Anthropic Unveils Claude Mythos to Find Critical Software Flaws Before Attackers Do

What happened

Anthropic unveiled Claude Mythos Preview as the model behind Project Glasswing, a new effort aimed at securing critical software before advanced cyber capabilities spread more widely. The company said Mythos is a major step beyond its current Haiku, Sonnet, and Opus model tiers and is designed with especially strong agentic coding and reasoning skills. Anthropic said the model has already identified thousands of zero-day vulnerabilities, including critical flaws that had remained undiscovered for years. The company also said Mythos autonomously found and chained Linux kernel vulnerabilities that could let an attacker escalate from ordinary user access to full machine control. Anthropic is not making Mythos Preview generally available and instead is using it through Project Glasswing and limited access for organizations that build or maintain critical software. 

Who is affected

The direct impact falls on organizations involved in critical software, open-source maintenance, and core infrastructure security. Anthropic said Project Glasswing includes partners such as Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, and Palo Alto Networks, and that more than 40 additional organizations that build or maintain critical software are also being given access to use the model to scan and secure their systems. 

Why CISOs should care

This matters because Anthropic is framing Claude Mythos as a defensive breakthrough that can uncover serious vulnerabilities faster and at greater scale than existing approaches. At the same time, the company is explicitly warning that the same level of capability could supercharge offensive cyber activity if it becomes available to malicious actors. The launch also underscores how quickly AI capability is advancing relative to the slower pace of securing critical software ecosystems. 

3 practical actions

1. Track critical software exposure: Identify which core products, open-source components, and internally maintained systems would create the greatest risk if long-hidden vulnerabilities were uncovered at scale. 
2. Prepare for faster vulnerability discovery cycles: Assume that serious flaws may be found more quickly and in larger numbers as frontier AI models are applied to code review and exploit research. 
3. Treat advanced AI security tooling as a governance issue: Make sure leadership understands that highly capable cyber-focused AI can strengthen defense while also raising the potential speed and sophistication of future attacks. 

For more news about enterprise security developments and cyber defense innovation, click Cybersecurity to read more.