Coinbase and Binance Seek Access to Mythos

Coinbase and Binance are actively seeking access to Anthropic's new cybersecurity-oriented model, Mythos, as major crypto custodians prepare for an acceleration in AI-driven vulnerability discovery and exploitation. Anthropic is gating the model through Project Glasswing, which includes early partners such as AWS, Apple, Google, Microsoft, Nvidia, and Palo Alto Networks. Industry tests with Opus 4.6 reportedly uncovered 500+ previously unknown high-severity flaws, raising alarms about the speed and scale at which Claude Mythos Preview could both defend and weaponize software flaws.

Claude Mythos Preview is described as a frontier model optimized for offensive and defensive cyber tasks, capable of autonomously finding and exploiting complex zero-day vulnerabilities across major operating systems and web browsers. Anthropic has not publicly released model architecture or parameter counts; access is limited to vetted partners under Project Glasswing. Previous models in this family, such as Opus 4.6, demonstrated automated vulnerability discovery without bespoke toolchains, suggesting Mythos combines high-capability static and dynamic analysis primitives with code-generation and exploit synthesis. Project Glasswing partners reportedly include:

• •Amazon Web Services (AWS)
• •Apple
• •Google
• •Microsoft
• •Nvidia
• •Palo Alto Networks

The practical takeaway for practitioners is that AI is crossing from vulnerability-assistance to autonomous exploit generation at scale. Security tooling has used automation and fuzzing for years, but Mythos signals a qualitative shift where large models can link discovery, exploit synthesis, and even targeted payload creation with minimal human scaffolding. For crypto exchanges and custodians this is acute: the attack surface includes trading engines, custody key management, API endpoints, and user data stores. Coinbase's publicized engagement follows its 2025 insider breach and underscores why exchanges want early access to identify and patch critical issues before adversaries do. At the same time, Anthropic's decision to restrict broad release and channel access through a curated partnership set reflects a new governance pattern for high-risk capabilities: selective distribution, stakeholder coordination, and coordinated disclosure to vendors and platform owners.

Practitioners should expect accelerated discovery of both legacy and novel vulnerabilities. Engineers need to prioritize measurable mitigation steps: expanded attack-surface inventories, threat modeling for AI-augmented offensive techniques, automated patching pipelines, hardened secrets management, and broader use of runtime monitoring and EDR. Organizations that obtain controlled access will gain defensive value from model-driven red teaming, but they must also invest in operational controls around model outputs, validation, and safe integration into CI/CD.

Whether Anthropic expands access beyond Project Glasswing, how vendors standardize secure-testing workflows, and regulatory responses to models that materially lower the cost of exploit creation. Exchanges seeking access signal a pragmatic approach: use the capability defensively while lobbying for strict governance to limit misuse.

Bottom line: Claude Mythos Preview represents a new inflection in automated vulnerability capability, prompting custodians to seek partnership access for defensive hardening even as its existence raises acute operational and policy questions about safe deployment and distribution.