“Claude Mythos doesn’t just find vulnerabilities - it exploits them”
Anthropic restricts access to its most powerful AI model to around 40 companies, including Apple, Google, Microsoft, Amazon, Nvidia, Palo Alto Networks and CrowdStrike, as part of a $100 million cybersecurity initiative aimed at using the system to detect and patch critical software flaws before similar capabilities spread more widely across the ecosystem.
Anthropic announced a powerful new AI model this week - Claude Mythos Preview. According to the company, the model is too powerful to be released to the general public. At this stage, only a small group of about 40 companies will receive access as part of a new cybersecurity initiative called “Project Glasswing.”
Among the selected companies are Apple, Google, Microsoft, Nvidia, Amazon, Palo Alto Networks, and CrowdStrike. These companies will use the model to identify and fix security vulnerabilities in critical software. Anthropic has committed up to $100 million in cloud credits to support the initiative.
“We’ve been tracking the increasing cyber capabilities of AI models for years, which arise as part of their general proficiency at coding. But our new model, Mythos Preview, represents a particularly large step up,” wrote Anthropic co-founder and CEO Dario Amodei in a post on X.
The goal of granting access to a select group of companies is to enable them to address vulnerabilities “Rather than release Mythos Preview to general availability, we’re giving defenders early controlled access in order to find and patch vulnerabilities before Mythos-class models proliferate across the ecosystem,” Amodei added.
“Cyber is the first clear and present danger from frontier AI models, but it won’t be the last. If we are able to collectively rise to the challenge and confront this risk, it could serve as a blueprint for addressing the even more difficult challenges that lie ahead of us.”
Anthropic has released few technical details about the model, which was codenamed “Capybara” during development. However, after information was accidentally leaked last month, the company acknowledged that it views the model as a “fundamental shift” in AI capabilities, particularly in coding and cybersecurity research.
During several weeks of internal testing, Mythos identified thousands of zero-day vulnerabilities, security flaws previously unknown to developers. In one case, the system uncovered a 27-year-old vulnerability in OpenBSD, an operating system widely regarded as one of the most secure and commonly used in firewalls and critical infrastructure. The flaw allowed remote attackers to crash a machine simply by connecting to it.
In another case, the model discovered a 16-year-old vulnerability in FFmpeg, a widely used video processing library. Automated testing tools had reportedly reached the same line of code millions of times without detecting the issue.
The model also demonstrated strong performance across benchmarks. In the SWE-bench Verified test, which measures the ability to fix real-world coding bugs, Mythos scored 93.9%, compared to 80.8% for Anthropic’s previous flagship model, Claude Opus 4.6. In the USAMO mathematics benchmark, Mythos scored 97.6%, versus 42.3% for Opus 4.6. In the CyberGym cybersecurity benchmark, Mythos achieved 83.1%, compared to 67% for Opus 4.6.
Earlier this week, Anthropic said its annual revenue could more than triple by 2026, from $9 billion to $30 billion, driven in part by demand for its coding-focused products. The Information has reported that the company is preparing for a potential IPO later this year at a valuation exceeding $60 billion.
Anthropic’s decision not to release the model publicly raises questions about whether the move is driven purely by safety concerns or also by strategic positioning ahead of a potential IPO.
Omar Nevo, co-founder and CTO of AI security company Irregular, argues that the restriction is justified. “Today, only a handful of entities in the world can identify vulnerabilities in the most secure systems. These weaknesses can cause enormous damage to both infrastructure and individuals,” he said.
“If access to such capabilities expands, smaller actors could potentially exploit them, to steal data, attack infrastructure, or disrupt critical services. The potential damage could be significant.”
Nevo added that while many companies have previously demonstrated AI capabilities in cybersecurity, most have had limited real-world impact. “In many cases, the results involved vulnerabilities that are difficult to exploit, or scenarios that were partially staged,” he said.
“What Anthropic is describing appears fundamentally different. The model not only identifies vulnerabilities, but can also exploit them automatically in some of the world’s most critical systems. It doesn’t just point out problems in code - it can carry them through to real-world impact.”
