Anthropic's Claude Mythos Preview Found Thousands of Zero-Day Vulnerabilities — And It's Not Even Public Yet

Anthropic Claude Mythos Preview cybersecurity command center with holographic vulnerability detection displays

Anthropic just dropped what might be the most consequential AI announcement of 2026 — and it's not a chatbot upgrade. The company has revealed Claude Mythos Preview, an unreleased frontier model that has autonomously discovered thousands of zero-day vulnerabilities in every major operating system, every major web browser, and critical open-source infrastructure that powers the modern internet.

The model isn't being released to the public. Instead, Anthropic is channeling it through Project Glasswing, a cybersecurity initiative that reads like a who's-who of Big Tech: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.

What Claude Mythos Preview Actually Found

The technical details are staggering. Over the past few weeks, Mythos Preview identified thousands of previously unknown vulnerabilities — many of them critical — entirely autonomously, without human steering. Here are three standout examples from Anthropic's disclosure:

  • A 27-year-old vulnerability in OpenBSD — one of the most security-hardened operating systems in the world, used to run firewalls and critical infrastructure. The flaw allowed an attacker to remotely crash any machine just by connecting to it.
  • A 16-year-old vulnerability in FFmpeg — the video encoding library used by virtually every piece of software that handles video. Automated testing tools had hit the vulnerable line of code five million times without catching the problem.
  • A Linux kernel exploit chain — the model autonomously found and chained together multiple vulnerabilities to escalate from ordinary user access to complete machine control.

On the CyberGym benchmark for vulnerability reproduction, Mythos Preview scored 83.1% compared to Claude Opus 4.6's 66.6% — a massive leap in cybersecurity capability.

Project Glasswing: $100M to Defend Critical Software

Anthropic is committing up to $100 million in usage credits for Mythos Preview across the initiative, plus $4 million in direct donations to open-source security organizations. The 12 launch partners will use the model for defensive security work and share their findings with the broader industry.

Beyond the core partners, over 40 additional organizations that build or maintain critical software infrastructure will also receive access to scan and secure both first-party and open-source systems.

What the Partners Are Saying

The industry response has been remarkably unified. Microsoft's Igor Tsyganskiy called it evidence of "substantial improvements compared to previous models" when tested against their CTI-REALM security benchmark. CrowdStrike's CTO Elia Zaitsev warned that "the window between a vulnerability being discovered and being exploited has collapsed — what once took months now happens in minutes with AI."

Perhaps most telling was the Linux Foundation's Jim Zemlin, who noted that open-source maintainers — whose software underpins most of the world's critical infrastructure — "have historically been left to figure out security on their own." Project Glasswing could change that equation entirely.

The Leaked Origins

Mythos Preview wasn't supposed to be announced this way. Last month, Fortune reported that a draft blog about the model — then codenamed "Capybara" — was found in an unsecured, publicly inspectable data lake. The leak described it as "by far the most powerful AI model we've ever developed," exceeding current models in software coding, academic reasoning, and cybersecurity.

Adding to the awkwardness, Anthropic also recently exposed nearly 2,000 source code files via a packaging error in Claude Code version 2.1.88, and accidentally triggered thousands of GitHub repository takedowns while cleaning up the mess.

The Bigger Picture

The implications are profound. If a single AI model can find vulnerabilities that survived 27 years of human review and millions of automated tests, the current approach to software security is fundamentally inadequate. Anthropic estimates global cybercrime costs at around $500 billion annually — and that's before AI-augmented attacks become commonplace.

The company's bet is that the same capabilities that make AI dangerous for offense can give defenders a durable advantage — but only if the industry moves fast enough. As Anthropic put it: "The work of defending the world's cyber infrastructure might take years; frontier AI capabilities are likely to advance substantially over just the next few months."

Project Glasswing is simultaneously the most ambitious AI safety initiative we've seen and a stark admission that the threat landscape has changed irreversibly. The question isn't whether AI will reshape cybersecurity — it's whether the defenders can get there first.

Frequently Asked Questions

What is Claude Mythos Preview?

Claude Mythos Preview is Anthropic's unreleased frontier AI model that demonstrates breakthrough capabilities in finding and exploiting software vulnerabilities. It is a general-purpose model — not specifically trained for cybersecurity — but has shown the ability to autonomously discover thousands of zero-day vulnerabilities in major operating systems, browsers, and open-source software.

What is Project Glasswing?

Project Glasswing is a cybersecurity initiative launched by Anthropic that brings together 12 major tech companies — including Apple, Microsoft, Google, AWS, Cisco, CrowdStrike, and NVIDIA — to use Claude Mythos Preview for defensive security work. Anthropic is committing up to $100 million in usage credits and $4 million in donations to open-source security organizations.

Will Claude Mythos Preview be available to the public?

No. Anthropic has stated that Claude Mythos Preview will not be made generally available. Access is limited to the 12 Project Glasswing launch partners and over 40 additional organizations that maintain critical software infrastructure.

How does Mythos Preview compare to other AI models in cybersecurity?

On the CyberGym vulnerability reproduction benchmark, Mythos Preview scored 83.1% compared to Claude Opus 4.6's 66.6%. It found vulnerabilities that survived decades of human code review and millions of automated security tests, including a 27-year-old OpenBSD bug and a 16-year-old FFmpeg vulnerability.