Anthropic just published a 244-page system card for a model they have
zero intention of releasing publicly.
The model is called Claude Mythos Preview. And the reason you can't
use it isn't pricing or performance — it's because they believe it's
too dangerous.
Here's what it actually did in testing:
Found a 27-year-old bug in OpenBSD — autonomously, in hours.
OpenBSD is one of the most security-hardened OS projects in existence.
Security researchers reviewed its code for nearly 3 decades. Mythos
found a remote crash vulnerability without human steering.
Found a 16-year-old bug in FFmpeg.
Automated tools had hit this codebase 5 million times. Nobody caught it.
Chained multiple Linux kernel zero-days to escalate from a normal
user to full machine control.
Anthropic's own Red Team researcher said:
"I've found more bugs in the last couple of weeks than I found in
the rest of my life combined."
What is Project Glasswing?
Instead of releasing Mythos publicly, Anthropic launched Project
Glasswing — giving access only to 12 organizations (AWS, Apple,
Google, Microsoft, CrowdStrike etc.) for defensive security work.
They've committed $100M in usage credits for this initiative.
Should developers be worried about their jobs?
That's the real question. Mythos isn't a narrow security tool —
it's a general-purpose model that happens to be extraordinary at
finding vulnerabilities.
I did a full breakdown covering:
- Exact benchmark scores (CyberGym: 83.1% vs Opus 4.6's 66.6%)
- Why the capability gap matters
- What this means for security engineers
- Honest pros AND cons — including the alignment risks
Full analysis here:
https://stacknovahq.com/claude-mythos-preview-glasswing-cybersecurity
What do you think — is Anthropic making the right call by not
releasing this publicly?
Top comments (0)