Multicloud.is
Opining on the multicloud ecosystem
RD Logo     MVP Logo
Claude Mythos and the Cybersecurity Reckoning

Claude Mythos and the Cybersecurity Reckoning

5 mins read
Tags # AI # Anthropic # Cybersecurity

Claude Mythos and the Cybersecurity Reckoning

There’s a new AI model that Anthropic says is more capable than anything they’ve built before. It sits above Opus in their model hierarchy - a whole new tier called Mythos. And you can’t use it.

That’s not an accident. Anthropic has made a deliberate decision not to release Claude Mythos publicly. Their reason: the model is so capable at finding and exploiting software vulnerabilities that giving it general availability would be irresponsible. Let that land for a second.

What Mythos Can Do

The numbers from Anthropic’s technical report are striking. Compared to Opus 4.6:

  • SWE-Bench Verified: 80.8% → 93.9% (+13 points)
  • SWE-Bench Pro: 53.4% → 77.8% (+24 points)
  • USAMO (math olympiad): 42.3% → 97.6% (+55 points)
  • Humanity’s Last Exam: +17 points, without tools

Across the board benchmark jumps that would normally be enough to generate a wave of launch blog posts and product announcements. But the cybersecurity findings are what forced Anthropic’s hand.

During internal testing over the past month, Mythos Preview autonomously identified thousands of previously unknown zero-day vulnerabilities. Not across a handful of niche codebases - across every major operating system (Linux, Windows, FreeBSD, OpenBSD) and every major web browser. The oldest vulnerability it found was a 27-year-old bug in OpenBSD - a system with a reputation for security that borders on paranoid.

The exploits it generates aren’t simple either. In one documented case, Mythos wrote a browser exploit that chained four separate vulnerabilities together, executing a JIT heap spray that escaped both the renderer and OS sandboxes. It autonomously constructed privilege escalation exploits on Linux via subtle race conditions and KASLR bypasses. It wrote a remote code execution exploit against FreeBSD’s NFS server using a 20-gadget ROP chain split across multiple packets - granting unauthenticated root access.

This isn’t theoretical AI capability. This is a model that, when pointed at real production software, finds real exploits faster than most human security researchers. Over 99% of the vulnerabilities found remain unpatched, which is why Anthropic is saying very little about specifics right now.

Project Glasswing

Rather than a general release, Anthropic launched Project Glasswing - a controlled consortium of more than 40 organisations with access to Mythos Preview exclusively for defensive security work. The initial partners include Apple, Google, Microsoft, Nvidia, Amazon Web Services, CrowdStrike, Palo Alto Networks, Cisco, JPMorgan, and the Linux Foundation.

The idea is to use Mythos to find and patch vulnerabilities before attackers can discover and weaponise them. Anthropic is backing this with $100 million in usage credits for the initiative and $4 million in direct donations to open-source security projects.

Dario Amodei framed it bluntly: “The dangers of getting this wrong are obvious, but if we get it right, there is a real opportunity to create a fundamentally more secure internet and world than we had before the advent of AI-powered cyber capabilities.”

Why This Matters Beyond Anthropic

A few things are worth sitting with here.

The model was leaked before it was announced. Fortune discovered references to Mythos in a publicly accessible Anthropic data cache in late March. Cybersecurity stocks fell on the news, before Anthropic had said anything officially. That’s a signal of how seriously the market is taking AI’s offensive security potential.

The “safety lab” framing is being stress-tested. Anthropic built its identity around being the careful, responsible frontier lab. The same week they announced Project Glasswing, they were also dealing with public fallout from a court ruling about their relationship with the Pentagon. Whether the Glasswing announcement is good PR management or genuine responsible deployment - and it can be both - is a reasonable question. The technical report reads as sincere. The capabilities it describes are real.

This changes the threat model for everyone who runs software. If a model with these capabilities can be accessed by 40+ partner organisations, it cannot be long before similar capabilities are accessible more widely - through adversarial development, jailbreaks, or competing labs who don’t apply the same restraint. Glasswing is Anthropic’s attempt to get defenders ahead of that curve. The question is whether six months, or a year, of coordinated patching is enough of a head start.

The Practitioner Angle

For those of us running infrastructure - whether that’s Azure Local clusters, cloud workloads, or hybrid environments - the immediate takeaway is that the vulnerability surface you thought you understood is larger than you knew. Bugs that have existed undetected for a decade or more are being found by automated systems, at scale.

The coordinated disclosure process Anthropic is running through Glasswing means patches will come, but the timeline is uncertain, and the breadth of affected software is wide. It’s a good time to ensure your patching cadence is tight, your network segmentation is real rather than theoretical, and your incident response runbooks are current.

It’s also worth noting that the organisations in the Glasswing consortium include the major cloud providers. If Microsoft is using Mythos to scan Azure infrastructure, that’s material to anyone relying on Azure as part of their hybrid architecture. The patching won’t be visible to you directly, but the outcome should be a measurably more secure platform over the next 12 months.

A Closing Thought

The thing that sticks with me is the deliberate choice not to release. Every AI lab in the world is under commercial pressure to ship. Anthropic sat on a model that would generate enormous revenue and attention, and decided the risk was too high. That’s not a marketing decision. Whether you think their caution is calibrated correctly or not, the underlying reality - that this model’s capabilities represent a genuine inflection point for software security - appears to be the consensus view across the security community.

We’ve been talking about AI changing cybersecurity for years. Mythos is the first concrete demonstration that the change has already arrived.

Sources: Anthropic Project Glasswing | Anthropic Red Team Report | CNBC | NextBigFuture