Anthropic’s latest AI model, Mythos, promises to upend software security. It spots vulnerabilities faster than most humans. But skeptics call it overhyped. Reality sits somewhere in between, as tests on Firefox and warnings from Swiss regulators reveal.
On April 7, 2026, Anthropic unveiled Project Glasswing, a consortium including Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, NVIDIA, and Palo Alto Networks. The goal? Use Mythos Preview to hunt flaws in critical software before attackers do. Anthropic committed $100 million in credits for partners to scan their codebases. ‘Project Glasswing partners will receive access to Claude Mythos Preview to find and fix vulnerabilities,’ the company stated on its site.
Mythos excels at reading code and reasoning about flaws. Mozilla put it to work on Firefox 150. The result: 271 vulnerabilities uncovered in one pass. Firefox CTO Bobby Holley called it a ‘watershed moment.’ ‘Mythos Preview is every bit as capable’ as top researchers, he wrote in a Mozilla blog post. None exceeded elite human skills. Still, the sheer volume overwhelmed. ‘For a hardened target, just one such bug would have been red-alert in 2025,’ Holley noted. Firefox 150 patched them all.
Earlier, Claude Opus 4.6 found just 22 bugs in Firefox 148 across 6,000 files. Mythos scaled that by twelvefold. Holley sees defenders gaining ground. ‘Computers were completely incapable of doing this a few months ago, and now they excel at it.’ Modular code like Firefox’s has finite defects. AI closes the gap between machine and human detection.
But The Register isn’t buying the hype. In an April 27 opinion piece, ‘Anthropic’s magic code-sniffer: More Swiss cheese than cheddar, for now,’ the outlet dubbed Mythos a tool that automates known vuln classes. ‘It is very good at finding classes of vulnerability that humans know about, while not finding ones that they don’t. Training, amirite?’ Project Glasswing limits access responsibly. Yet other models handle similar tasks.
Reality checks mounted. A separate Register article detailed Mozilla’s take: no novel categories beyond humans. Hype around ‘thousands’ of zero-days fizzled. VulnCheck’s Patrick Garrity pegged confirmed CVEs at maybe 40—or zero. Analyst Devansh called it ‘one of misinformation and hype.’ Snehal Antani of Horizon3.ai put it bluntly: ‘The adversary doesn’t need Mythos to hack you.’ Unauthorized access hit via a vendor breach, not model flaws.
Regulators took notice. Switzerland’s FINMA warned on April 24 that broad Mythos access spells systemic risk for banks. ‘The uncontrolled and immediate availability of AI models such as Mythos would be classified as a systemic risk,’ a spokesperson told Swissinfo.ch. Cyberattacks could exploit unknown zero-days en masse. FINMA urges banks to adapt risk management amid AI threats.
And the aviation analogy fits. Early jets crashed from design flaws. Rules evolved. Crashes now trace to human error or external factors—like birds or bad fuel. The Register drew parallels: code will harden pre-deployment. ‘The Swiss cheese model of failure works less and less well the more the cheese tends to cheddar.’ Chains of vulns break with one patch.
Anthropic powers ahead. Claude Opus 4.7 launched April 16 with coding gains. Claude Code faced drama—a source leak in March exposed 512,000 lines via npm, per TechCrunch. Takedowns followed on GitHub. Pro plan tests yanked it temporarily.
Mythos shifts the balance. Defenders get tireless scanners. Attackers will too, eventually. Holley predicts: ‘We are entering a world where we can finally find them all.’ But humans stay key. Aviation proves it—pilots err. Coders will too.
Project Glasswing buys time. Partners patch quietly. Unauthorized leaks underscore supply-chain risks. FINMA’s caution echoes broader fears: AI accelerates offense and defense alike.
So where next? Tools evolve with code design. New code ships cleaner. Legacy stacks lag—like old jets in modern skies. No FAA grounds them. Enterprises patch slowly.
Mythos isn’t mythical. It’s methodical. Expert humans guide it best. Scale matters. 271 Firefox bugs in days? That’s cheddar, not just holes.


WebProNews is an iEntry Publication