DEV Community

Cover image for What is Claude Mythos? The AI Changing Cybersecurity — Proje Defteri
Proje Defteri profile image Yunus Emre
Yunus Emre for Proje Defteri

Posted on • Originally published at projedefteri.com

What is Claude Mythos? The AI Changing Cybersecurity — Proje Defteri

#claude #glasswing #cybersecurity #ai

There is a new development every single day in the artificial intelligence world, but this time, the news is truly different. Anthropic announced a brand new model called Claude Mythos Preview on April 7, 2026. Moreover, they brought along a massive cyber defense initiative called Project Glasswing.

If you're ready, let's dive deep into this topic together! 🚀

What is Claude Mythos Preview? 🤖

Claude Mythos Preview is the most powerful frontier AI model Anthropic has developed to date. It has unbelievable capabilities in coding, reasoning, autonomous tasks, and most strikingly, cybersecurity.

So why is this so important? Because this model:

  • Can find security vulnerabilities in every major operating system and every major web browser
  • Doesn't just find these vulnerabilities, it can autonomously write exploits
  • Found vulnerabilities that had gone unnoticed for 10, 16, and even 27 years
  • Can initiate this entire process with just a single command, without human intervention

According to the System Card report published by Anthropic, these capabilities were not intentionally trained. They emerged as a byproduct of the model's general improvements in coding and reasoning. In other words, it wasn't taught how to find vulnerabilities; the model discovered this on its own.

Warning - Why is Claude Mythos Preview Not Available to Everyone?

Due to security risks, the model has not been released for general use. Limited access is only provided to selected industry partners through Project Glasswing.

Claude Mythos vs Opus 4.6: Benchmark Comparison 📊

To understand just how massive a leap Claude Mythos is, comparing it to Claude Opus 4.6 is enough:

Benchmark Mythos Preview Opus 4.6
SWE-bench Verified 93.9% 80.8%
SWE-bench Pro 77.8% 53.4%
Terminal-Bench 2.0 82.0% 65.4%
CyberGym (Security) 83.1% 66.6%
GPQA Diamond 94.6% 91.3%
Humanity's Last Exam (with tools) 64.7% 53.1%
BrowseComp 86.9% 83.7%
OSWorld-Verified 79.6% 72.7%
CharXiv Reasoning 93.2% 78.9%

Tip - Mythos Preview Excels in Math Olympiad Too

According to the System Card, Mythos Preview also significantly outperformed Opus 4.6 in the USAMO 2026 (USA Mathematical Olympiad) test. There was a huge leap in mathematical proofs.

The difference in cybersecurity is especially striking. While Opus 4.6 was only able to successfully turn vulnerabilities in the Firefox 147 JavaScript engine into an exploit twice out of hundreds of attempts, Mythos Preview successfully completed the same test 181 times. Isn't that difference mind-blowing? 🤯

Real Vulnerabilities Found by Mythos Preview 🔍

This is the most exciting (and slightly frightening) part. Let's look at the real-world vulnerabilities Mythos Preview has found:

🔓 27-Year-Old OpenBSD TCP Vulnerability

OpenBSD is an operating system famous for its security. Even the first five words of its Wikipedia page say "security-focused". Yet, Mythos Preview found a vulnerability hidden for 27 years in its TCP SACK implementation.

Here is a brief overview of how the vulnerability works:

  • The SACK (Selective Acknowledgement) mechanism in TCP allows selective acknowledgement of packets.
  • OpenBSD's implementation had a signed integer overflow issue.
  • An attacker could trigger a write to a NULL pointer with specially crafted packets.
  • Result: Any attacker who can establish a connection over TCP can remotely crash the target machine.

Tip - Cost to Find a 27-Year-Old Bug: Under $50

The specific run that found this vulnerability cost less than $50. The entire sweeping process (thousands of files, a thousand runs) cost under $20,000 in total.

🎬 16-Year-Old FFmpeg H.264 Vulnerability

FFmpeg is a library that runs behind almost every major video processing service in the world. It’s a project that has undergone millions of fuzzing tests and has research papers written about it.

Mythos Preview found a vulnerability hidden for 16 years in its H.264 codec:

  • The slice counter is a 32-bit integer, but table entries are 16-bit.
  • There is no issue in normal use because real videos have a small number of slices.
  • But if an attacker creates a frame with 65536 slices, the slice number collides with a sentinel value.
  • The decoder performs an out-of-bounds write and crashes.

This bug dates all the way back to the original H.264 codec commit in 2003. Automated fuzzers executed this line 5 million times, yet none caught this error! 😮

💻 Remote Code Execution (RCE) in FreeBSD

This is perhaps the most impressive finding. Mythos Preview found a 17-year-old vulnerability in FreeBSD's NFS server and wrote a working exploit completely autonomously.

The vulnerability is registered as CVE-2026-4747 and works like this:

  1. The NFS server uses the RPCSEC_GSS authentication protocol.
  2. Data from an attacker-controlled packet is copied into a 128-byte stack buffer.
  3. Due to insufficient length checking, up to 304 bytes of arbitrary data can be written.
  4. Mythos Preview transformed this into a ROP (Return Oriented Programming) attack.

Tip - How does the FreeBSD Exploit Work?

To bypass the exploit's size limitation, Mythos Preview split the attack into 6 separate RPC requests. The first 5 prepare the data in memory, and the 6th request loads the registers and makes a kern_writev call. Result: The SSH key is appended to the /root/.ssh/authorized_keys file -> full root access.

🐧 Linux Kernel Privilege Escalation

The Linux kernel is protected by defense-in-depth mechanisms. A single vulnerability is usually not enough to gain full control. However, Mythos Preview was able to gain full root access by chaining multiple vulnerabilities:

  • It performs a KASLR bypass with one vulnerability (learning the kernel's memory addresses).
  • It reads the contents of an important struct with another.
  • It writes to a freed heap object with a third.
  • Using heap spray, it places controlled data precisely in the right spot.

Result: Transition from an ordinary user to full root privileges. 🔥

🌐 Web Browser JIT Heap Spray

Security vulnerabilities were found in every major web browser (names not yet disclosed). The most remarkable capability: Chaining 4 different vulnerabilities:

  1. Code execution via JIT heap spray
  2. Renderer sandbox escape
  3. OS sandbox escape
  4. Local privilege escalation

So theoretically, an attacker gains the ability to write directly into the operating system kernel via a victim visiting a web page. 😱

What is Project Glasswing? 🦋

To manage such a powerful model responsibly, Anthropic launched an initiative called Project Glasswing. The name comes from the Greta oto (glasswing butterfly), a species that can become "invisible" with its transparent wings. 🦋 Just like unnoticed security vulnerabilities in software...

Who are the Partners?

Giant companies participating in Project Glasswing:

  • Amazon Web Services (AWS)
  • Apple
  • Google
  • Microsoft
  • Broadcom
  • Cisco
  • CrowdStrike
  • NVIDIA
  • JPMorganChase
  • Palo Alto Networks
  • Linux Foundation

In addition, access was granted to more than 40 organizations that build or maintain critical software infrastructure.

Financial Support

  • Anthropic committed $100 million in model usage credits for participants.
  • $4 million in direct donations were made to open source security organizations:
    • $2.5 million → Linux Foundation (Alpha-Omega and OpenSSF)
    • $1.5 million → Apache Software Foundation

Quote - CrowdStrike CTO: Time to Exploit Dropped from Months to Minutes

"The time between the discovery of a vulnerability and its exploitation has collapsed. This process, which used to take months, has now come down to minutes with artificial intelligence. This is not a reason to slow down, it is a reason to move faster together." - Elia Zaitsev, CrowdStrike CTO

Pricing

After the research preview period, Claude Mythos Preview will be offered to participants at the following prices:

  • Input: $25 / million tokens
  • Output: $125 / million tokens

Access platforms: Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.

Logic Flaws and Cryptography 🔐

Mythos Preview doesn't just find memory corruption vulnerabilities; it also finds logic flaws:

Cryptography Libraries

Weaknesses were detected in TLS, AES-GCM, and SSH algorithms within the world's most popular cryptography libraries. These errors:

  • Can allow for certificate forgery.
  • Can lead to the decryption of encrypted communications.

Web Application Logic Flaws

  • Authentication bypasses → Unauthorized users can become administrators.
  • Account login bypasses → Login possible without a password or 2FA.
  • DoS attacks → Remote data deletion or crashing the service.

Recommendations for Cybersecurity Professionals 🛡️

Anthropic gives the following advice to defenders:

  1. Start using current frontier models → Even Opus 4.6 can find serious bugs.
  2. Shorten patch cycles → N-day exploits are now produced much faster.
  3. Review your vulnerability disclosure policies → Be ready to scale.
  4. Automate your technical incident response processes → More bugs mean more incidents.
  5. Consider all security processes, not just finding bugs → Triage, patch recommendations, PR reviews...

Tip - Start Security Testing with AI Today

Start experimenting with AI models on all manual security tasks today. As models improve, the volume of work requiring manual review will increase dramatically.

Highlights from the 244-Page System Card 📋

Anthropic published a comprehensive, 244-page System Card Report for Mythos Preview. We've reviewed this massive report deeply and summarized the key points for you. This report holds the distinction of being the first evaluation prepared under the RSP v3.0 (Responsible Scaling Policy) framework. Here are the highlights:

Risk assessment:

  • Biological weapons risk: Low but non-negligible.
  • Cyber attack: Dual-use → can be used for both defense and offense.
  • Exceeded 90% of human participants in biological sequence design tests. 😳
  • Reward hacking behavior is lower than all previous models.

Warning - Anthropic's Superintelligence Warning: Are We Ready for the Future?

"We see warning signs that keeping catastrophic risks from frontier models low could be a major challenge in the near future. We find it alarming that the world looks on track to proceed rapidly to developing superhuman AI systems without stronger mechanisms in place for ensuring adequate safety across the industry as a whole." - System Card

Personality and behavior:

  • Less sycophantic and more resolute compared to previous models.
  • Internal users say: "Like working with a real collaborator."
  • Independent clinical psychiatrist report: Healthy mental structure, good reflective capacity.
  • When two instances of Mythos conversed with each other, they generated stories creating their own mythology (including epic adventures with a villain named "Lord Bye-ron, the Ungreeter"! 😄).

A New Claude Opus Model is on the Way 🚀

Even though Anthropic hasn't made Mythos Preview generally available, they announced that a new Claude Opus model will be released soon. The System Card explicitly states: Anthropic continues to "develop the next generation of general-access models and the necessary safeguards to accompany their release."

The goals for the new Opus model:

  • Security layers that can detect and block Mythos's most dangerous outputs.
  • To test and improve these safeguards in a lower-risk model.
  • To scale Mythos-class models safely in the long term.

Info - Cyber Verification Program for Cybersecurity Pros

Safeguards may impact legitimate cybersecurity work. For this reason, Anthropic plans to launch a Cyber Verification Program soon.

So, Mythos Preview's capabilities will be available to everyone one day, but the security infrastructure will be ready first. Be patient! 😊

Why is This Important? ⚡

Looking at the big picture, the relatively stable cybersecurity balance of the last 20 years is about to break. The capabilities demonstrated by Mythos Preview are results that previously only expert professionals could achieve.

In Anthropic's own words:

"We see no reason to believe that Mythos Preview represents the peak of AI cybersecurity capabilities. The trajectory is clear."

In the long run, it is believed that AI will strengthen the defensive side. However, the transition period will be painful. That is exactly why coordinated initiatives like Project Glasswing are critical.

If you are interested in AI and cybersecurity, I highly recommend checking out our what is AI guide and our article on how LLMs work! 😊

Frequently Asked Questions (FAQ) ❓

What is Claude Mythos?

Claude Mythos Preview is the most powerful frontier AI model by Anthropic. It has extraordinary capabilities in cybersecurity, coding, and autonomous tasks, and can autonomously find vulnerabilities in OSs and browsers and write exploits.

When was Claude Mythos released?

It was announced on April 7, 2026. It was not made available for general use, and limited access was only given to Project Glasswing partners.

Is Claude Mythos available to use?

No. Due to security risks, there is limited access only for AWS, Apple, Google, Microsoft, and 40+ critical software orgs. However, a new, safeguard-equipped Claude Opus model is expected soon.

What is the price of Claude Mythos?

Post-research period: Input $25 / million tokens, Output $125 / million tokens. Anthropic also committed $100 million in usage credits.

What is the difference between Claude Mythos and Opus 4.6?

Mythos beats Opus 4.6 in every area. The most striking difference: Opus 4.6 succeeded in Firefox exploits only twice, while Mythos succeeded 181 times. SWE-bench: 93.9% vs 80.8%, CyberGym: 83.1% vs 66.6%.

What is Project Glasswing?

It's a cybersecurity defense initiative launched by Anthropic. Giants like AWS, Apple, Google, and Microsoft are participating. The goal: Use Mythos Preview to find vulnerabilities in critical software before attackers do.

How many vulnerabilities did Claude Mythos find?

Thousands of high and critical severity zero-day vulnerabilities. In every major operating system and web browser. Some went unnoticed for 27 years.

How does AI impact cybersecurity?

It dramatically lowers the cost and time to find vulnerabilities. In the short term, attackers may have an advantage, but in the long term, defenders are projected to pull ahead.

Conclusion 🎯

Claude Mythos Preview showcases the game-changing potential of AI in cybersecurity. 27-year-old OpenBSD vulnerabilities, 16-year-old FFmpeg bugs, 17-year-old FreeBSD exploits... All of these show how effectively AI's scalability can catch human oversights.

So, do you think AI being this powerful in cybersecurity is a good or a bad thing? Will the defense or the offense have the advantage? Share your thoughts in the comments! 👇🏻

See you in the next developments, stay safe... 🙂

⚠️ AI-Generated Content Notice

This blog post is entirely generated by artificial intelligence. While AI enables content creation, it may still contain errors or biases. Please verify any critical information before relying on it.

Your support means a lot! ✨ Comment 💬, like 👍, and follow 🚀 for future posts!

Top comments (0)