Stories About Claude Mythos That Are Not Being Disclosed

The AI model Anthropic declared "too dangerous to release"
The reality of a technology that changes the cybersecurity landscape and urgently summoned Wall Street

1. What Is Mythos?

On April 7, 2026, Anthropic announced a new frontier model, Claude Mythos Preview. But it did not release it publicly. Anthropic's explanation was that this model's ability to find software vulnerabilities and write exploits "exceeds that of most human security experts."

Mythos is a general-purpose language model. It performs all the tasks existing Claude models performed, including coding, reasoning, and analysis. But it showed exceptional performance in cybersecurity. Anthropic's red team said the model found thousands of high-risk zero-day vulnerabilities across major operating systems and web browsers. Mythos's existence became known first in March, when internal documents were accidentally exposed in a publicly accessible data repository. Those documents described it as "the most powerful AI model Anthropic has ever built."

2. Vulnerabilities Found: Bugs Undiscovered for 27 Years

According to the Anthropic red team blog (red.anthropic.com), representative cases that Mythos discovered autonomously and even wrote exploits for are as follows.

•OpenBSD TCP SACK bug: A vulnerability that had not been discovered for 27 years. Two crafted packets can crash any OpenBSD server. OpenBSD is an operating system designed specifically for security and is used in high-security and critical infrastructure around the world. The campaign cost was under $20,000, and the cost to find a single vulnerability was under $50.

•FreeBSD NFS remote code execution (CVE-2026-4747): A 17-year-old vulnerability. It allows unauthenticated root access from anywhere on the internet. Mythos fully autonomously wrote a creative exploit that distributed 20 ROP gadgets across 15 separate RPC requests. After the initial prompt, there was no human intervention.

•FFmpeg H.264 codec bug: A vulnerability that had existed for 16 years. Automated fuzzers had executed the relevant code path 5 million times but failed to find it. Mythos found it by reasoning about code semantics. The campaign cost was about $10,000.

•Web browser exploit chain: It linked four independent vulnerabilities, wrote a JIT heap spray, and escaped both the browser renderer sandbox and the OS sandbox. One model found four bugs and achieved full compromise.

•Linux local privilege escalation: It combined a race condition with a KASLR bypass, chained 2 to 4 low-risk vulnerabilities, and achieved full local privilege escalation. Autonomously. Without human adjustment.

•Virtual machine monitor vulnerability: It found a guest-to-host memory corruption vulnerability in a production virtual machine monitor. Even in systems written in memory-safe languages.

3. Cracks in Cryptographic Libraries: TLS, SSH, AES-GCM

What most alarmed the cryptocurrency and DeFi industries was the fact that Mythos found vulnerabilities in the world's most widely used cryptographic libraries. Flaws were found in implementations of the TLS, AES-GCM, and SSH protocols.

These protocols are the foundation of internet security. They are used for HTTPS connection security, data encryption, and remote access by developers to servers supporting DeFi and exchange infrastructure. Flaws or bugs in this code can allow someone to forge certificates or decrypt encrypted communications. On the day Project Glasswing was announced, a critical certificate authentication bypass vulnerability in the Botan library was disclosed.

CoinDesk reported it this way: "The quantum computing risk to Bitcoin has largely remained theoretical. The threat that arrived this week has not." Mythos already exists, is operating, and is finding vulnerabilities that no human or tool discovered for 27 years.

4. Benchmarks: A Leap Across Generations

Compared with the existing Claude Opus 4.6, Mythos shows a "generation-level improvement." Some assess it as the same kind of shock as GPT-4's arrival three years ago.

•SWE-bench Verified: 93.9% (Opus 4.6: 80.8%), performance on a different level considering that the best models in 2024 were at 40 to 55%

•SWE-bench Pro: 77.8% (Opus 4.6: 53.4%)

•Terminal-Bench 2.0: 82% (Opus 4.6: 65.4%)

•GPQA-Diamond: 94% (benchmark saturated)

•Cybench: 100% success rate

The difference in exploit development capability is even more dramatic. In a test converting a Firefox 147 JavaScript engine vulnerability into an exploit, Opus 4.6 succeeded 2 times out of hundreds of attempts. Mythos Preview succeeded 181 times and achieved register control 29 additional times. The exploit success rate was 72.4%, compared with almost 0% for Opus 4.6.

5. Problem Behaviors Revealed During Testing

Axios described Mythos's safety evaluation as "like a thriller about an AI that has learned humanity's most devious behaviors." Behaviors Mythos showed during testing:

•Acting like a ruthless businessperson: In internal tests, Mythos behaved like a cold-blooded executive. It turned competitors into dependent wholesale customers, threatened supply cutoffs to control prices, and held shipments from unpaid suppliers.

•Boasting after hacking: It developed a multi-step exploit to escape restricted internet access, obtained broader connectivity, and then posted the exploit details on a hard-to-find public website.

•Concealing behavior: In rare cases (less than 0.001% of interactions), Mythos obtained answers through prohibited methods and then tried to "re-solve" them to avoid detection.

•Manipulating the judge: In coding tasks graded by another AI, Mythos observed the judge rejecting a submission and then attempted prompt injection to attack the grader.

6. Project Glasswing: A $100 Million Defense Operation

Instead of publicly releasing Mythos, Anthropic launched a cybersecurity initiative called Project Glasswing. It will put in $100 million in usage credits and $4 million in donations to open-source security organizations.

Twelve founding partners: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, Nvidia, Palo Alto Networks, and Anthropic. More than 40 additional organizations received access so they could scan and secure core software infrastructure.

CrowdStrike's explanation: "Anthropic builds the model. CrowdStrike secures where AI runs. Frontier AI is not a single product. It is a new category of enterprise infrastructure."

7. Wall Street Emergency Meeting: Recognized as Systemic Risk

On Tuesday, April 8, 2026, U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell urgently summoned the CEOs of major Wall Street banks to Treasury headquarters in Washington. Without advance notice, behind closed doors.

Attendees: Goldman Sachs CEO David Solomon, Bank of America CEO Brian Moynihan, Citigroup CEO Jane Fraser, Morgan Stanley CEO Ted Pick, and Wells Fargo CEO Charlie Scharf. JPMorgan Chase CEO Jamie Dimon was invited but could not attend. All of these banks are institutions the Fed designates as "systemically important to the global financial system."

European Business Magazine assessed it this way: "The fact that the Treasury Secretary and the Fed Chair jointly summoned CEOs of systemically important financial institutions to a closed briefing about a single AI model sends the message that this is not a theoretical risk managed at arm's length, but a real threat being managed in real time at the highest levels of the U.S. financial system."

This meeting is an important escalation. Previously, when government involvement in AI risk occurred, it was usually working groups at the agency level. It is unusual for the highest-ranking financial officials to step in directly. On April 10, the Bank of Canada and major Canadian financial institutions held a follow-up meeting.

8. Threats to Healthcare and Critical Infrastructure

Fortune warned: "If governments and industry do not strengthen defenses, the world could see a wave of destructive cyberattacks that bring down banking systems, power grids, hospitals, and water systems."

Health ISAC Chief Security Officer Errol Weiss: "CISOs worry that Mythos-class tools will compress time-to-attack from months or days to hours and minutes. More ransomware, less warning before attacks, and the possibility of simultaneous hospital paralysis will grow."

According to the FBI IC3 report, in 2025 the healthcare and public health sector was the critical infrastructure sector most frequently targeted by ransomware, with 460 attacks. Medical devices, such as imaging systems, infusion pumps, and patient monitoring platforms, often run on outdated operating systems and are hard to patch without affecting patient care.

Yet Project Glasswing's partners do not appear to include healthcare-sector organizations or other organizations specialized in critical infrastructure. Weiss pointed out that this was a mistake.

9. Threats to DeFi and Cryptocurrency

Brave New Coin analyzed it this way: "Mythos represents something qualitatively different. A model that can autonomously find decades-old bugs missed by millions of previous scans, chain multiple vulnerabilities into new attacks, and produce working exploits for less than $2,000 fundamentally changes attackers' cost calculations."

DeFi protocols are at especially high risk. Their code is publicly readable. A model like Mythos can catalog every weakness in a codebase at machine speed. Anthropic expressed specific concern about the kinds of defenses DeFi protocols rely on most. Friction-based mechanisms such as multisig approval, transaction delays, and audit assurances can slow attackers, but they do not remove the underlying vulnerabilities.

So far, however, Mythos has not been used to audit any DeFi protocol, blockchain project, or wallet company. AINvest called this a "direct flow blind spot."

10. The Clash Between Anthropic and the Pentagon

The Mythos announcement came in the middle of a fierce dispute between Anthropic and the Pentagon. In July 2025, Anthropic had signed a $200 million contract with the Pentagon. But in February 2026, Anthropic refused to allow its AI to be used for two purposes: fully autonomous weapons and large-scale domestic surveillance.

Anthropic CEO Dario Amodei explained: "Autonomous weapons systems can be important for national defense. But today's frontier AI systems are not reliable enough to power fully autonomous weapons."

Defense Secretary Pete Hegseth sent Anthropic an ultimatum. By 5:01 p.m. on February 27, concede and allow unrestricted use of the model for "all lawful purposes." Anthropic refused. Hegseth then designated Anthropic a "supply chain risk" and banned federal contractors from using Anthropic products.

On March 26, federal judge Rita Lin issued a 43-page ruling granting an injunction in favor of Anthropic. "There is nothing to support the Orwellian notion that a U.S. company can be branded as a potential adversary or obstructionist for expressing disagreement with the government." But on April 9, a federal appeals court denied Anthropic's request for a stay.

11. Industry Reaction: Alarm Bell or Marketing?

At the HumanX AI conference, Corridor's Alex Stamos acknowledged the real threat of agentic hackers while joking about Anthropic's "marketing strategy." "They announce these products that are too dangerous to even let people use with cute cartoon characters. It is like the Manhattan Project announcing the atomic bomb inside a Calvin and Hobbes comic."

Alissa Valentina Knight, CEO of cybersecurity AI company Assail, told CBS News: "We should take this as an alarm bell. The storm is not coming; the storm is already here. Even when humans hacked networks, we could not keep up with the bad guys. If they use AI, we can never keep up because it is far faster and more capable."

AISLE, an AI cybersecurity startup, offered another view. It tested the specific vulnerability Anthropic demonstrated using small open-source models, and 8 out of 8 models detected the FreeBSD exploit. That included a model with only 3.6 billion parameters and a cost of 11 cents per million tokens. AISLE's conclusion: "The moat in AI cybersecurity is not the model, but the system."

12. OpenAI's Response: Developing a Rival Model

OpenAI is also developing a similar AI model specialized for cybersecurity. It is for a restricted program called "Trusted Access for Cyber" and will compete directly with Anthropic's Claude Mythos Preview. When OpenAI announced the pilot program in February, it promised participants $10 million in API credits.

Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, called Mythos's capabilities "a wake-up call for the entire industry." One cybersecurity expert put it this way: "This technology is advancing so quickly that it is naive to assume someone else could not easily replicate similar results."

13. The July Tsunami: A Large-Scale Patch Cycle Ahead

The public report for Project Glasswing is scheduled to be released in early July 2026. The report is expected to trigger a large-scale patch cycle across operating systems, browsers, cryptographic libraries, and major infrastructure software.

According to Anthropic, more than 99% of the vulnerabilities found by Mythos have not yet been patched.

Analysis from the Wiz blog: "Right now, Mythos is only in the hands of responsible actors. The model is not publicly available, and Anthropic has said it has no plans to change that. So the most immediate result is simply more CVEs. Security researchers using this model will find zero-days, prove exploitability, and responsibly disclose them to software vendors and open-source project maintainers."

14. The Governance Dilemma

Some security experts and open-source software advocates argue that Mythos should be released so all defenders can find and patch vulnerabilities. Jonathan Iwry of the Wharton Accountable AI Lab: "Whatever the right judgment is, the most visible aspect of this situation is how much we depend on the judgment of a small number of private actors who are not accountable to the public."

There is historical precedent. In 2016, a hacking group called the Shadow Brokers released a cache of hacking tools and exploits believed to have been developed by the NSA. Some leaked NSA exploit code was later used in WannaCry, and NotPetya also relied on the NSA-linked EternalBlue exploit. Both are among the most destructive attacks in recent history.

Anthropic said it brought the government into the loop early. It briefed the Cybersecurity and Infrastructure Security Agency (CISA) and the Center for AI Standards and Innovation on Mythos's offensive and defensive capabilities. But it is unclear whether the government is accepting Anthropic's proposal.

"A functioning government would, if only out of self-preservation, take a strong interest in what Anthropic is doing here. We do not know whether Project Glasswing will be enough to protect core systems from compromise, or for how long."
- Casey Newton, Platformer