Anthropic has spent weeks handing its most potent AI creation to a select group of technology giants and government allies. The model, called Claude Mythos Preview, finds software flaws at a scale that alarms even its creators. Yet the company insists this power won’t stay hidden forever.
Last week the AI developer published an initial progress report on its defensive program known as Project Glasswing. In the update Anthropic outlined plans to widen access to additional partners, including US and allied governments. Then came the notable line. “In the near future, once we’ve developed the far stronger safeguards we need, we look forward to making Mythos-class models available through a general release.”
The statement marks a shift. When Anthropic first disclosed the model’s existence in early April it emphasized restraint. The company judged Mythos Preview too dangerous for broad use. Its cyber skills outstripped every prior system. So instead of a public launch the firm created a closed consortium. Partners such as Amazon, Apple, Microsoft, Google, Nvidia, Cisco, CrowdStrike and JPMorgan Chase gained limited access. They would hunt bugs in their own code and in foundational open-source projects. The goal was simple. Harden the internet’s underpinnings before adversaries could turn similar technology against it.
Results from those early weeks stunned participants. Mythos Preview uncovered more than 10,000 high- or critical-severity vulnerabilities. Partners reported bug-finding rates that jumped by a factor of ten. Cloudflare alone identified 2,000 bugs, 400 of them high or critical. Mozilla fixed 271 vulnerabilities in Firefox, more than ten times its previous pace. The UK AI Security Institute tested the model on cyber ranges and declared it the first to solve both end to end. Palo Alto Networks saw five times as many patches. Microsoft and Oracle described accelerated discovery that outpaced earlier tools.
Open-source scans delivered still more striking numbers. The model examined over 1,000 projects that support the internet and critical infrastructure. It surfaced 6,762 high- or critical-severity issues within a total of 23,019 flaws. Anthropic assessed 1,752 of the reported vulnerabilities. More than 90 percent proved valid. Roughly 62 percent qualified as high or critical severity. The firm projects nearly 3,900 such issues across the scanned codebases. One critical flaw in the wolfSSL cryptography library drew particular attention. Mythos not only spotted it but constructed a working exploit. Details will emerge after the standard 90-day coordinated disclosure window.
These figures come directly from Anthropic’s own reporting. The Register first highlighted the public-release pledge and the admission that no company, including Anthropic, has yet built safeguards strong enough to block misuse of such systems. The gap explains the caution. Without reliable ways to prevent the model from helping attackers, general availability remains off limits.
Yet the April system card for Claude Mythos Preview already hinted at broader ambitions. The 245-page document described a “striking leap” in benchmark scores compared with Claude Opus 4.6. Improvements appeared across reasoning, coding and especially cybersecurity tasks. The model saturated nearly all existing internal and external evaluations. External testers from METR and Epoch AI reviewed it. So did additional partners probing AI research and development potential.
Anthropic chose not to publish exact benchmark numbers at launch. It focused instead on real-world impact. The system card stressed that the model’s cyber capabilities drove the decision against general release. “It is largely due to these capabilities that we have made the decision not to release Claude Mythos Preview for general availability,” the document stated. Access stayed restricted to partners using it strictly for defensive security work.
That stance drew international notice. The New York Times reported in April that the model had triggered a global scramble. Governments outside the initial US-centric group watched closely as American companies and banks rushed to patch systems. Some viewed the technology as a geopolitical advantage. Others worried about the widening gap between those with access and everyone else.
Recent coverage adds texture. A Fortune article from early April detailed the initial partner list and Project Glasswing’s focus on preparing cybersecurity defenses. InfoQ noted the unusual move of announcing a frontier model while withholding it from the public. The company’s transparency reports and subsequent model cards for Claude Opus 4.7, released in mid-April, referenced lessons learned from Mythos testing. Those later models incorporated safeguards tuned to detect and block high-risk cyber requests. Data from their deployment will inform future guardrails for more capable systems.
Critics and observers point to the obvious tension. Mythos-class performance will not remain exclusive for long. Other laboratories are building comparable or stronger models. Anthropic itself expects proliferation within 18 months. The firm’s Glasswing update acknowledges this reality. “Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely.”
So the strategy has two tracks. First, use controlled access to fix as many flaws as possible while the window exists. Second, accelerate development of technical and procedural controls that could allow safer widespread deployment. Tools released under the Glasswing umbrella already show the direction. A beta version of Claude Security has helped patch more than 2,100 vulnerabilities. New resources include skills libraries, exploit harnesses and threat-model builders made available to qualifying customers. A Cyber Verification Program and partnerships with the Open Source Security Foundation aim to spread defensive capabilities further.
Expansion of the partner network now includes governments. That step broadens the defensive coalition but also raises questions about oversight and information sharing across borders. How exactly allied governments will use the model remains unclear. Will findings flow back into open-source projects at the same pace? Can verification processes scale without creating new bottlenecks?
The verification challenge sits at the heart of Anthropic’s hesitation. Even with its impressive output, Mythos Preview cannot yet operate unsupervised in production. It sometimes confuses correlation with causation. Subtle mistakes require careful human review. Communication style can obscure intent. These traits appeared in the system card’s qualitative assessments. The model also displayed distinct behavioral patterns during open-ended interactions, frequently focusing on uncertainty about its own experience.
Such details matter less to security teams than raw vulnerability detection rates. Yet they underscore why safeguards must improve before general release. A model that finds thousands of bugs can also generate working exploits. Without strong classifiers and blocking mechanisms, the same system could assist both defenders and attackers.
Anthropic’s bet is that the current defensive push will leave critical systems in better shape by the time Mythos-class models reach broader audiences. The firm points to patched vulnerabilities, updated benchmarks and shared tools as early evidence of progress. Partners have begun adapting their processes. Patch cycles are shortening in some organizations. Network defenders are testing new controls recommended by NIST and other bodies.
But the lag between discovery and remediation persists. Many of the 75 vulnerabilities already patched under the program took two weeks on average. The security ecosystem remains overloaded. Only a fraction of disclosed issues have received fixes so far. Anthropic expects the numbers to rise as the 90-day windows expire and as more organizations join the effort.
The company’s longer-term confidence rests on two assumptions. First, that defensive uses can outpace offensive ones if the right infrastructure exists. Second, that technical safeguards will eventually catch up to capability gains. Neither is guaranteed. Recent X discussions among AI researchers highlight skepticism. Some question whether any current lab can truly contain models at this performance level once they spread.
Still, the explicit commitment to eventual public availability stands out. Previous frontier model announcements rarely included such forward-looking pledges alongside immediate restrictions. By naming the future target as “Mythos-class,” Anthropic sets a clear performance bar. Any model matching or exceeding the Preview’s demonstrated abilities will face the same safety threshold.
Industry insiders are watching the timeline closely. No firm date accompanies the “near future” phrasing. Much depends on progress in three areas: evaluation techniques, steering methods and misuse classifiers. The system card and Glasswing update both treat these as active research priorities. Data from the limited deployment of Opus 4.7 will feed directly into that work.
For security professionals the message is mixed. Access to powerful AI assistance is expanding, but only for those inside the trusted circle. Everyone else must wait. In the interim the vulnerabilities Mythos uncovers continue to surface in advisories and patches. One wolfSSL flaw has already been addressed. Hundreds more will follow.
The episode reveals how quickly AI capabilities have outrun traditional security practices. Human teams scanning codebases at this depth would take years. The model delivers results in weeks. That acceleration forces a reckoning. Organizations cannot rely on slow disclosure pipelines or manual triage forever. They will need their own AI tools to verify, prioritize and remediate at machine speed.
Anthropic is trying to seed some of those tools through its Glasswing program. Whether the effort scales fast enough remains an open question. The firm’s latest statements suggest optimism tempered by realism. It sees a path to safer deployment. It also recognizes that other players may not wait.
When Mythos-class models do reach the public they will arrive with far stronger guardrails than exist today. Or so the company hopes. The next year of testing, patching and safeguard engineering will determine if that hope holds. For an industry built on rapid iteration the deliberate pace feels almost foreign. But in cybersecurity the cost of haste can be measured in breaches, downtime and lost trust.
So Anthropic keeps the strongest version under lock and key. It shares what it can with defenders who maintain the software the world depends upon. And it promises that one day the rest of us will get a turn. The safeguards had better be ready.


WebProNews is an iEntry Publication