Anthropic Restricts Claude Mythos Preview to Cybersecurity Consortium

Anthropic's new frontier model identified a 27-year-old zero-day in OpenBSD before the company's own engineers could manually reproduce the conditions. Claude Mythos Preview, announced Sunday, carries no public release date. Access is restricted entirely to a vetted corporate consortium called Project Glasswing.

The benchmark gap with its predecessor is not incremental. Against Firefox vulnerabilities, Claude Opus 4.6 generated two working JavaScript shell exploits across several hundred attempts. InfoQ reports that Mythos Preview produced 181 under equivalent conditions. That is not optimization. It is a different class of capability.

Anthropologic has paired the model with ten major technology organizations and committed $100 million in usage credits to fund vulnerability research across critical software infrastructure.

What the model can do

During internal testing, the model autonomously discovered and exploited zero-day vulnerabilities across every major operating system and browser. The oldest was a now-patched flaw in OpenBSD, a platform whose security reputation rests on decades of conservative engineering. A 16-year-old vulnerability in FFmpeg's H.264 codec was also found, per InfoQ.

On the OSS-Fuzz corpus, Mythos Preview achieved full control flow hijack on ten separate, fully patched targets. The operationally significant data point is different: Anthropic engineers with no formal security training tasked the model with finding remote code execution vulnerabilities overnight and returned to complete, working exploits. The pipeline from prompt to functional exploit required no specialized knowledge from the operator.

The access question

Project Glasswing's roster covers AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The composition spans cloud infrastructure, device manufacturing, threat intelligence, financial services, and open-source stewardship. Anthropic's stated rationale is to direct the model's offensive capabilities toward finding and closing vulnerabilities before production exploitation.

Whether coordinated consortium access translates to meaningful security coverage is a fair question. The companies in Glasswing are not underserved by existing security tooling. The more interesting target surface involves software they depend on but do not own: the Linux kernel, shared open-source libraries, critical infrastructure dependencies. The Linux Foundation's inclusion suggests Anthropic considered this scope, though specifics on what software falls under the program remain sparse in the InfoQ report.

Context

The history of dual-use AI tools follows a consistent arc: capability lands broadly, governance responds slowly, and deployment policy gets written after incidents rather than before them. Anthropic's decision to restrict Mythos Preview before release rather than after a public misuse event represents a structural departure from that pattern. It is also, straightforwardly, a business move. A $100 million credit commitment directed at ten of the technology industry's largest companies is not a research grant.

For security engineers and applied researchers, the benchmark story carries a second-order implication. A model that jumps from two successful exploits to 181 against the same target set has crossed some threshold in reasoning about memory layouts, control flow graphs, and patch logic at scale. Security auditing tools built on top of models in this capability tier will need to be treated as offensive infrastructure, not research curiosities, regardless of stated defensive intent. That framing shift matters for procurement, access policy, and red-team program design alike.

The central question Project Glasswing leaves open is whether controlled deployment can outpace the arrival of models with equivalent capabilities from other labs. Anthropic controls access today. The capability is real, and exclusivity has a limited shelf life.

FAQ

What is Claude Mythos Preview? Claude Mythos Preview is Anthropic's latest frontier model, described as a step change beyond Claude Opus 4.6 in reasoning, coding, and cybersecurity. It has not been released publicly; access runs through Project Glasswing, as covered by InfoQ.

What is Project Glasswing? Project Glasswing is Anthropic's controlled-access program pairing Mythos Preview with AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, backed by $100 million in Anthropic usage credits for vulnerability research.

How does Mythos Preview compare to Claude Opus 4.6 on security benchmarks? Against Firefox vulnerabilities, Opus 4.6 generated two working JavaScript shell exploits across several hundred attempts; Mythos Preview generated 181. On the OSS-Fuzz corpus, it achieved full control flow hijack on ten fully patched targets.

Why is the model not publicly available? Anthropologic cited the model's offensive security capabilities as the reason for restricted access, framing the decision as responsible deployment that prioritizes controlled defensive use over broad public release.