Anthropic announced Claude Mythos Preview on April 7, 2026. They described it as “a step change” and “the most capable model we’ve built to date.” That’s standard launch language. What isn’t standard is everything that came after.

Here’s what the model actually does, why governments are paying attention, and what defenders can do now.

What Mythos Is

Mythos is a general-purpose language model — 1M token context window, 128K max output, knowledge cutoff December 2025. On most benchmarks it performs as you’d expect from a frontier model at this scale.

The part that triggered the White House and the NSA is its cybersecurity capability.

Mythos can autonomously discover zero-day vulnerabilities at scale, then build working exploits for them. Not proof-of-concept exploits. Complete, functional, deployable ones. An Anthropic engineer with no formal security training described asking the model to “find remote code execution vulnerabilities overnight” — and waking up to a working exploit.

The numbers from the UK AI Security Institute’s assessment:

  • 73% success rate on expert-level hacking tasks
  • 181 working Firefox exploits discovered by Mythos, versus two by its predecessor
  • Found a 27-year-old vulnerability in OpenBSD
  • Critical faults found in every major OS and browser tested
  • 99% of discovered vulnerabilities were unpatched at time of discovery

That last number is the one that matters. Mythos isn’t finding known vulnerabilities faster. It’s finding vulnerabilities nobody knew existed, faster than defenders can patch them.

What It Threatens

The security model most organisations operate on assumes that finding a zero-day takes time — months of manual research, a well-funded team, deep domain expertise. That time gap is what gives defenders room to patch, to respond, to catch up.

Mythos collapses that gap. What once took months now takes minutes. The asymmetry flips: attackers need to run the model once. Defenders need to patch every system, every time, before the attacker moves.

This isn’t hypothetical. A small group of unauthorized users gained access to Mythos before Anthropic could contain access. Bloomberg reported it. Anthropic confirmed it. The window between capability existing and capability being misused turned out to be very short.

The Pentagon called it “a separate national security moment.” German banks and the Bank of England intensified risk testing. The White House blocked Anthropic’s plan to expand access to 70 additional companies. The NSA is reportedly using Mythos to probe vulnerabilities in Microsoft’s own software.

When the NSA is your security researcher, the threat model has changed.

What Anthropic Is Doing About It

Anthropic’s response is called Project Glasswing — a $100 million initiative to use Mythos defensively before adversaries can exploit the same capabilities offensively.

The strategy: give controlled access to a small coalition of major infrastructure owners and let them use Mythos to find and patch vulnerabilities in their own systems before anyone else finds them.

Current participants: Microsoft, Google, Apple, AWS, JPMorgan Chase, and Nvidia. Over 40 additional organisations with access to critical open-source infrastructure. All accessing through Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, or Microsoft Foundry.

Anthropic commits to publishing findings and best practices within 90 days. No public release of Mythos is planned.

It’s offense used as defense — find the holes in your own walls before someone else does.

What You Can Do

Project Glasswing matters if you’re one of the six companies in it. For everyone else, here’s what’s actually actionable:

Patch faster. The 99% unpatched statistic means your exposure window is the time between a vulnerability existing and your patch deploying. Compress that window. Automate where you can. Stop treating patch cycles as quarterly events.

Adopt AI-assisted bugfinding now. Mythos isn’t publicly available, but current frontier models are already useful for security research. Use them. If defenders aren’t using AI for vulnerability discovery, the asymmetry only gets worse.

Stop relying on friction. Security measures that make attacks slightly harder — weak passwords, open ports protected by “obscurity,” legacy VPN without MFA — don’t hold against automated exploitation at this scale. Move to hard barriers: zero trust architecture, identity-based access, no implicit trust by network location.

Review your disclosure policies. If you run software, you need a path for researchers (or AI-assisted researchers) to report findings to you. A 90-day responsible disclosure window assumes human research timelines. Those timelines have changed.

Assume unpatched vulnerabilities exist in your stack. They do. The question is whether you find them first.

The Honest Take

Some security researchers think the concern is overstated. Peter Swire, former White House cyber coordinator, said “a large fraction of cybersecurity professors believe this is pretty much what was expected, and pretty much more of the same.”

Maybe. But “more of the same, dramatically faster” is still a meaningful change. The 27-year-old OpenBSD vulnerability wasn’t found by any human researcher in 27 years. Mythos found it. The Firefox exploit count isn’t a 10% improvement over a predecessor — it’s 90x.

The tools defenders use need to keep pace with the tools attackers have access to. That’s always been true. Mythos just made the gap more visible.