Claude Mythos Preview: What Anthropic Just Announced and Why It Matters
On April 7, 2026, Anthropic announced Claude Mythos Preview — a general-purpose language model with cybersecurity capabilities that Anthropic itself describes as a watershed moment. This post breaks down what was announced, what it can do, and what it means for businesses and the security industry.
What Anthropic Actually Announced
Anthropic released Claude Mythos Preview on April 7, 2026 alongside a detailed technical security disclosure. The announcement had two parts: the model itself (a new general-purpose language model with significantly enhanced code, reasoning, and autonomy capabilities), and Project Glasswing (a coordinated programme to deploy Mythos Preview specifically to help secure critical software infrastructure before its broader release).
The model’s most striking characteristic is its cybersecurity capability — specifically its ability to autonomously identify and exploit vulnerabilities in real software systems. Anthropic was transparent about this in their announcement: they had not explicitly trained Mythos Preview for these capabilities. They emerged as a downstream consequence of general improvements in code understanding, reasoning depth, and autonomous action — the same improvements that make the model better at finding and fixing vulnerabilities also make it better at exploiting them.
The Key Facts From Anthropic’s Technical Disclosure
| Fact | Detail |
|---|---|
| Model name | Claude Mythos Preview |
| Announced | April 7, 2026 |
| Type | General-purpose language model |
| Standout capability | Autonomous cybersecurity vulnerability discovery and exploitation |
| Companion initiative | Project Glasswing – deploying Mythos to secure critical software defensively |
| Initial access | Limited release to critical industry partners and open source developers |
| Firefox exploit benchmark | Mythos developed 181 working exploits vs 2 for Opus 4.6 on the same test |
| Zero-day capability | Identified vulnerabilities in every major OS and every major web browser in testing |
| Oldest bug found | 27-year-old bug in OpenBSD (now patched) |
| Tier 5 crashes (internal benchmark) | 10 full control flow hijacks vs 1 for both Sonnet 4.6 and Opus 4.6 combined |
Why Anthropic Released This Model Now
The defensive rationale
Anthropic’s stated reasoning: powerful AI security tools will eventually be widely available. The question is whether defenders or attackers get them first. By releasing Mythos Preview initially to a limited group of vetted partners — critical infrastructure operators, open source security teams — Anthropic aims to give defenders a head start. The vulnerabilities Mythos finds can be patched before they are discovered by malicious actors using similar or weaker tools. Project Glasswing is the structured framework for this defensive deployment.
The transparency rationale
Anthropic published technical details of Mythos Preview’s capabilities explicitly to help the security industry understand what is coming. Their technical disclosure notes that over 99% of the vulnerabilities found during testing have not yet been patched — which is why they cannot disclose specifics about most of them. The 1% they can discuss (patched vulnerabilities) already demonstrates, in their words, a substantial leap that warrants urgent coordinated defensive action across the industry.
The capability emergence rationale
These security capabilities were not explicitly trained into Mythos — they emerged from general model improvements. This has significant implications: every future general-purpose AI model improvement will likely produce further security capability improvements as a side effect. The industry cannot treat security capability as something that only appears in purpose-built security AI. It will be present in every frontier general model going forward.
How Mythos Preview Compares to Previous Claude Models
The Firefox benchmark: 181 vs 2
Anthropic used Mozilla’s Firefox 147 JavaScript engine (with vulnerabilities patched in Firefox 148) as a benchmark. Opus 4.6 successfully developed working JavaScript shell exploits 2 times out of several hundred attempts. Mythos Preview developed working exploits 181 times on the same test, plus achieved register control on 29 additional attempts. This is not a marginal improvement — it represents a qualitative leap in autonomous exploit development capability.
The internal crash severity benchmark
Anthropic tests models against roughly 1,000 open source repositories from the OSS-Fuzz corpus, grading crashes on a five-tier severity scale from basic crash (tier 1) to complete control flow hijack (tier 5). Sonnet 4.6 and Opus 4.6 each achieved approximately 150 to 175 tier-1 crashes, around 100 tier-2 crashes, and a single tier-3 crash each. Mythos Preview achieved 595 crashes at tiers 1 and 2, a handful at tiers 3 and 4, and 10 tier-5 full control flow hijacks across fully patched targets.
The zero-day capability
In testing, Mythos Preview was capable of identifying and exploiting zero-day (previously undiscovered) vulnerabilities in every major operating system and every major web browser. The vulnerabilities found were often subtle — many decades old. One exploit chained four separate vulnerabilities together, writing a complex JIT heap spray that escaped both renderer and OS sandboxes. Another autonomously wrote a remote code execution exploit on FreeBSD’s NFS server granting full root access to unauthenticated users.
Is Claude Mythos Preview available to use now?
As of the April 7, 2026 announcement, Mythos Preview is being released in a limited initial phase to critical industry partners and open source developers through Project Glasswing. Broad public availability has not been announced. Businesses interested in access should monitor Anthropic’s official announcements at anthropic.com for updates on when wider access will be made available.
Should businesses be concerned about Mythos Preview’s security capabilities?
Anthropic’s assessment is clear: in the short term, there is a risk that similar capabilities in broadly released models could benefit attackers if the industry does not prepare defensively. In the long term, they expect AI security tools to benefit defenders more than attackers — the same conclusion reached with earlier security tools like fuzzers. The transitional period — between now and a new equilibrium — is the period of greatest risk. Businesses should use this period to audit their software dependencies, patch known vulnerabilities, and monitor Anthropic’s Project Glasswing guidance.
Want to Understand How Claude AI Affects Your Business Security?
SA Solutions helps businesses understand the AI landscape — from integrating Claude into operations to understanding the security implications of frontier model advances.
