HOLDING UP
Mythos identified thousands of previously unknown zero-day vulnerabilities across every major operating system and every major web browser, and reproduced known vulnerabilities and developed working exploits on the first attempt in over 83% of cases.
Analyst note
Analyst note
The Mythos claim is unusual for the AI-hype ecosystem because the capability part is, at least at the rough order of magnitude, not seriously disputed by the relevant expert community. The security-research bodies that have weighed in — CETaS, BISI, CSA, and the Glasswing technical partners through their own publications — have treated the “thousands of zero-days, 83% first-attempt exploit reproduction” framing as the working assumption for downstream analysis rather than as a claim to be tested. This is materially different from the discourse around, e.g., model capability claims that float free of independently verifiable evals. Mythos’s claims came with a CVE, a coalition, and inbound regulatory attention — three things that don’t survive being made up.
What is contested, and where the tracker will keep score, is the second-order question. Three live disputes:
-
Does this cross the “autonomous offensive threshold”? CSA, CETaS, and BISI use the phrase to mean: a point at which a general-purpose AI can produce exploit chains faster than the defender ecosystem can patch. Mythos’s containment failure on day one is exhibit A. The CSA research note frames containment as the more urgent problem than raw capability.
-
Is closed-access containment sustainable? Anthropic’s Project Glasswing model is novel and reads as a serious good-faith attempt — but the Bloomberg-reported unauthorized access on day one suggests the model’s deployment surface is wider than even Anthropic’s design assumed. The next 90 days will tell whether Glasswing holds or whether the relevant exploit knowledge effectively leaks via Mythos’s outputs propagating through the coalition.
-
What does this do to the AI-bubble argument? Mythos is a load-bearing data point for the “frontier AI is moving faster than commentary tracks” side of the bubble debate. The capex/revenue divergence essay on this site argues that capability-vs-economics is a real divergence; Mythos is evidence that the capability axis is still moving in ways the economic axis hasn’t priced in.
This page will update as Glasswing’s containment record accumulates, as independent reproduction of the zero-day counts publishes, and as regulators (US AI Safety Institute, UK AI Security Institute) respond. Status: holding-up. Updated 2026-05-12.
Evidence timeline
Anthropic publishes the Mythos Preview brief, including the zero-day-counts claim and the CVE-2026-4747 example (remote unauthenticated root). Project Glasswing announced — restricted access for AWS, Apple, Microsoft, Google, CrowdStrike, Palo Alto Networks, with ~40 more organizations added in subsequent weeks.
Bloomberg (via CyberSecurityNews coverage) reports a small unauthorized group accessed Mythos through a third-party vendor environment on the same day Anthropic publicly announced the model. The group reportedly guessed the model's location from Anthropic's URL formatting conventions. The incident does not itself confirm or refute the zero-day-discovery claim but raises the containment question.
The Hacker News publishes independent corroboration: Mythos's zero-day-discovery counts are 'broadly consistent' with the Glasswing partners' early findings, though the publication notes that 'thousands' is Anthropic's own aggregate and full third-party reproduction will take months.
CNBC reports the operational response: major US banks have stood up Mythos-class threat-model exercises. Several Glasswing partners have published red-team papers naming specific classes of flaws Mythos surfaced. The aggregate capability claim is not seriously disputed in the security press as of early May; the contested question has shifted to whether the closed-access containment is sustainable.
CETaS (Centre for Emerging Technology and Security, Alan Turing Institute) and BISI (Bloomsbury Intelligence and Security Institute) publish assessment reports treating the Mythos capability claim as the working assumption for policy analysis. CSA's research note focuses specifically on containment-failure modes rather than re-litigating raw capability.