BT explainer: Anthropic’s Claude Mythos preview is here to reshape cybersecurity—here’s how

Anthropic, the Claude AI maker, has just released a preview version of an AI model, which is capable of finding and exploiting software vulnerabilities. To make the model run securely, the company has not released the model to the general public.

The new AI model is being called Claude Mythos, which is said to bring a "step change" in reasoning, coding, and autonomous planning. Unlike the standard new generation updates, the Claude 4 family, Mythos, is being rolled out to bring advanced proficiency in cybersecurity.

The Claude Mythos is being named after the Ancient Greek word for the system of stories through which civilisations made sense of the world. Here’s everything you need to know about the AI model.

Why is Claude Mythos different?

Anthropic claims that Claude Mythos is its most powerful model to date. While previous models like Claude 3.5 or Opus 4.6 have already showcased their power as helpful assistants, Mythos functions as an autonomous security researcher. In real-world use cases, the model has already cracked major vulnerabilities across major operating systems and every major web browser.

According to Anthropic’s blog post, Mythos Preview has already identified thousands of unknown zero-day vulnerabilities and security flaws that software developers themselves had no knowledge of. 

Among them was a 27-year-old flaw in OpenBSD, one of the most security-hardened operating systems in the world. This flaw could allow attackers to remotely crash any machine. It found a 16-year-old bug in FFmpeg video software, which was hidden inside a line of code.

Lastly, it also autonomously chained together multiple vulnerabilities in the Linux kernel to escalate a regular user's access to complete machine control. In addition, it achieved a 94% score on the SWE-benchmark testing. It also scored scored 83.1%, compared to 66.6% for Claude Opus 4.6

Claude Mythos for Project Glasswing

Due to Claude Mythos’s capabilities, the model could be utilised for cyber warfare, for which Anthropic has launched Project Glasswing. This is a new cybersecurity program, and it comes with restricted access to a "gated preview" for only about 40 organisations, including:

Tech Giants: Google, Microsoft, Amazon (via AWS Bedrock), and Apple.

Security Leaders: CrowdStrike, Palo Alto Networks, and Cisco.

Fin-tech companies: Goldman Sachs and JPMorgan Chase are already testing the model to predict attack paths before they happen.

"The same improvements that make the model effective at patching vulnerabilities also make it effective at exploiting them," Anthropic stated. Anthropic is offering up to $100 million in usage credits and a $4 million direct donation to open-source security organisations.

Why general public not access Mythos?

As of now, Mythos Preview has not been made available to the general public. Reportedly, the model is too powerful to release without safeguards. Anthropic is said to develop and test new cybersecurity guardrails and may release them via the upcoming Claude Opus model first before making Mythos capabilities available at scale.

Therefore, the Mythos model comes with a broader motive, and to protect software systems across industries. The AI model will help companies find flaws and vulnerabilities before someone else does. This way, companies can build safer guardrails, making their restricted rollout more useful.