Claude Mythos Preview
Anthropic's restricted-access April-2026 model that found thousands of zero-days
Shipped by Anthropic · · class: frontier-llm
In April 2026 Anthropic unveiled Claude Mythos Preview — a general-purpose frontier model (not security-specific by design) that demonstrated unusually strong cybersecurity capabilities during pre-release testing. In Anthropic’s own evaluations, Mythos identified thousands of previously unknown zero-day vulnerabilities across every major operating system and major web browser, including flaws that had survived decades of human security review. In over 83% of tested cases, Mythos reproduced known vulnerabilities and developed working exploits on its first attempt. One example — disclosed as CVE-2026-4747 — gives a remote unauthenticated attacker complete server control.
Anthropic judged public release irresponsible and instead formed Project Glasswing, a restricted-access coalition initially including AWS, Apple, Microsoft, Google, CrowdStrike, and Palo Alto Networks, with access later extended to ~40 additional organizations. On the same day the model was publicly announced, Bloomberg reported (April 21) that a small unauthorized group gained access through a third-party vendor environment, having guessed the model’s location from familiarity with Anthropic’s URL formatting conventions.
What’s being observed: a rapidly expanding discourse on whether Mythos crosses what researchers call the autonomous offensive threshold — the point at which a general-purpose AI system, with no specialized tooling, can produce exploit chains faster than the defender ecosystem can patch. Mainstream press (CNBC, The Hacker News) and security-research bodies (CSA, BISI, CETaS, Dynatrace, ArmorCode) have published assessments through April–May 2026. The CETaS and BISI pieces lean toward “this changes the cyber economic equation”; the CNBC reporting documents the operational response across financial institutions; the CSA research note frames containment failures as the more immediate problem than the model’s raw capability.