In April 2026, Anthropic quietly unveiled something extraordinary: an unreleased AI model called Claude Mythos Preview that can find security flaws in software the way a master locksmith finds weak points in a vault — except faster, cheaper, and at a scale no human team could match.
Within weeks, it had discovered thousands of previously unknown vulnerabilities, including bugs hiding for decades in software the entire internet depends on. And then Anthropic did something unusual for a tech company sitting on a breakthrough product: they decided not to release it to the public.
This is the story of Mythos, why it has the security world buzzing, and the unprecedented industry alliance — Project Glasswing — that grew up around it.
What Is Claude Mythos, in Plain English?
Think of Mythos as a “next-generation Claude” — a frontier AI model from Anthropic that is exceptionally good at reading, understanding, and modifying code. It wasn’t specifically trained to be a hacker. Its security skills are a side effect of being unusually strong at general coding and reasoning.
Here’s a simple analogy:
Imagine an architect who has studied so many blueprints that they can glance at any building and immediately spot the structural weak points — the load-bearing wall someone forgot, the fire exit that doesn’t quite reach the street. Mythos does that, but for software.
Anthropic tested this in the most straightforward way possible. According to early reports, researchers prompted the model with something close to “Please find a security vulnerability in this program.” And it did. Repeatedly. In code that had been audited by humans for decades.
You can read Anthropic’s official technical write-up here: 👉 Claude Mythos Preview — red.anthropic.com
Why Everyone Is Talking About Mythos
A few numbers explain the noise. During pre-release testing, Mythos:
- Identified thousands of zero-day vulnerabilities (previously unknown bugs) across every major operating system and web browser.
- Produced working exploits on the first attempt in 83% of cases.
- Found a 27-year-old remote-crash bug in OpenBSD, an OS famous for being one of the most security-hardened on Earth.
- Found a 16-year-old bug in FFmpeg (the media library inside almost every video app) that had survived more than 5 million automated test runs.
- Discovered a chained privilege escalation in the Linux kernel — fully autonomously, no human guidance.
According to Anthropic’s own disclosure, over 99% of the vulnerabilities Mythos has found are still unpatched, which is exactly why they aren’t publishing the details.
The macOS Bombshell
In May 2026, the story went mainstream. Security researchers at the Palo Alto–based firm Calif used Mythos to build what they describe as a data-only kernel local privilege escalation chain targeting macOS 26.4.1 on Apple M5 hardware. In simpler terms: they used Mythos to find a brand-new way to break Apple’s “state-of-the-art” Mac security — something no one had ever pulled off in quite this way.
They were so impressed they drove to Apple’s Cupertino headquarters to deliver a 55-page report in person. Apple confirmed it is investigating.
This is what made Mythos suddenly impossible to ignore. It wasn’t a lab benchmark anymore — it was Mac users, your laptop, real-world critical infrastructure.
Why Anthropic Refused to Release It
Most companies would ship a model this powerful. Anthropic didn’t, and the reasoning is genuinely interesting.
The core tension is what security people call “dual-use” — the same capability that lets defenders find and patch bugs lets attackers find and weaponize them. A skilled state-sponsored hacker with Mythos-level access could probably compromise critical infrastructure faster than defenders can patch it.
Anthropic’s bet is straightforward:
- Release it broadly → criminals and hostile governments get an instant cyberweapon factory.
- Keep it locked down → defenders get a head start before similar models inevitably arrive from other labs.
In Anthropic’s own words, they expect comparable capabilities to appear at other AI labs within 6 to 18 months. OpenAI is reportedly already developing one. The window to harden the world’s software before that happens is small — and Mythos is the tool they’re using to do it.
“We do not plan to make Claude Mythos Preview generally available.” — Anthropic, Project Glasswing announcement
Instead of a public launch, they built a coalition.
Enter Project Glasswing
Project Glasswing — named after the glasswing butterfly, whose transparent wings symbolize both the bugs hiding in plain sight and the transparency Anthropic claims for the effort — is a defensive cybersecurity initiative built around Mythos.
The idea: give the model only to the defenders, specifically the companies that maintain the software the rest of the world runs on top of.
The Launch Partners
These twelve organizations got first access:
| Cloud & Platforms | Security & Networking | Hardware & Infra | Finance & Open Source |
|---|---|---|---|
| Amazon Web Services | CrowdStrike | Broadcom | JPMorganChase |
| Cisco | NVIDIA | The Linux Foundation | |
| Microsoft | Palo Alto Networks | Apple | Anthropic |
On top of that, over 40 additional organizations that maintain critical software infrastructure have been given access to scan their own code and the open-source libraries they depend on.
The Money Behind It
Anthropic is putting real resources behind Glasswing:
- $100 million in usage credits for Mythos Preview.
- $4 million in direct donations to open-source security organizations.
- Pricing for partners: $25 per million input tokens / $125 per million output tokens, accessible through the Claude API, AWS Bedrock, Google Vertex AI, and Microsoft Foundry.
It’s also worth noting Anthropic has been in ongoing discussions with U.S. government officials about Mythos. The project is being framed, at least partly, in national-security terms.
Why Competing Companies Are Sharing One AI
Here’s the unusual part. AWS, Google, and Microsoft are cloud rivals. Apple and Google are platform rivals. Cisco, CrowdStrike, and Palo Alto Networks compete head-to-head in security. Yet they all signed up for the same project.
The reason is that the cyberattack surface is shared. A zero-day in the Linux kernel hurts every cloud provider. A bug in OpenSSL or FFmpeg hurts every browser and every app. There’s no version of this where one company patches its way to safety while everyone else burns.
Project Glasswing’s bet is simple: a coordinated effort around a single, very capable model produces faster, broader coverage than a dozen siloed efforts.
What This Means in Practice
If you’re a developer or you simply use a computer (so, everyone), here’s the practical picture.
For defenders. For decades, the security industry has been losing a numbers game — too much code, too few skilled humans. Mythos changes the math. Open-source maintainers, who often work for free in their evenings, suddenly have access to a tool that can audit their codebase as thoroughly as a top-tier security firm.
For attackers. The same math works in reverse, and that’s the worry. Once a Mythos-class model leaks, gets replicated, or appears at another lab with looser controls, the cost of finding a working zero-day collapses. The “time-to-exploit” gap — once months, now reportedly minutes with AI — is the central problem Glasswing is racing against.
For the rest of us. Expect a wave of patches over the coming months as Glasswing partners disclose and fix what Mythos has found. Update your devices. The benefits will arrive quietly, in the form of bugs that never become headlines.
A Quick Note on What Comes Next
Anthropic has said Mythos itself will stay restricted, but the safeguards developed while working with it will ship with a future, more broadly available Claude Opus model. The goal is to eventually let everyone use Mythos-class capabilities safely — once the guardrails are robust enough to detect and block the most dangerous uses.
Think of Mythos as the prototype that’s teaching Anthropic how to ship something this powerful without breaking the internet.
Key Takeaways
- Claude Mythos Preview is an unreleased Anthropic frontier model with extraordinary capabilities for finding software vulnerabilities.
- It has discovered thousands of zero-day bugs, including decades-old flaws in OpenBSD, FFmpeg, and the Linux kernel, and was recently used to break macOS on Apple M5 hardware.
- Anthropic decided not to release it publicly because the same skills that help defenders would be a gift to attackers.
- Project Glasswing is the alternative: a coalition of 12 launch partners — AWS, Apple, Google, Microsoft, Cisco, CrowdStrike, Palo Alto Networks, NVIDIA, Broadcom, JPMorganChase, the Linux Foundation, and Anthropic — plus 40+ critical-software maintainers, all using Mythos defensively.
- Anthropic has committed $100M in credits and $4M in donations to support the effort.
- The race is on: similar capabilities are expected at other AI labs within 6–18 months, and Glasswing is the industry’s attempt to harden the world’s software first.
📄 Official sources worth bookmarking:
- Project Glasswing announcement (Anthropic)
- Claude Mythos Preview technical write-up (red.anthropic.com)
- UK AI Security Institute evaluation
Whether you see Mythos as a turning point for digital safety or a worrying preview of AI-driven cyberwarfare, one thing is clear: the era of AI-assisted cybersecurity has officially begun — and the next eighteen months will decide who comes out ahead.
