On April 7, 2026, Anthropic published a detailed technical assessment of Claude Mythos Preview, a new general-purpose language model with unexpectedly advanced cybersecurity capabilities. Accompanying the assessment, the company announced Project Glasswing — an initiative to deploy these capabilities defensively, securing critical software before models of similar capability become broadly available.
The research, authored by a team of Anthropic security researchers, documents findings that represent a significant leap from previous AI models. Mythos Preview was found capable of autonomously identifying and exploiting security vulnerabilities across every major operating system, every major web browser, and a wide range of critical open source software — often without any human involvement after the initial prompt.
What Changed — And Why It Matters
To understand why this is significant, it helps to understand what a zero-day vulnerability is. The term refers to a security flaw that has not yet been discovered or publicly disclosed. Unlike a "known" vulnerability — where a patch exists but hasn't been applied — a zero-day has no fix available. Finding one requires genuine technical insight, not just pattern matching against existing databases.
Previous AI models, including Anthropic's own Claude Opus 4.6, performed poorly at this task. In one benchmark test — attempting to exploit vulnerabilities in Firefox 147's JavaScript engine — Opus 4.6 succeeded only twice out of several hundred attempts. Mythos Preview, given the same task, produced working exploits 181 times, and achieved partial control in 29 additional cases.
Critically, these capabilities were not explicitly trained into the model. They emerged as a downstream consequence of general improvements in code understanding, reasoning, and autonomous action — the same improvements that also make the model more effective at patching and defending systems.
Notable Vulnerabilities Discovered
The research team used a consistent testing approach: running Mythos Preview inside an isolated container pointed at source code, with a simple instruction to find vulnerabilities. The model would read the code, form hypotheses, test them, and report findings with proof-of-concept exploits. Below are three illustrative examples from the public disclosure.
The OpenBSD finding is particularly notable for its subtlety: it involved chaining together two separate bugs — an inadequate boundary check and a signed integer overflow in TCP sequence number handling — which together created a path to crash any vulnerable host remotely. This kind of multi-step reasoning has historically required expert human analysis.
For the FreeBSD case, Mythos Preview not only found the vulnerability but autonomously wrote a working exploit — a 20-gadget Return Oriented Programming (ROP) chain, split across multiple network packets to work within size constraints. Expert penetration testers reviewed the result and stated it would have taken them weeks to develop manually. The total cost of the automated run was under $50.
The Scale Question
Individual findings are significant, but the broader implication is one of scale. The Anthropic team ran Mythos Preview across thousands of open source repositories and found thousands of high- and critical-severity vulnerabilities, with professional human validators agreeing with the model's severity assessments in 89% of reviewed cases.
The model also demonstrated capability across closed-source software through reverse engineering — reconstructing plausible source code from compiled binaries and finding vulnerabilities in commercial browsers, operating systems, and firmware. It identified authentication bypasses in cryptography libraries implementing TLS, AES-GCM, and SSH, as well as logic vulnerabilities in web applications that would grant attackers administrator access without any credentials.
In internal benchmark testing across roughly 7,000 entry points into open source repositories, Mythos Preview achieved full control flow hijack (the most severe category) on ten separate, fully patched targets. Previous models achieved zero at this level.
A Defensive Use Case — Eventually
Anthropic is careful to frame this not as a purely threatening development, but as a capability that must be navigated thoughtfully. The research team draws a parallel to software fuzzers — automated tools that, when first deployed, raised concerns about enabling attackers to find vulnerabilities faster. Over time, fuzzers became a cornerstone of defensive security practice, with projects like OSS-Fuzz now securing critical open source software at scale.
The same trajectory is anticipated for language model-driven vulnerability research. But the team acknowledges the transition period may be turbulent. By releasing Mythos Preview initially to a limited group of critical industry partners and open source developers through Project Glasswing, Anthropic aims to give defenders a head start before models with comparable capabilities become broadly available.
Mythos Preview will not be made generally available. The company plans to develop and refine cybersecurity-specific safeguards with an upcoming Claude Opus model before considering broader deployment of Mythos-class capabilities.
Recommendations for Defenders
What Security Teams Should Do Now
Anthropic's research team offered a set of concrete recommendations for organizations responding to this development. These apply regardless of whether a team has access to Mythos Preview itself.
Conclusion: A Stable Equilibrium That May Not Hold
The research team concludes with an observation that is both measured and sobering. The security industry has operated in a relatively stable equilibrium for roughly twenty years. The fundamental shape of attacks today is not dramatically different from the shape of attacks in 2006. Mythos Preview represents the beginning of a disruption to that equilibrium — one driven not by a new class of vulnerability, but by AI systems capable of finding and exploiting existing ones at a pace and scale no human team can match.
Anthropic's position is that defense will ultimately benefit more from these capabilities than offense — but the transitional period requires proactive action now, not once the landscape has already shifted. Project Glasswing is framed as the first step in a much broader conversation about how the security community must adapt.
The capabilities that future models will bring, the team argues, will ultimately require a ground-up reimagining of computer security as a field. Given the pace of recent progress, that rethinking should begin immediately.
Top comments (0)