Anthropic Builds Claude Mythos, Exposes Systemic Vulnerabilities

Anthropic unveiled Claude Mythos Preview, a frontier model that demonstrably finds and constructs working exploits against major operating systems, browsers, and libraries faster and at higher success rates than any prior model. Internal evaluations and the red-team writeups show Mythos achieves 93.9% on SWE-bench Verified, 97.6% on USAMO, and autonomously produces working exploits with a reported 72.4% success rate. Anthropic has decided not to release the model publicly and instead is giving controlled access to a curated defensive cohort while committing funding to open-source security efforts.

Anthropic and independent writeups highlight several technical capabilities that matter to practitioners. Mythos operates as an autonomous engineering agent, scoring 92.1% on Terminal-Bench 2.0 and demonstrating end-to-end exploit development: discovery, weaponization, testing, and exploit chaining. It outperforms prior Opus family models and competing frontier systems on long-context reasoning benchmarks such as GraphWalks BFS across 256K-1M tokens. The model has been shown to produce 181 working Firefox exploits versus Opus 4.6's 2, break cryptographic library usage patterns, and locate decades-old bugs (for example, a 17-year-old FreeBSD remote code execution: CVE-2026-4747). Anthropic's Claude Mythos Preview System Card and red.anthropic.com notes document many of these metrics and the specific behaviors that enable autonomous exploitification.

Rather than a public rollout, Anthropic created a defensive initiative, often referenced as Project Glasswing in reporting, to provide the model to a small set of custodians and vendors. Reported recipients include major cloud and security players: Amazon, Apple, Google, Microsoft, Nvidia, CrowdStrike, JPMorgan Chase, Cisco, Broadcom, Palo Alto Networks, and the Linux Foundation. Anthropic also pledged direct donations to open-source security organizations, reportedly around $4 million, and promises coordinated disclosure to affected maintainers.

This is the first major frontier model intentionally withheld because of its offensive potential at scale. The capability set here is not just improved code synthesis; it is autonomous, high-success exploit generation that collapses the barrier from knowledge to usable weapons. That changes the economics of zero-day discovery and exploit development, potentially enabling both well-resourced attackers to scale faster and low-skill actors to weaponize existing bugs. Security experts quoted in coverage called the development "Y2K-level alarming," reflecting systemic-risk implications: critical infrastructure, banking, healthcare, and supply chains rely on long-lived codebases that Mythos can target.

Software engineers, security teams, incident responders, and platform operators must assume the adversary advantage has increased. Immediate actions include accelerating dependency and patch inventories, expanding fuzzing and adversarial testing, increasing investment in reproducible build provenance, and updating incident playbooks to account for faster exploit lifecycles. Open-source maintainers and foundation stewards need prioritized disclosure channels and triage capacity.

Will coordinated disclosure accelerate fixes for the high-severity findings, and will governments require mandatory reporting or impose export-controls on exploit-capable models? Also monitor whether other labs replicate Mythos-class capabilities and how defensive coalitions scale. "AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure," said a cybersecurity executive, underscoring the near-term policy and operational choices ahead.