Claude Mythos: When an AI Gets Too Good at Hacking to Release
Anthropic built its most capable model yet, then locked it away. Here's why VM and compliance practitioners should care.
There's a strange kind of headline that only makes sense in 2026: an AI company builds its most powerful model ever — and decides not to sell it.
That's exactly what happened with Anthropic's Claude Mythos Preview. And as someone who spends her days neck-deep in vulnerability management and policy compliance, I think this is one of the most important developments for practitioners like us this year — even though most of us will never get to touch the model itself.
Let's break it down.
What is Claude Mythos Preview?
At its core, Mythos Preview is a general-purpose AI model — the same broad category of system that powers tools like Claude Code or ChatGPT. Nothing exotic there.
What is exotic is what happened during Anthropic's internal testing. The model's cybersecurity capabilities turned out to be far beyond what previous generations could do. We're not talking about "it can explain a CVE" or "it can suggest a patch." We're talking about a model that can independently discover previously unknown vulnerabilities, write working exploit code for them, and then chain multiple vulnerabilities together to break into complex systems — with a level of autonomy and follow-through that genuinely surprised the researchers who built it.
That combination — discovery, weaponization, and chaining, done autonomously — is what pushed Anthropic to treat this model differently from anything they'd released before.
Enter Project Glasswing
Instead of shipping Mythos Preview to the public (or even to typical enterprise customers), Anthropic created Project Glasswing — a coalition built around a simple idea: give trusted organizations early access to this model so they can find and fix the vulnerabilities in their own critical systems before anyone with bad intentions gets a model this capable.
The name is a nice touch if you know the reference — the glasswing butterfly has transparent wings, hiding in plain sight. Fitting for a project about exposing hidden vulnerabilities.
The rollout has been deliberate and staged:
- It launched with a small group of around a dozen organizations — names you'd recognize immediately: AWS, Apple, Google, Microsoft, CrowdStrike, NVIDIA, and Palo Alto Networks among them.
- Within weeks, that group had grown to roughly 50 partners, who used Mythos Preview to scan some of the world's most systemically important codebases.
- The results from just those first few weeks: over 10,000 high- or critical-severity vulnerabilities found across that software.
- More recently, Anthropic announced a major expansion — extending access to roughly 150 additional organizations spread across 15+ countries, many of them operators of critical infrastructure. Cloud Software Group is one of the newest names added to that list.
So no — Mythos Preview isn't something you or I can spin up in a chat window. It's locked behind a vetting process, deployed under the security governance of each partner organization, specifically for defensive use.
Glasswing's rollout at a glance
| Phase | Approximate Scope | Notable Detail |
|---|---|---|
| Launch | ~12 founding partners | Included AWS, Apple, Google, Microsoft, CrowdStrike, NVIDIA, Palo Alto Networks |
| Early results | ~50 partners | 10,000+ high/critical vulnerabilities found across critical software in weeks |
| Expansion | ~150 additional organizations | Spans 15+ countries; many are critical infrastructure operators (e.g., Cloud Software Group) |
Mythos Preview vs. what's available to the rest of us
| Claude Mythos Preview | Claude Security (Enterprise beta) | Cyber Verification Program | |
|---|---|---|---|
| Access | Project Glasswing partners only | Claude Enterprise customers | Vetted security professionals |
| Purpose | Internal defensive testing on critical codebases | Security workflows within Enterprise plan | Legitimate offensive/defensive cyber work with fewer restrictions |
| Key capability | Autonomous vuln discovery, exploit writing, vuln chaining | Custom security skills, scanning/reporting framework, threat-modeling tool | Reduced guardrails for verified use cases |
| General availability | No — and none planned until safeguards mature | Public beta | Application/vetting based |
What about the rest of us?
If you're not part of Glasswing (and statistically, none of us reading this are), Anthropic has still pushed out some related capabilities more broadly:
- Claude Security, in public beta for Claude Enterprise customers
- A Cyber Verification Program, which lets vetted security professionals use Claude models with fewer restrictions for legitimate offensive/defensive security work
- Supporting tooling — custom skills, an automated scanning and reporting framework, and a threat-modeling tool for prioritizing attack targets
These aren't Mythos-level, but they're a sign of where things are heading — Anthropic clearly wants to get some of this capability into the hands of security teams in a controlled way, while the full model stays gated.
Why this matters if you work in vulnerability management or compliance
Here's the part I keep coming back to. Anthropic itself has said something that should make every VM/PC analyst sit up: they expect that within 6 to 12 months, other AI companies will have models with similar capabilities — and there's no guarantee those will come with the same safeguards.
Think about what that means practically for teams like ours:
- The volume problem gets worse before it gets better. If AI can find vulnerabilities faster than humans can verify, triage, and patch them, the bottleneck shifts. It's no longer "how do we find issues" — it's "how do we keep up with what's been found." Our scan-and-remediate cycles, exception processes, and reporting cadences may all need to get faster.
- Attackers get the same upgrade. Everything that makes Mythos-class models useful for defenders — autonomous discovery, exploit generation, vulnerability chaining — is equally useful to someone on the other side. The defensive head start that Project Glasswing represents won't last forever.
- Compliance frameworks will need to catch up. A lot of what we do — CIS benchmarks, control mappings, UDC development — assumes a relatively stable threat landscape where known-bad configurations get documented and checked. If AI-discovered zero-days start showing up at scale, our frameworks and SLAs for "time to patch" may need a serious rethink.
- "AI literacy" stops being optional for security teams. Even if we never touch Mythos itself, understanding how these models work, what they're capable of, and how organizations like Glasswing partners are using them is fast becoming table-stakes knowledge for anyone in this field.
Quick glossary
| Term | What it means |
|---|---|
| Mythos Preview | Anthropic's most advanced model to date, with unexpectedly strong cybersecurity capabilities |
| Project Glasswing | Anthropic's defensive coalition giving trusted orgs early access to Mythos for finding vulnerabilities in their own systems |
| Vulnerability chaining | Combining multiple individually low-impact flaws to achieve a more serious compromise |
| Cyber Verification Program | Anthropic's vetting process letting verified security professionals use Claude models with fewer restrictions for legitimate cyber work |
| Claude Security | A separate, publicly-available (Enterprise beta) security toolset — not the same as Mythos |
A starter checklist for VM/compliance teams
| Question to ask your team | Why it matters |
|---|---|
| Can our triage process absorb a sudden spike in findings? | AI-assisted discovery can surface far more issues than manual/traditional scanning |
| Are our SLAs for "time to patch" realistic if discovery accelerates? | Faster discovery without faster remediation widens the exposure window |
| Do our frameworks (CIS, NIST, internal baselines) account for AI-discovered vulnerability classes? | Existing control libraries may lag behind novel attack patterns |
| Are we tracking how AI tools are being adopted — by us and by adversaries? | Staying aware of both sides of the AI security curve helps with planning |
| Is there a plan to upskill the team on AI-assisted security tooling? | AI literacy is becoming a baseline skill, not a specialization |
My takeaway
I don't think the right reaction to Mythos Preview is panic — but I do think it's a signal worth paying attention to. Anthropic chose to not release their most capable model and instead built an entire coalition around using it responsibly first. That's a strong statement about how seriously they're taking the offense/defense balance of AI in security.
For the rest of us, the practical move isn't to wait for Mythos to trickle down to our toolset. It's to start asking: how AI-ready are our processes? Can our remediation pipelines handle a sudden spike in findings? Do our compliance frameworks have room to adapt to AI-discovered vulnerability classes? Are we, as individuals, building the skills to work alongside these tools rather than be caught off guard by them?
Mythos Preview might be locked away in Project Glasswing for now. But the conversation it's started — about how fast vulnerability discovery is about to accelerate, and whether our defenses can keep pace — is one every security practitioner should be part of.
Curious to hear what others think — are your teams already factoring "AI-discovered vulnerabilities at scale" into your planning, or does this still feel like a future problem?
