In early April 2026, Anthropic announced a model it had decided not to sell. That decision alone was enough to stop the AI industry in its tracks. The model is called Claude Mythos Preview, and the reason Anthropic chose not to release it publicly is the same reason it matters so much: it is, by a wide margin, the most capable AI system ever built for finding and exploiting software vulnerabilities.

The announcement came bundled with the launch of Project Glasswing — a controlled initiative that gives a hand-picked group of critical-infrastructure defenders exclusive access to Mythos, with the explicit goal of securing the world’s most important software before adversaries develop equivalent capabilities on their own.

This article unpacks what Mythos is, what it can do, why Anthropic is withholding it, and what the global cybersecurity community needs to understand about the era it has just entered.

What Is Claude Mythos Preview?

Mythos Preview is Anthropic’s most advanced frontier model — a general-purpose large language model that happens to be, as the company describes it, “strikingly capable at computer security tasks.” That framing is deliberate understatement. In practice, Mythos is the first AI system to comprehensively discover zero-day vulnerabilities — previously unknown software flaws — across every major operating system and every major web browser, all within weeks of deployment.

Its strength in cybersecurity flows directly from broader capability improvements. A model that can deeply reason about and modify complex software at scale is also one that can find and exploit its weaknesses. Mythos does not simply scan for known vulnerability patterns; it reads unfamiliar codebases, forms hypotheses about where flaws might exist, runs the software to test its suspicions, and produces full proof-of-concept exploits complete with reproduction steps — autonomously, at scale, and with a false-positive rate that Cloudflare’s own security team described as better than human testers.

On the CyberGym benchmark — which tests the ability to reproduce known vulnerability exploitation — Mythos Preview scored 83.1%, compared to 66.6% for Claude Opus 4.6. But the more revealing evidence comes from real-world deployment, where benchmarks no longer apply because Mythos has largely saturated them.

What Has It Actually Found?

Within weeks of deployment across roughly fifty Project Glasswing partners, Mythos Preview surfaced more than ten thousand high- or critical-severity vulnerabilities in the most systemically important software in the world. Several examples have since been publicly disclosed, and they are instructive about the qualitative nature of this capability leap.

Beyond these headline cases, the sheer breadth is staggering. Anthropic used Mythos to scan more than a thousand open-source projects. By late May 2026, it had disclosed 1,596 vulnerabilities across 281 open-source projects — with patching still in progress. Cloudflare alone found 2,000 bugs across critical-path systems, 400 of which were high or critical severity.

Why Is It a Potential Threat?

Every capability that makes Mythos valuable for defenders is equally valuable for attackers. The model is a dual-use technology in the sharpest possible sense: the same reasoning chain that finds and fixes a zero-day can find and exploit it. Anthropic is acutely aware of this, which is why it chose not to release Mythos publicly and why it has been explicit about the threat calculus it is managing.

The threat matrix has several distinct layers:

Asymmetric offensive uplift

Nation-state actors and sophisticated criminal groups could use a Mythos-class model to discover zero-days at machine speed and sell or deploy them before defenders have any knowledge of their existence. The attack surface of global software is effectively infinite; the discovery bottleneck has historically protected defenders. Mythos removes that bottleneck for whoever holds it.

Critical infrastructure as the target

The sectors most exposed to an AI-assisted attacker are exactly those now being enrolled in Project Glasswing: power grids, water systems, hospital networks, telecommunications, and financial infrastructure. A successful attack on any of these using Mythos-class capabilities could affect tens of millions of people. Anthropic’s expansion of the programme to include power, water, healthcare, and communications sectors reflects the urgency of this specific exposure.

The proliferation clock

OpenAI has already released GPT-5.5-Cyber, its own cybersecurity-focused model, to a large group of partners for testing. Anthropic has publicly stated it believes other frontier-model companies will reach Mythos-class capability within six to twelve months. The window for establishing defensive norms before offensive capability is widely available is narrow and closing.

The patching bottleneck

Even the defensive use of Mythos has revealed a structural problem in global cybersecurity: the ecosystem is not built to handle AI-scale vulnerability discovery. The bottleneck is no longer finding bugs — it is verifying, triaging, disclosing, and patching them fast enough. Open-source maintainers, many of them unpaid volunteers, now face a flood of vulnerability reports that human teams cannot process at the rate AI generates them. If this bottleneck is not addressed, discovered vulnerabilities will accumulate in disclosure pipelines, creating a window that attackers — including those who independently discover the same flaws — could exploit.

What Is Project Glasswing, and Can It Help?

Project Glasswing is Anthropic’s attempt to solve what is essentially a coordination problem at global scale. The name is drawn from the glasswing butterfly, whose transparent wings allow it to hide in plain sight — a nod to the nature of the vulnerabilities Mythos is designed to surface.

The initiative launched in April 2026 with twelve founding partners and has since expanded to approximately two hundred organisations across more than fifteen countries. New entrants include NATO, the EU’s cybersecurity agency ENISA, South Korean technology companies Samsung, SK Hynix, and SK Telecom, identity management firm Okta, and critical-infrastructure operators in sectors that were absent from the original cohort.

Partners receive access to Mythos Preview to find and fix vulnerabilities in their own foundational systems — systems that represent, in aggregate, a significant share of the world’s shared cyberattack surface. Anthropic has also released the scanning harnesses, custom skills, and threat-model builders its teams developed during the project, making them available to qualifying security professionals through its Cyber Verification Program.

The approach is not without critics. Some observers have noted that manually enrolling organisations cannot scale to the hundreds of thousands that would need access to genuinely harden global software infrastructure. Anthropic acknowledges this directly, describing the eventual public release of Mythos-class models as an eventual goal — one contingent on developing robust safeguards capable of detecting and blocking the model’s most dangerous outputs. The company plans to develop those safeguards first with Claude Opus models, where the risk profile is lower, before applying them to Mythos-class capabilities.

What Comes Next

The cybersecurity industry is entering a phase it has never inhabited before: one in which the primary constraint on finding vulnerabilities is not human expertise or time, but the pace at which discovered flaws can be responsibly handled. That shift has happened within months, not years, and it is irreversible.

Anthropic has framed Project Glasswing not as a permanent solution but as a head start — a way to harden the most critical systems before the same capabilities proliferate to actors with less concern for responsible disclosure. The company has said it wants the initiative to spur operating norms that reflect a world where AI-assisted cyberattacks are the baseline reality, not an emerging risk.

Whether that window is sufficient depends on decisions being made right now: how quickly organisations patch what Mythos finds, how well the industry builds infrastructure for AI-speed disclosure, how governments respond to the new threat landscape, and whether safeguards can be developed fast enough to allow responsible broad access before other developers release equivalents without them.

Claude Mythos Preview is not a threat in the hands of Anthropic. It is a preview of a threat that will exist, in some form, in the hands of everyone — and the question Project Glasswing is racing to answer is whether defenders can be meaningfully ahead when that moment arrives.