Anthropic Withholds Claude Mythos After Zero-Day Exploit Spree

Anthropic's newest model found a 27-year-old security flaw in OpenBSD before most people knew the model existed. That detail, a bug older than many working engineers, signals something has shifted in what frontier language models can do with offensive security tooling.

Claude Mythos Preview launched on April 12, with InfoQ describing it as a "step change" over Claude Opus 4.6. What separates this release from prior Claude models is not just benchmark gains; it is the decision to withhold the model from the public entirely.

The security numbers

InfoQ reported that in internal testing, Mythos Preview autonomously discovered and exploited zero-day vulnerabilities across every major operating system and web browser. Against Firefox vulnerabilities specifically, Opus 4.6 produced working JavaScript shell exploits in roughly two out of several hundred attempts. Mythos Preview produced 181. On the OSS-Fuzz corpus, the model achieved full control flow hijack on ten separate, fully patched targets, not partial proofs-of-concept but working exploits on production software.

Beyond the FFmpeg H.264 codec's 16-year-old flaw, the most organizationally striking finding involved engineers without formal security training. They assigned Mythos Preview to hunt for remote code execution vulnerabilities overnight and returned to complete working exploits. The model collapsed what had previously been a hard prerequisite: specialized human expertise.

Project Glasswing

Rather than a staged public rollout, Anthropic is channeling the model through a new initiative called Project Glasswing. The consortium spans AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, with Anthropic committing $100 million in usage credits. The stated mission: find and patch vulnerabilities in critical software before adversaries can.

The membership list is deliberate. Every organization named either ships software at scale, operates critical infrastructure, or sells security products. This is not a research preview; it is a coordinated patching effort built around parties with both the incentive and the operational capacity to act on what the model surfaces.

Reading between the lines

Withholding public access sends its own signal. Anthropic has previously published safety evaluations alongside model releases, and security research has well-established disclosure frameworks. Project Glasswing frames Mythos Preview as a defensive tool, but the same capability that found a buried OpenBSD bug will find new ones. The line between defensive and offensive use is mostly an access policy, not a model property.

This pattern resembles how the security community has historically handled dual-use research: limited distribution to trusted parties, coordinated disclosure windows, and broader release once the highest-risk targets are patched. Whether Anthropic follows that arc or keeps the consortium structure indefinitely is, per InfoQ, not yet addressed.

The $100 million credit figure is usage budget, not cash. It incentivizes partners to run the model aggressively against their own infrastructure, which is the design. For open-source stewards like the Linux Foundation, that subsidy is meaningful. For Google or Microsoft, access to a model at this capability level is the more significant asset.

Controlled access has a horizon. Every engineer at a consortium partner who works with Mythos Preview now carries direct experience with its capabilities. Even a closed release reshapes how security teams think about automation and how future models in this space will be evaluated.

The decisive question is not what Mythos Preview scored on a benchmark. It is whether the vulnerabilities it finds in consortium infrastructure get patched before an adversary finds them independently.

Frequently asked questions

What is Claude Mythos Preview?
It is Anthropic's most capable model to date, with major improvements in reasoning, coding, and cybersecurity, per InfoQ. Unlike previous Claude releases, it has not been made publicly available and is accessible only through Project Glasswing.

What is Project Glasswing?
Project Glasswing is Anthropic's consortium-based access program for Claude Mythos Preview. It includes AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, backed by $100 million in Anthropic usage credits.

Why is Claude Mythos Preview not publicly available?
Anthropic restricted access because of the model's demonstrated offensive security capabilities. In internal testing, it autonomously found and exploited zero-day vulnerabilities across major operating systems and browsers without requiring specialized human guidance.

How does Mythos Preview compare to Claude Opus 4.6 on security tasks?
The gap is substantial. Against Firefox vulnerabilities, Mythos Preview produced 181 working JavaScript shell exploits in a similar number of attempts where Opus 4.6 managed roughly two.