On April 7, 2026, Anthropic announced Claude Mythos Preview, a general-purpose language model with exceptional cybersecurity capabilities that can autonomously identify previously unknown vulnerabilities, generate working exploits, and carry out complex cyber operations with minimal human input. The company took the unprecedented step of restricting public access to the model, citing security concerns.
Claude Mythos Preview Identifies Thousands of Critical Zero-Days Across Major Software
Over the past weeks, Anthropic used Claude Mythos Preview to identify thousands of zero-day vulnerabilities in critical software infrastructure. The discoveries included:
- Critical flaws in every major operating system
- Previously unknown vulnerabilities in every major web browser
- Security issues across a range of important software systems
- First AI model to solve 'The Last Ones' corporate network attack simulation, completing it end-to-end in 3 out of 10 attempts
- Average completion of 22 out of 32 steps across all attempts on the simulation
Project Glasswing Restricts Access to Critical Industry Partners
Rather than releasing the model publicly, Anthropic launched Project Glasswing, a partnership bringing together Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, and Palo Alto Networks. The initiative aims to secure critical software before models with similar capabilities become broadly available. This marks a shift from commercial deployment constraints to security-driven restrictions.
The announcement generated significant discussion, with the main Hacker News thread receiving 1,541 points and 836 comments. A related discussion about the System Card gathered 848 points and 658 comments.
Independent Evaluation and Industry Skepticism
The UK's AI Safety Institute (AISI) conducted independent evaluations of Claude Mythos Preview's cyber capabilities and published findings. However, Tom's Hardware published skeptical coverage, noting that claims of thousands of severe zero-days relied on just 198 manual reviews, calling the announcement more of a sales pitch than evidence of sentient super-hacking capabilities.
Key Takeaways
- Claude Mythos Preview autonomously identified thousands of zero-day vulnerabilities across major operating systems and browsers
- The model solved 'The Last Ones' corporate network attack simulation in 3 out of 10 attempts, completing an average of 22 out of 32 steps
- Anthropic restricted public access, instead launching Project Glasswing with partners including Amazon, Apple, Microsoft, and the Linux Foundation
- This represents the first major AI model deployment constraint driven by security concerns rather than commercial factors
- Independent verification shows promise but some industry observers remain skeptical of the scope of claims