- Anthropic built an AI model so powerful it found thousands of zero-day exploits overnight — and decided never to release it.
- Claude Mythos Preview scores 93.9% on SWE-bench Verified and 83.1% on CyberGym — both all-time records.
- Project Glasswing unites Apple, Google, Microsoft, Amazon, NVIDIA, and seven other organizations in a $100 million defensive coalition.
- Anthropic has no plans to make Mythos Preview publicly available — the model is too dangerous.
$50 to Break a 27-Year-Old Fortress
Anthropic just dropped a bomb on the cybersecurity world. Claude Mythos Preview, the most powerful AI model for finding zero-day vulnerabilities ever built, has discovered thousands of previously unknown security flaws in every major operating system — Windows, macOS, Linux — and every major web browser. Not theoretical weaknesses. Working exploits. The best AI cybersecurity tool in 2026 is one its creators refuse to ship.
The numbers border on absurd. A $50 inference run found a 27-year-old vulnerability in OpenBSD, an operating system whose entire reputation rests on being unhackable. Under $1,000 produced a fully working remote code execution exploit on FreeBSD — unauthenticated root access from anywhere on the internet. Under $2,000 chained together multiple Linux kernel vulnerabilities into a complete privilege escalation attack. These are findings that would take elite security researchers weeks of work and hundreds of thousands of dollars. Anthropic engineers with no formal security training asked Mythos to hunt overnight. They woke up to working exploit code.
Anthropic Project Glasswing: $100 Million to Patch the Internet
The model scored 93.9% on SWE-bench Verified, 83.1% on CyberGym, and 77.8% on SWE-bench Pro — all records. It autonomously identified a 16-year-old vulnerability in FFmpeg, a media library used by virtually every piece of software that touches video, in a line of code that automated testing tools had hit five million times without catching the flaw. Mythos found it on its first pass.
The implications were severe enough that Anthropic assembled a defensive coalition called Project Glasswing, named after a butterfly whose transparent wings let it hide in plain sight — like the vulnerabilities Mythos found lurking in code for decades. The founding members: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic is committing up to $100 million in usage credits plus $4 million in direct donations to open-source security organizations.
Why Anthropic Won’t Release Claude Mythos Preview to the Public
CrowdStrike CTO Elia Zaitsev put it bluntly: “The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took weeks now happens in minutes with AI.” Cisco’s Chief Security Officer Anthony Grieco called it “a profound shift” and warned that “the old ways of hardening systems are no longer sufficient.”
Anthropic is not making Mythos Preview generally available. The company says the model’s offensive capabilities are too potent for open deployment. Instead, over 40 additional organizations that build or maintain critical software infrastructure have received access to scan and patch their systems. The plan: fix everything before models this powerful proliferate to attackers. Within 90 days, Anthropic will publish a public report on vulnerabilities found and patched.
Can AI Find Zero-Day Exploits Faster Than Humans Can Patch Them
The uncomfortable truth is that Mythos-class capabilities will not stay locked away forever. AI-powered vulnerability discovery is advancing faster than any defensive team can keep up. The cost of finding critical exploits has collapsed from millions of dollars and months of expert labor to a few thousand dollars and a few hours of compute. Palo Alto Networks’ Lee Klarich warned that “everyone needs to prepare for AI-assisted attackers. There will be more attacks, faster attacks, and more sophisticated attacks.”
Global cybercrime already costs an estimated $500 billion per year. That number could spike dramatically as AI-driven exploit discovery democratizes what was once the domain of nation-state hackers and elite security researchers. For anyone asking whether AI can replace cybersecurity professionals, the answer from Anthropic is clear: it already outperforms most of them. The company is racing to build safeguards that detect and block the most dangerous outputs before shipping Mythos-class capabilities in a future Claude Opus model. The question is whether AI-powered cyber defense can outpace AI-powered attacks.
Project Glasswing | Mythos Preview System Card | @AnthropicAI
