Claude Mythos Preview Claims Autonomous Zero-Day Exploit Skills

Anthropic last week announced a model it considers too dangerous to release publicly. Claude Mythos Preview, the company says, autonomously discovered and exploited zero-day vulnerabilities across every major operating system and web browser, surfacing thousands of high-severity flaws in internal testing.

The announcement triggered an unusual political response. Mashable reports that Federal Reserve Chairman Jerome Powell and Treasury Secretary Scott Bessent convened an emergency meeting with banking CEOs to assess the implications. Anthropic framed the moment in sweeping terms, claiming the model would "reshape cybersecurity." Whether those claims hold up to scrutiny is the question practitioners are now asking.

The technical claims

Anthropics says Mythos Preview outperforms Claude Opus 4.6 significantly, particularly in cybersecurity tasks. The specific assertion is that the model can autonomously discover and exploit zero-days, not merely detect known vulnerability classes or surface misconfigured services. The company logged thousands of high-severity findings spanning every major OS and browser during its own evaluation.

To manage the rollout, Anthropic created Project Glasswing, an invite-only consortium that includes several direct competitors. The program is designed to use Mythos Preview to audit critical software and disclose findings to affected maintainers before any broader deployment. The structure is unusual: treating a frontier model's output as a controlled security disclosure process rather than a general product launch.

That approach sidesteps some dual-use criticism, but it also makes independent verification impossible. Researchers outside the program have no way to confirm the zero-day count, the severity ratings, or whether the model's exploitation capability is genuinely novel rather than a sophisticated repackaging of known techniques.

Stunt or substance

The reception broke predictably. Supporters pointed to Mythos as evidence AGI is approaching; critics dismissed Project Glasswing as an elaborate publicity exercise. Mashable consulted AI and cybersecurity experts and found no consensus, which is itself informative.

The skeptic case has structural merit. Finding vulnerability patterns in codebases is something static-analysis tools already do at scale. Autonomous exploitation of truly novel zero-days would be a different category of capability entirely, and Anthropic controls all the evidence. The test practitioners should watch for: whether Glasswing disclosures produce public CVEs with patch notes crediting Mythos. That would be ground-truth validation the capability is real, not just internally impressive.

What comes next

Anthropics broader roadmap is not slowing while Mythos sits in restricted access. The Tech Portal reports that a successor model, likely Claude Opus 4.7, is already in testing, with focus shifting toward autonomous task completion and multi-agent coordination. It builds on Opus 4.6's experimental one-million-token context windows, pushing further on reliability and minimal-supervision operation across extended workflows.

Separately, The Tech Portal notes Anthropic is developing an AI-powered design tool for website and presentation generation, signaling a move beyond developer tooling into broader productivity applications. The two tracks, safety-withheld offensive security research and consumer productivity, reflect a company navigating genuinely contradictory pressures at the same time.

LLM-assisted vulnerability research has been accumulating in academic literature since at least 2023. What is new is a major commercial lab making it the headline announcement rather than a research footnote, which shifts the regulatory conversation regardless of whether the underlying technique is incremental. Each Anthropic release has expanded autonomous capability in sequence: context first, then agentic reasoning, now claimed exploit generation. Mythos fits that arc.

The real test is not whether Anthropic's internal demos were impressive. It is whether infrastructure maintainers in Project Glasswing patch vulnerabilities they would not have found any other way. That answer will take months to emerge, not days.

---

FAQ

What is Claude Mythos Preview?
Anthropics newest frontier model, currently withheld from public release due to claimed autonomous zero-day exploitation capabilities across major operating systems and browsers.

What is Project Glasswing?
An invite-only program, including Anthropic competitors, using Mythos Preview for defensive security audits of critical software infrastructure with coordinated disclosure to maintainers.

Is Claude Mythos Preview available to the public?
No. As of April 2026, access is restricted to organizations participating in Project Glasswing.

What model follows Claude Mythos Preview?
Reports indicate Anthropic is testing Claude Opus 4.7, focused on multi-agent coordination and longer-duration autonomous task handling with minimal human supervision.