Anthropic held back its latest model for a reason. Claude Mythos Preview demonstrated such sharp offensive cyber skills that company executives decided against a broad release. Instead they launched Project Glasswing. The effort funnels the model’s power to a select group of technology giants and open-source stewards. Their task? Hunt down and repair the very weaknesses the AI uncovers.
Yet the model keeps getting better. UK researchers who put the newest version through its paces reported clear gains. It doesn’t just spot bugs. It chains attacks across complex networks in ways that leave previous systems far behind. The improvements arrive at a moment when software everywhere carries scars from years of overlooked code.
Two years ago frontier models struggled with beginner tasks. The UK AI Security Institute tracked the shift. Now Mythos Preview executes multi-stage assaults on vulnerable setups. It finds and exploits flaws that would occupy human professionals for days. The institute ran controlled tests. Models received explicit instructions and network access. Results showed steady progress. But the latest version stands apart.
On expert-level capture-the-flag challenges that no model could solve before April 2025, Mythos Preview succeeds 73 percent of the time. It tackled “The Last Ones,” a 32-step corporate network simulation designed to mimic real enterprise breaches. Human experts might need 20 hours. The AI completed the full sequence in three out of ten runs. Across attempts it averaged 22 steps. Earlier models such as Claude Opus 4.6 managed only 16 on average. Progress scales with more computing tokens. The gap widens.
Anthropic itself documented striking examples. The model located a 27-year-old vulnerability in OpenBSD, a hardened operating system trusted for firewalls and critical infrastructure. One crafted prompt led to a remote crash via signed integer overflow. Cost? Under $50 for that specific discovery. It uncovered a 16-year-old flaw in FFmpeg’s video codec missed by millions of automated tests and years of human scrutiny. And it autonomously exploited a 17-year-old remote code execution bug in FreeBSD’s NFS server. No hand-holding required. The AI built a ROP chain split across packets to gain root access.
But the real weight comes from scale. Anthropic says Mythos Preview identified thousands of high-severity zero-days across every major operating system and web browser. Many survived decades of review. The company patched a subset and shared details responsibly through its Project Glasswing announcement. Partners including Amazon, Apple, Microsoft, Google, Cisco, CrowdStrike, NVIDIA, JPMorgan Chase and the Linux Foundation now wield the model defensively. They scan their own codebases and critical open-source projects. Anthropic committed up to $100 million in usage credits plus millions more to foundations that maintain key software.
Executives from those partners voiced shared alarm mixed with determination. “AI capabilities have crossed a threshold that fundamentally changes the urgency,” said Anthony Grieco of Cisco. Amy Herzog at AWS noted her team had already strengthened code with early tests. Igor Tsyganskiy from Microsoft highlighted substantial improvements in security outcomes. Elia Zaitsev of CrowdStrike warned that the window between discovery and exploitation has collapsed. Everyone must move faster together.
The model didn’t receive special training for these tasks. Its creators emphasize the abilities emerged from broad advances in coding, reasoning and autonomous operation. Engineers without formal security backgrounds prompted it overnight and returned to working exploits by morning. One red-team report put it plainly. Mythos Preview can identify and exploit zero-day vulnerabilities in every major operating system and web browser. It writes exploits in hours that veteran penetration testers said would take weeks.
Yet questions linger about real-world impact. UK evaluators stressed their simulations lacked active defenders, intrusion detection or rapid response teams. Mythos Preview aced attacks on weakly defended networks. Performance against hardened enterprise environments with monitoring remains unproven. The institute plans tougher tests ahead. Future evaluations will incorporate live opposition and endpoint protections. Still, the direction is unmistakable. More models with similar power will appear.
Recent developments add urgency. In the weeks since the April announcement, banks and financial institutions have rushed patches for flaws the AI flagged. European regulators, including the European Central Bank, now press lenders to ready themselves for AI-assisted attacks. French startup Mistral AI reportedly holds talks with European banks about its own cybersecurity model. The goal is a sovereign alternative less dependent on U.S. technology. Meanwhile a senior Pentagon official struck a measured tone, pointing to frontier AI’s potential upside for defense even as alarms sound.
Anthropic isn’t alone in sensing the shift. The company plans safeguards to block dangerous outputs. It intends to bundle them with an upcoming Claude Opus release. Pricing for later access to Mythos-class capabilities sits at $25 to $125 per million tokens through major cloud providers. For now the focus stays narrow. Only trusted partners and open-source maintainers gain entry. The company promises a public report within 90 days detailing fixed bugs, lessons learned and recommended practices for disclosure, patching and secure design.
Critics wonder whether the “thousands of zero-days” claim holds up under scrutiny. Some point out that while the model generated many reports, human validation covered only a fraction. Anthropic counters with benchmarks. On its internal CyberGym suite, Mythos Preview scored 83.1 percent compared with 66.6 percent for the prior Opus version. It also posted record results on software engineering tests such as SWE-bench variants. The numbers suggest genuine leaps in code understanding that translate directly to vulnerability hunting.
So what does this mean for the industry? Defenders suddenly possess a force multiplier. The same technology that could arm novice attackers also lets security teams audit legacy systems at machine speed. Banks facing patching surges now confront an HR problem as much as a technical one. IT teams risk burnout. Organizations without access may fall behind those that can deploy these tools.
Anthropic’s decision to withhold public access buys time. But it doesn’t stop the clock. Other labs advance similar capabilities. The UK institute’s independent verification lent credibility to the warnings. Its evaluators called Mythos Preview a step up in a field already moving fast. And the newest version, according to those familiar with the tests, pushes the boundary further. Hackers with modest resources could soon wield capabilities once reserved for nation-states.
The glasswing butterfly, for which the project is named, has transparent wings that hide it from predators. Software vulnerabilities have operated the same way for years. Opaque codebases concealed flaws in plain sight. Mythos strips away that camouflage. The question now isn’t whether AI will transform cybersecurity. It’s whether defenders can mobilize fast enough to stay ahead of those who would turn the same power against them.
Recent coverage from BBC News detailed Anthropic’s investigation into claims of unauthorized access to the model via a third-party vendor. The incident underscores the model’s perceived sensitivity. Separately, analysts at CNN noted how the discovery rate outpaces human researchers. They quoted security executive Gadi Evron observing that defenders still lack equivalent acceleration compared with attackers.
Even as debate continues over precise numbers and real-world readiness, one fact stands clear. The barrier between idea and exploit has dropped. Models like Mythos don’t wait for perfect prompts. They hypothesize, test, debug and deliver. That changes calculations for every chief information security officer, regulator and software maintainer. The era of AI-driven vulnerability discovery isn’t approaching. It has arrived.
WebProNews is an iEntry Publication