adversaries. Budget for advanced security tooling, including AI-augmented scanning, is going to become a differentiator in ways it has not been previously.
Open-source dependencies require active monitoring. Project Glasswing's inclusion of the Linux Foundation and $4 million in donations to open-source security organizations reflects an understanding that the open-source software stack needs coordinated security investment. Businesses that treat open-source components as zero-cost infrastructure without accounting for the security maintenance burden are carrying hidden risk.
The Philosophical Dimension: Anthropic's Safety-First Approach Under Pressure
A Company Scared of Its Own Creation
The language Anthropic uses to describe Claude Mythos is unusual for a technology company announcing a product. Internal documents describe it as posing "unprecedented cybersecurity risks." The company is privately briefing government officials that the model makes large-scale cyberattacks "significantly more likely." Newton Cheng speaks publicly about the potential "severe" fallout for "economies, public safety, and national security" if such capabilities reach unsafe actors.
This is not the language of a company trying to hype a product launch. It is the language of a company genuinely grappling with having built something whose implications they are not fully comfortable with — and choosing transparency about that discomfort over the alternative of quiet deployment.
Anthropic's founding principle — that AI development carries existential risks and that those risks need to be managed through deliberate, safety-focused research — is not just marketing copy in the context of Mythos. The controlled deployment, the government briefings, the $100 million commitment to defensive use, the explicit acknowledgment that the company will not make the model generally available: all of these choices reflect an organization trying to act consistently with its stated values when the stakes are highest.
Whether that approach is sufficient — whether Project Glasswing can meaningfully narrow the window before Mythos-class capabilities proliferate to adversaries — is a question that the next 12 to 18 months will begin to answer.
The Dual-Use Future
Anthropic's Frontier Red Team blog, published alongside the Project Glasswing announcement, includes a quote that captures the fundamental tension: "Although the risks from AI-augmented cyberattacks are serious, there is reason for optimism: the same capabilities that make AI models dangerous in the wrong hands make them invaluable for finding and fixing flaws in important software — and for producing new software with far fewer security bugs. Project Glasswing is an important step toward giving defenders a durable advantage in the coming AI-driven era of cybersecurity."
The dual-use nature of frontier AI capabilities is not a problem that any single company can solve through product policy alone. Anthropic is explicit that "no one organization can solve these cybersecurity problems alone: frontier AI developers, other software companies, security researchers, open-source maintainers, and governments across the world all have essential roles to play."
Project Glasswing is described as "a starting point." What comes after that starting point — how the industry, governments, and the security research community adapt to Mythos-class capabilities becoming broadly available — will define the cybersecurity landscape for years.
Common Questions About Claude Mythos and Project Glasswing
❓ Is Claude Mythos available to the public? No. Anthropic has explicitly stated it does not plan to make Claude Mythos Preview generally available due to its cybersecurity capabilities. Access is restricted to 12 founding partner organizations and approximately 40 additional organizations participating in Project Glasswing.
❓ Is Mythos the same as Capybara? Yes. "Capybara" was the internal codename used in the leaked draft blog post. "Mythos" is the public-facing name. Both refer to the same underlying model.
❓ What tier is Mythos in Anthropic's model family? Mythos represents a new fourth tier — above Opus — that Anthropic is calling "Capybara" tier internally. It is larger and more capable than any previous Anthropic model.
❓ What is Project Glasswing's relationship to the model? Project Glasswing is the initiative through which Claude Mythos Preview is being deployed. The model is the tool; Glasswing is the structured program that governs its use for defensive cybersecurity purposes.
❓ Will Mythos ever be released publicly? Anthropic's stated goal is to eventually "enable users to safely deploy Mythos-class models at scale," but has tied any general release to the completion of safeguard development, efficiency optimization, and a Cyber Verification Program. No timeline has been given.
❓ How does Mythos compare to GPT-5 or Google Gemini Ultra? Anthropic describes Mythos as "currently far ahead of any other AI model in cyber capabilities" — but direct benchmark comparisons against other companies' models have not been published. Logan Graham acknowledged that OpenAI and other labs are working on models with comparable capabilities and expects them to reach similar capability levels within 6 to 18 months.
❓ What was the Anthropic data leak that revealed Mythos? On March 26, 2026, a CMS misconfiguration at Anthropic left approximately 3,000 unpublished assets — including a draft blog post describing Mythos — publicly accessible in an unsecured data store. Security researchers Roy Paz and Alexandre Pauwels discovered the exposure. Anthropic attributed it to human error and locked down access after being contacted by Fortune.
The Moment AI Cybersecurity Changed
Claude Mythos and Project Glasswing represent a genuine inflection point — not because the underlying technology appeared without warning, but because the explicit acknowledgment of what it can do, and the deliberate choice to restrict it, marks a departure from how frontier AI has typically been handled.
For the first time, a leading AI company has built a model it deems too dangerous for general release, disclosed that assessment publicly, and organized a structured alternative deployment specifically designed to channel the model's capabilities toward benefit before they proliferate to risk. Whether that strategy succeeds depends on factors outside any single company's control — competitor timelines, geopolitical dynamics, regulatory responses, and the resourcefulness of adversaries who are already using AI to attack the systems Project Glasswing is trying to defend.
What is clear is that the window is short. Mythos-class capabilities will not remain Anthropic's alone for long. The question Project Glasswing is trying to answer — whether defenders can get far enough ahead in those months to matter — is one of the most consequential questions in technology right now.
Project Glasswing is a starting point. The race has already begun.