The AI Model That Changed the Conversation

On April 7, 2026, Anthropic did something no major AI lab had done before: it announced a frontier model and simultaneously explained why the public would never get direct access to it.

Claude Mythos Preview is a new general-purpose language model that performs strongly across the board — but it is strikingly capable at computer security tasks. So capable, in fact, that Anthropic said that Claude Mythos was literally too powerful to release. Without any direction from Anthropic's engineers, Mythos had independently developed a "next generation" capability for offensive cyberattacks that can infiltrate previously impenetrable software infrastructure around the world and find its hidden weaknesses.

This is not a hypothetical risk or a carefully staged benchmark result. Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. The model found these vulnerabilities largely on its own, without human steering, in software that had survived decades of expert review and millions of automated tests.

The announcement landed like a tremor across the security industry, Silicon Valley, and government circles simultaneously. Within days it had drawn responses from the White House, the Council on Foreign Relations, and every major cloud provider.

The story of Claude Mythos actually begins not with a launch event, but with an accidental disclosure.

Claude Mythos (codenamed Capybara) was first exposed through a March 2026 CMS misconfiguration, officially released as Mythos Preview on April 8, 2026. Security researchers Roy Paz from LayerX Security and Alexandre Pauwels from the University of Cambridge discovered that Anthropic's content management system had left roughly 3,000 internal documents in a publicly accessible data store — including an unpublished draft blog post announcing the model.

A draft blog post that was available in an unsecured and publicly searchable data store said the new model is called Claude Mythos and that the company believes it poses unprecedented cybersecurity risks. The same cache revealed details of a planned invite-only CEO summit in Europe and internal model specifications describing capabilities that went substantially beyond anything publicly announced.

An Anthropic spokesperson said the new model represents "a step change" in AI performance and is "the most capable we've built to date." After Fortune, CNBC, and other major outlets published their reporting based on the leaked documents, Anthropic moved up its announcement timeline and officially unveiled Mythos Preview alongside Project Glasswing on April 7.

Understanding why Mythos is different requires a brief detour into what vulnerability research actually looks like — and how dramatically AI has changed it.

For decades, finding serious security flaws in software required a rare combination of skills: deep knowledge of specific programming languages, understanding of hardware architecture, familiarity with how operating systems manage memory, and the creative intuition to see how multiple small flaws could be chained together into a single devastating exploit. This expertise was held by a small number of people worldwide, which acted as a natural throttle on how fast vulnerabilities could be discovered and exploited.

Many flaws in software go unnoticed for years because finding and exploiting them has required expertise held by only a few skilled security experts. With the latest frontier AI models, the cost, effort, and level of expertise required to find and exploit software vulnerabilities have all dropped dramatically.

Claude Mythos Preview demonstrates a leap in these cyber skills — the vulnerabilities it has spotted have in some cases survived decades of human review and millions of automated security tests, and the exploits it develops are increasingly sophisticated.

On Anthropic's own security benchmark, CyberGym, which tests the ability to reproduce known cybersecurity vulnerabilities, Mythos Preview scored 83.1% compared to Claude Opus 4.6's 66.6% — a gap that represents a qualitative, not merely quantitative, difference in what is possible.

What makes the model particularly significant is autonomy. It was able to identify nearly all of these vulnerabilities — and develop many related exploits — entirely autonomously, without any human steering. This is not a tool that assists a human researcher. It is a system that conducts its own research program, forms its own hypotheses, and validates them.

Anthropic published technical details for a subset of the vulnerabilities Mythos found that have already been patched. Three examples in particular captured widespread attention:

The 27-Year-Old OpenBSD Flaw

Mythos Preview found a 27-year-old vulnerability in OpenBSD — which has a reputation as one of the most security-hardened operating systems in the world and is used to run firewalls and other critical infrastructure. The vulnerability allowed an attacker to remotely crash any machine running the operating system just by connecting to it.

OpenBSD is used specifically because of its security record. It is the OS that organizations deploy when ordinary security is not enough. A remotely exploitable crash vulnerability in OpenBSD, surviving for 27 years, represents a failure of every prior method of security auditing applied to that codebase.

The FFmpeg Bug That Survived Five Million Tests

Mythos discovered a 16-year-old vulnerability in FFmpeg — which is used by innumerable pieces of software to encode and decode video — in a line of code that automated testing tools had hit five million times without ever catching the problem.

FFmpeg is embedded in virtually every video platform, streaming service, browser, and media application in existence. The vulnerability had not been found by five million automated test runs because automated tools test for known patterns. Mythos found it by reasoning about the code semantically — understanding what it was trying to do, and identifying the gap between intent and implementation.

The Linux Kernel Privilege Escalation

The model autonomously found and chained together several vulnerabilities in the Linux kernel — the software that runs most of the world's servers — to allow an attacker to escalate from ordinary user access to complete control of the machine.

Chaining vulnerabilities — finding multiple small flaws and combining them into a single attack path — is considered advanced work even by elite human researchers. Mythos did it autonomously on the kernel that underpins the majority of the world's server infrastructure.

All three vulnerabilities have since been patched. For the thousands of others Mythos found, Anthropic is publishing cryptographic hashes of the details now and will release specifics once patches are in place.

Rather than sitting on these capabilities or releasing the model publicly, Anthropic chose a third path: a coordinated, industry-wide defense effort named Project Glasswing.

Today we're announcing Project Glasswing, a new initiative that brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world's most critical software.

The initiative has three concrete components:

Access for defenders. As part of Project Glasswing, the launch partners listed above will use Mythos Preview as part of their defensive security work. Anthropic has also extended access to a group of over 40 additional organizations that build or maintain critical software infrastructure so they can use the model to scan and secure both first-party and open-source systems.

Financial commitment. Anthropic is committing up to $100M in usage credits for Mythos Preview across these efforts, as well as $4M in direct donations to open-source security organizations.

Shared learning. Anthropic commits to sharing what it learns across the initiative so the whole industry benefits from each organization's findings — not just the individual participant.

Claude Mythos Preview, Anthropic's newest and most powerful model, is now available in Private Preview to a select group of Google Cloud customers, as part of Project Glasswing. Similarly, Microsoft has joined as a partner, with teams using Mythos Preview to identify and mitigate vulnerabilities in Microsoft's own software.

The name "Glasswing" is a reference to the glasswing butterfly — nearly invisible wings that are nonetheless structurally strong. The metaphor points to the project's goal: infrastructure that is resilient precisely because its weaknesses have been found and addressed, even though those weaknesses were invisible to prior inspection methods.

The performance gap between Mythos Preview and the previous generation of models is stark across multiple dimensions:

This includes systems that "are 10 or 20 years old, with the oldest we have found so far being a now patched 27-year-old" operating system known for its security reliability. In one example Mythos found a flaw in a line of code that had been tested five million times without detection. The company said it found thousands of zero days in its tests — 99 percent of which remained undefended at the time of their April 7 press release.

That last figure is the one that concentrates minds: at the time of announcement, 99% of the zero-days Mythos had found were still live in production software around the world.

Mythos Preview operates under a deliberately restricted access model that is unlike anything the AI industry has deployed before.

Access is limited to:

• The 12 founding partners of Project Glasswing (AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic itself)
• Over 40 additional organizations selected for their role in maintaining critical software infrastructure
• A small number of Google Cloud enterprise customers via Vertex AI under the Project Glasswing framework

Anthropic does not plan to make Claude Mythos Preview generally available, but the company has said its goal is to learn how it could eventually deploy Mythos-class models at scale.

The model is not available via the Claude API, on claude.ai, or through any standard commercial channel. Dario Amodei, Anthropic's CEO, has been meeting with the White House to brief government officials on the model's capabilities and the Project Glasswing initiative.

On April 16, 2026 — nine days after the Mythos announcement — Anthropic released a different model for the public: Claude Opus 4.7.

Anthropic announced a new artificial intelligence model, Claude Opus 4.7, which the company said is an improvement over past models but is "less broadly capable" than its most recent offering, Claude Mythos Preview.

Claude Opus 4.7 is better at software engineering, following instructions, completing real-world work and is its most powerful generally available model. But the model's cyber capabilities are not as advanced as Claude Mythos Preview.

The launch of Claude Opus 4.7 on Thursday comes after Anthropic launched Claude Opus 4.6 in February. Anthropic said the new model outperforms Claude Opus 4.6 across many use cases, including industry benchmarks for agentic coding and multidisciplinary tasks.

Opus 4.7 is the model general users and API customers get access to. It is a deliberate architectural separation: the most capable version of Claude exists in a controlled, defense-oriented deployment, while a highly capable but less dangerous version is available through normal channels. This two-track strategy may define how the industry handles capability thresholds going forward.

The deeper significance of Mythos and Project Glasswing extends well beyond a single model release. It represents a public acknowledgment — the first of its kind from a frontier lab — that AI capabilities have crossed a threshold where the offense/defense balance in cybersecurity has fundamentally shifted.

The software that all of us rely on every day — responsible for running banking systems, storing medical records, linking up logistics networks, keeping power grids functioning, and much more — has always contained bugs. Many are minor, but some are serious security flaws that, if discovered, could allow cyberattackers to hijack systems, disrupt operations, or steal data.

The historical assumption was that finding these flaws required rare human expertise, which kept the rate of discovery manageable. AI models like Mythos Preview eliminate that assumption entirely.

Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout — for economies, public safety, and national security — could be severe.

AI giant Anthropic confirmed that the moment Bengio feared had arrived via its latest model, Claude Mythos. In rather dramatic fashion, the company said that Claude Mythos was literally too powerful to release. Yoshua Bengio, the Turing Award-winning AI scientist and longtime advocate for AI safety, had warned of exactly this scenario: a model whose offensive capabilities outpace the world's ability to defend against them.

The Council on Foreign Relations called Mythos "an inflection point for AI and global security." The editorial framing points to something real: for the first time, the leading AI safety lab in the world has publicly said that one of its own models is too dangerous to release while simultaneously launching an industry coalition to use that model responsibly. This is either the responsible deployment of frontier AI capabilities, or it is evidence that the AI industry has already produced tools it cannot fully control — and the answer may be both.

If you build software — any software — the Glasswing announcement has direct implications for your work:

Open-source maintainers are a priority target. The Project Glasswing initiative specifically names open-source software infrastructure as a focus area. If you maintain a library or tool used in critical systems, Anthropic has committed resources to scanning and disclosing vulnerabilities in that code.

Security auditing standards are about to change. The fact that Mythos found a 16-year-old FFmpeg flaw that survived five million automated tests means that conventional fuzzing and static analysis are no longer sufficient proof of safety. Expect security standards and compliance frameworks to evolve to require AI-assisted auditing.

The patch cycle will accelerate. As defenders gain access to Mythos-class scanning capabilities, the rate of vulnerability disclosure will increase. Development teams should expect a higher volume of security patches from upstream dependencies over the next 12–24 months.

Offensive capabilities will democratize. Project Glasswing is a starting point. No one organization can solve these cybersecurity problems alone: frontier AI developers, other software companies, security researchers, open-source maintainers, and governments across the world all have essential roles to play. The work of defending the world's cyber infrastructure might take years; frontier AI capabilities are likely to advance substantially over just the next few months.

The race is not between AI and human security researchers. It is between AI-empowered defenders and AI-empowered attackers — and the outcome of that race will be shaped by decisions being made in 2026.

[1] Anthropic. (2026, April 7). Project Glasswing: Securing critical software for the AI era. https://www.anthropic.com/glasswing

[2] Anthropic Red Team. (2026, April 7). Claude Mythos Preview — Technical Details. https://red.anthropic.com/2026/mythos-preview/

[3] Google Cloud. (2026, April 7). Claude Mythos Preview on Vertex AI. Google Cloud Blog. https://cloud.google.com/blog/products/ai-machine-learning/claude-mythos-preview-on-vertex-ai

[4] Goldstein, G. M. (2026, April 15). Six Reasons Claude Mythos Is an Inflection Point for AI — and Global Security. Council on Foreign Relations. https://www.cfr.org/articles/six-reasons-claude-mythos-is-an-inflection-point-for-ai-and-global-security

[5] CNBC. (2026, April 16). Anthropic rolls out Claude Opus 4.7, an AI model that is less risky than Mythos. https://www.cnbc.com/2026/04/16/anthropic-claude-opus-4-7-model-mythos.html

[6] Fortune. (2026, March 26). Exclusive: Anthropic 'Mythos' AI model representing 'step change' in capabilities. https://fortune.com/2026/03/26/anthropic-says-testing-mythos-powerful-new-ai-model

[7] Humai Blog. (2026, April 14). AI News & Trends April 2026: Complete Monthly Digest. https://www.humai.blog/ai-news-trends-april-2026-complete-monthly-digest/

[8] DARPA. (2016). Cyber Grand Challenge — Final Event Results. https://www.darpa.mil/research/programs/cyber-grand-challenge

[9] Governance.ai. Estimating Global Yearly Cybercrime Damage Costs. https://www.governance.ai/research-paper/estimating-global-yearly-cybercrime-damage-costs