Anthropic Previews Mythos, Triggers Security Debate
According to Just Security, on April 7 Anthropic previewed the frontier model Mythos and did not place it into public release, citing potent hacking capabilities. Just Security reports the company concurrently rolled out Project Glasswing, a limited release of Mythos to a select group of approximately 50 industry partners to harden cyber defenses. Per the article, Anthropic says Mythos has "already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser." The United Kingdom's AI Safety Institute told Just Security that Mythos's cyber capabilities represent a "step up" over those of other frontier models. These reported facts illustrate emerging governance tensions around powerful models that can find and exploit vulnerabilities rapidly.
What happened
According to Just Security, on April 7 Anthropic previewed the frontier model Mythos, which the article describes as having potent cyber-offensive capabilities and which the company did not place into public release. Just Security reports Anthropic simultaneously launched Project Glasswing, a limited distribution of Mythos to approximately 50 industry partners intended to harden cyber defenses. Per the article, Anthropic says Mythos has "already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser." The United Kingdom's AI Safety Institute told Just Security that Mythos's cyber capabilities represent a "step up" over those of other frontier models.
Technical details
Editorial analysis - technical context: The article frames Mythos as capable of both discovering and autonomously exploiting software vulnerabilities at speeds and scale that exceed prior frontier models. Just Security notes historically only about 5-6% of discovered vulnerabilities were actually exploited; automated exploit generation compresses the timeline between discovery and exploitation and can materially lower the skill barrier for high-end offensive operations.
Context and significance
Industry context: Reporting places Mythos and Project Glasswing in a broader governance debate about how to handle exceptionally capable models. The article cites a prior incident in which Chinese state-linked actors used Claude Code to autonomously target roughly 30 organizations, illustrating how agentic model capabilities have already altered cyber operations. Limited partner access to powerful models, as reported, raises questions about proliferation, defensive readiness across vendors, and geopolitical asymmetries.
What to watch
For practitioners and policy observers: reporting-based indicators include whether more vulnerabilities discovered by Mythos become public, the scale of partner access beyond the reported 50 organizations, uptake of defensive tooling informed by Project Glasswing, and whether regulators or national security agencies respond with new disclosure, export, or access controls. Industry observers will also track how defensive red-teaming collaborations with model providers scale and whether open disclosure practices change.
Key Points
- 1Previewed models that can find and exploit vulnerabilities compress exploit timelines, raising cyber risk across software ecosystems.
- 2Limited partner access to powerful models creates governance and geopolitical tensions around who controls advanced offensive capabilities.
- 3Defensive programs distributed to select partners are a short-term mitigation, but broader disclosure and tooling adoption will determine systemic risk.
Scoring Rationale
A frontier model reported to autonomously find and exploit high-severity vulnerabilities is highly relevant to security-conscious ML practitioners and defenders. The limited-preview distribution and prior incidents cited in reporting make this a notable story for threat modeling, red teaming, and policy monitoring.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

