Anthropic's Claude Mythos Cracks Zero-Days, Skips Public Launch

One fact anchors the story: engineers with no formal security training asked Claude Mythos Preview to hunt for remote code execution vulnerabilities, went home, and returned to complete working exploits.

Anthropic announced Claude Mythos Preview this weekend, calling it a step-change over Claude Opus 4.6 across reasoning, coding, and offensive security. The model is not going to general availability. Instead, access is channeled through a new industry initiative called Project Glasswing, backed by $100 million in Anthropic usage credits and a consortium of ten technology companies.

The benchmark gap between Mythos and prior models is not marginal. Where Opus 4.6 produced working JavaScript shell exploits in two out of several hundred attempts against Firefox vulnerabilities, Mythos Preview succeeded 181 times on the same target set, according to InfoQ. On OSS-Fuzz targets, all fully patched, the model achieved complete control flow hijack on ten separate programs.

Beyond structured benchmarks, Mythos autonomously discovered zero-days across every major operating system and browser during internal testing. Two findings stand out in the InfoQ report: a 27-year-old latent bug in OpenBSD and a 16-year-old vulnerability in FFmpeg's H.264 codec. FFmpeg underlies video processing in a vast range of commercial and open-source products; its H.264 path is one of the most widely deployed media parsers in production. Finding a decade-and-a-half-old flaw there during a routine overnight session reframes how much attack surface the security industry has actually mapped.

The dual-use problem

The capabilities that make Mythos useful for defensive security are exactly what make it dangerous in unrestricted hands. Anthropic's decision to withhold public access implies that internal safety evaluations placed this model above a threshold that prior Claude releases did not cross. The company has not published its full responsible scaling evaluation for Mythos, so outside researchers cannot independently verify where that line sits or what mitigations were applied.

Project Glasswing brings together AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. As InfoQ reports, the stated mission is coordinated vulnerability discovery and patching at scale, using Mythos to find and fix bugs before adversaries do. That framing is defensible, though it grants a small number of large incumbents asymmetric access to capability that open-source maintainers and smaller security vendors will not share, at least initially.

For practitioners outside Glasswing

Overnight exploit generation is not just a benchmark curiosity. If Mythos can produce working RCE exploits on fully patched production targets in a single session, the economics of security research shift substantially. Red team cycles compress, and organizations inside Glasswing gain a head start on those dynamics while the rest of the industry waits.

Controlled access also gives Anthropic regulatory cover. Demonstrating that deployment is gated and purposive, rather than speculative, is useful positioning ahead of any legislative movement on frontier model capability thresholds. Whether Glasswing's patch throughput outpaces independent rediscovery of the same vulnerabilities by adversaries or competing labs is a separate question entirely.

History of dual-use research suggests that capability gaps between restricted and general availability close faster than the restricting party expects. If a model can find a 27-year-old OpenBSD bug on its first pass, software archaeology at scale becomes tractable, and the implications extend well beyond offensive security into reliability and compliance work. Swift commentary followed the announcement, as InfoQ noted.

At what point does Glasswing's coordinated patching program wind down, and what happens to API access when it does?

FAQ

What is Claude Mythos Preview? Claude Mythos Preview is Anthropic's most capable frontier model to date, with substantially stronger performance in reasoning, coding, and cybersecurity than Claude Opus 4.6. Access is restricted to Project Glasswing consortium members and is not publicly available.

Why did Anthropic withhold Claude Mythos from public release? Internal testing showed the model autonomously discovering and exploiting zero-day vulnerabilities across every major operating system and browser. Anthropic has not published its full responsible scaling evaluation, but the restricted rollout implies the cybersecurity capabilities crossed an internal risk threshold.

What is Project Glasswing? Project Glasswing is an Anthropic-led consortium including AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Backed by $100 million in Anthropic usage credits, its stated purpose is coordinated vulnerability discovery and patching in critical software.

How do Mythos and Opus 4.6 compare on exploit generation? On Firefox vulnerabilities from the OSS-Fuzz corpus, Opus 4.6 generated working JavaScript shell exploits twice out of several hundred attempts. Mythos Preview succeeded 181 times. Mythos also achieved full control flow hijack on ten separate fully patched OSS-Fuzz targets where Opus 4.6 did not.