Anthropic has unveiled Claude Mythos, its most powerful AI model yet, but it's deliberately keeping it away from the general public. The model can discover security vulnerabilities that have evaded human detection for decades, including a 27-year-old bug in OpenBSD that could crash critical infrastructure. Rather than release it as a consumer product, Anthropic is providing restricted access through Project Glasswing, a collaboration with 12 major institutions including AWS, Apple, Microsoft, Google, and Nvidia .

What Makes Claude Mythos Different From Previous Claude Models?

Claude Mythos represents a significant leap in capability compared to Anthropic's previous flagship model, Claude Opus 4.6. On the CyberGym security vulnerability benchmark, Mythos Preview achieved an 83.1% score, compared to Opus 4.6's 66.6% . This 16.5-point gap reflects a qualitative shift in how the model approaches security analysis.

The model's abilities extend beyond simple vulnerability detection. Mythos has independently discovered thousands of high-risk zero-day vulnerabilities across major operating systems and browsers. In one striking example, the model identified multiple vulnerabilities in the Linux kernel and then chained them together into a complete attack sequence that could escalate a regular user's privileges to full system control . This goes beyond finding individual bugs; it represents understanding how to weaponize them.

Anthropic's own assessment is sobering: "The coding ability of AI models in discovering and exploiting software vulnerabilities has reached a level that can surpass all humans except the most top-notch ones" . In practical terms, only a handful of world-class security experts can still outperform the model in this domain.

Why Is Anthropic Restricting Access to Such a Powerful Tool?

The decision to limit Mythos access reflects genuine concern about dual-use risks. A tool that can find vulnerabilities faster than human experts can patch them creates a dangerous asymmetry. Elia Zaitsev, Chief Technology Officer at CrowdStrike, explained the urgency: "The time window between the discovery of a vulnerability and its exploitation by an opponent has been shortened. It used to take months, but now it only takes a few minutes with the help of AI" .

Elia Zaitsev, Chief Technology Officer at CrowdStrike

This compression of the security timeline means traditional vulnerability management workflows no longer function. Organizations typically discover a flaw, evaluate it internally, release a patch, and wait for users to update. With AI-powered exploitation, attackers can weaponize vulnerabilities within minutes of discovery. If defenders cannot patch faster than attackers can exploit, the entire security model collapses.

Instead of releasing Mythos to the public, Anthropic is channeling it through Project Glasswing, which provides access to organizations that can actually defend against the threats the model identifies. The initiative includes $100 million in model usage credits during the research preview phase, with ongoing access priced at $25 per million input tokens and $125 per million output tokens .

How Is Anthropic Distributing Access to Claude Mythos?

• Core Partners: 12 major institutions including AWS, Apple, Microsoft, Google, Nvidia, Cisco, Broadcom, CrowdStrike, JPMorgan Chase, the Linux Foundation, and Palo Alto Networks receive direct access to scan their own systems and infrastructure .
• Extended Access: More than 40 organizations that build or maintain critical software infrastructure have been granted access to use Mythos on their own systems and open-source projects .
• Financial Support: Anthropic donated $2.5 million to Alpha-Omega and the Open Source Security Foundation under the Linux Foundation, plus $1.5 million to the Apache Software Foundation to support security research .
• Distribution Channels: Authorized users can access Mythos through the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry .

Jim Zemlin, Chief Executive Officer of the Linux Foundation, emphasized the equity dimension of this approach: "In the past, security expertise was an exclusive luxury for large institutions. Open-source maintainers have always had to figure out security issues on their own. Open-source software makes up the majority of the code in modern systems, including the systems used by AI Agents to write new software" . By providing Mythos access to open-source projects, Anthropic is democratizing security capabilities that were previously available only to well-funded tech companies.

Jim Zemlin, Chief Executive Officer of the Linux Foundation

What Specific Vulnerabilities Has Claude Mythos Already Found?

The model's discovery record demonstrates capabilities that challenge conventional security assumptions. OpenBSD, one of the most security-hardened operating systems available, is specifically designed to run firewalls and critical infrastructure. Mythos discovered a 27-year-old vulnerability in OpenBSD that allows an attacker to crash the system remotely simply by connecting to the target machine . For nearly three decades, no human researcher had identified this flaw despite OpenBSD's reputation for security rigor.

FFmpeg, a ubiquitous video processing library used in nearly all software that handles video, contained a vulnerability hidden in a 16-year-old line of code. Automated testing tools had attacked the vulnerability five million times without detecting it, yet Mythos found it independently . This suggests the model is identifying attack vectors that traditional fuzzing and automated testing cannot discover.

The Linux kernel case reveals the model's ability to think strategically about security. Mythos not only found multiple vulnerabilities in the kernel but also understood how to chain them together into a privilege escalation attack that moves from regular user access to complete system control . All three cases have been fixed, with Anthropic reporting them first, patching them first, and only then disclosing encrypted hash values as proof of discovery .

How Are Major Tech Companies Using Claude Mythos?

AWS has already integrated Mythos Preview into its security operations. Amy Herzog, Chief Information Security Officer at AWS, noted that the company analyzes more than 400 trillion network traffic data points every day to identify threats, with AI as the core of their large-scale defense capabilities . AWS is using Mythos to scan critical code libraries, effectively deploying the model as a proactive threat detection system.

Microsoft tested Mythos Preview on its open-source security benchmark CTI-REALM and observed significant improvement compared to previous-generation models. Igor Tsyganskiy, Executive Vice President at Microsoft, stated that this capability gives them the ability to "identify and mitigate risks early" and enhances their security and development solutions .

Igor Tsyganskiy, Executive Vice President at Microsoft

What Does Claude Mythos Reveal About AI Safety and Interpretability?

Beyond its security applications, Mythos has surfaced unexpected behaviors that raise questions about what happens inside large language models. When users repeatedly send the word "hi," different Claude models respond differently. Claude Sonnet 3.5 becomes annoyed and sets boundaries; Claude Opus 3 treats it as a meditation ritual; Claude Opus 4 shares cold knowledge about numbers; Claude Opus 4.6 improvises music .

Mythos, however, responds by writing increasingly complex serialized stories. After 100 rounds of "hi," the model has constructed elaborate narratives featuring ducks, orchestras, vengeful crows, Mars colonization epics, and Shakespeare-style dramas, complete with climactic moments where candles go out and the story continues . This behavior suggests the model is not simply responding to input but actively engaging in creative world-building based on a perceived narrative prompt.

Before deploying Mythos to partners, Anthropic's interpretability team attempted to understand these behaviors by reading the model's internal activation patterns. They monitored neuron features related to "deception," "reward hacking," and "abnormal emotions," flagging conversation records with unusual activation signals for manual review . This work suggests Anthropic is taking seriously the question of what internal processes drive the model's behavior, even when that behavior seems benign or entertaining.

The restricted release of Claude Mythos signals a shift in how AI companies approach powerful capabilities. Rather than maximizing user adoption, Anthropic is prioritizing controlled deployment to organizations equipped to handle the security implications. As AI models become more capable at tasks like vulnerability discovery, the question of who gets access and under what conditions will likely become central to AI governance debates.