Anthropic built something so capable at finding security flaws that they decided not to release it. Instead, they called Cisco, Google, Microsoft, and a dozen others. Here's what's actually going on.
Usually, when a tech company builds something impressive, they can't wait to show it off. Anthropic just did the opposite. They built a version of Claude called Mythos Preview, saw what it could do, and essentially locked it in a vault. Then they started making phone calls.
Mythos is not just smart at coding. It is a savant at finding the tiny, invisible cracks in the foundation of the internet. Cracks that humans have walked over for decades without noticing. And once it finds one, it does not just point at it. It figures out exactly how to walk through it.
The Finds That Stopped Everyone
To understand why Anthropic reacted the way they did, you need to know about two specific discoveries. The first involves OpenBSD. If you are not a developer, think of OpenBSD as the Fort Knox of operating systems. It is built by people who are obsessed with security, used to run firewalls and critical infrastructure around the world. Mythos found a vulnerability in it that had been sitting there, completely undetected, for 27 years. Nobody had caught it since the 1990s. The AI found it in hours.
The second case involves FFmpeg, the software that handles video for most of the internet. When you watch a clip online, FFmpeg is almost certainly involved. It had been put through five million automated tests over 16 years. Security researchers call this fuzzing — essentially throwing millions of random inputs at a program until something breaks. It is brute force testing at scale, and it had missed this flaw every single time. Mythos found it not by guessing randomly, but by reasoning about how the code actually works. That is the difference.
"AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure... the old ways of hardening systems are no longer sufficient."
Anthony Grieco, Chief Security and Trust Officer, Cisco
Finding bugs is one thing. What makes Mythos different is what comes next. It does not just say there is a hole here. It works out exactly how to get through it, chain it together with other weaknesses, and take over the system on the other side. Less like a smoke detector, more like a master lockpick who also knows the floor plan.
Why They Are Not Hitting Publish
If Anthropic released Mythos to the public tomorrow, every malicious actor on earth would have a tool capable of finding and exploiting flaws in the software that runs hospitals, banks, power grids, and government systems. Dario Amodei and Anthropic's safety team have been explicit: this is a dual-use capability. The same thing that makes it invaluable for defenders makes it dangerous in the wrong hands. So instead of a product launch, they started Project Glasswing.
They reached out to Cisco, Google, Microsoft, Apple, NVIDIA, and eight other major organizations with a clear message: we need to find and fix these holes before someone else builds a tool like this who does not care about the consequences. More than 40 additional organizations that build critical software infrastructure joined as well. Anthropic put $100 million in usage credits and $4 million in direct funding behind the effort to make it real.
Access is tightly controlled. Partners can only use Mythos to scan their own infrastructure and open-source dependencies. Nobody gets to point it at someone else's systems. The logic is a race against time. Other AI labs are advancing. Bad actors will eventually build something comparable. The window to harden the world's software before that happens is open now, and Anthropic is trying to use it.
As for whether Mythos ever gets a wider release: Anthropic has said it will remain restricted until guardrails exist that are as advanced as the model's own capabilities. Until then, if you are not a security researcher at one of the Project Glasswing partner organizations, you will not be getting access.
Cisco's role is not ceremonial. The company's networking equipment carries a significant portion of the world's internet traffic, which makes it a high-value target. Grieco described what Mythos found in Cisco's own systems as illuminating, without saying exactly what that means. That word choice suggests the testing did not come back clean.
The Part That Should Actually Worry You
Here is the uncomfortable number from the announcement. Fewer than 1% of the vulnerabilities Mythos has found have actually been fixed.
The AI is not the bottleneck. We are. Mythos can surface a 20-year-old flaw in seconds. But it still takes a human engineering team days or weeks to understand it, write a fix, test that fix, and push it out without accidentally breaking something else in the process. The finding is instant. The repair is slow.
Jim Zemlin, who runs the Linux Foundation, put the underlying problem plainly. For decades, serious security work has only been affordable for large organizations with dedicated teams. The open-source software that most of the world runs on has been maintained largely by small groups without that kind of resource. Project Glasswing is trying to change that ratio before a similar tool ends up in less careful hands.
There is a business dimension to this that boards have not fully absorbed yet. For decades, companies operated on an informal assumption: finding a flaw in old, legacy code was expensive and time-consuming, so most attackers would not bother. Mythos has effectively reduced the cost of finding a 20-year-old vulnerability to near zero. That assumption no longer holds. Every piece of legacy infrastructure is now a live target, whether or not anyone has looked at it recently.
Finding the flaws turned out to be the solvable part. Getting them fixed is the harder problem, and nobody has cracked it yet.
Mythos is controlled for now. Anthropic has no plans to release it publicly. But the model exists, and the capability it represents will not stay exclusive forever. Similar tools will eventually reach people who do not share Anthropic's caution about using them.
In the meantime, a divide is opening. Companies inside Project Glasswing have a head start on vulnerabilities the rest of the world does not yet know exist. Enterprises are starting to ask their vendors a simple question: is your software being audited by AI at this standard? If the answer is no, that vendor is increasingly seen as a supply chain risk.
The head start is real. The question is what gets done with it. When the version without a kill switch shows up, will the foundations have been fixed? Or will we still be working through a 27-year backlog?
Sources
- Anthropic. "Project Glasswing: Securing Critical Software for the AI Era." Anthropic, 7 Apr. 2026, anthropic.com/glasswing.
- Anthropic Frontier Red Team. "Claude Mythos Preview." Anthropic Red Team, 7 Apr. 2026, red.anthropic.com.
- Grieco, Anthony. "Rising to the Era of AI-Powered Cyber Defense." Cisco Blogs, 7 Apr. 2026, blogs.cisco.com.
- Sharma, Ankush. "Anthropic Says Its Most Powerful AI Cyber Model Is Too Dangerous to Release Publicly." VentureBeat, 8 Apr. 2026, venturebeat.com.
- "Tech Giants Launch AI-Powered Project Glasswing to Secure Critical Software." CyberScoop, 7 Apr. 2026, cyberscoop.com.
