Claude Mythos: Anthropic's frontier AI & what it means for cyber security

What is Claude Mythos?

Claude Mythos is a general-purpose large language model built by Anthropic, the AI safety company behind the broader Claude family. It sits a tier above the publicly available Opus, Sonnet, and Haiku models. On paper, it is another step forward in coding and reasoning. In practice, it is the first frontier AI model that a major lab has openly declared too dangerous for general release.

The story actually started in March, not April. A misconfiguration in Anthropic's content management system exposed roughly 3,000 unpublished assets, including a draft blog post mentioning an unreleased model codenamed 'Capybara'. Embarrassing, yes — and a useful reminder that even AI safety companies have to get the basics right. Anthropic confirmed the model shortly after and officially launched it as Claude Mythos Preview on April 7, alongside a new initiative called Project Glasswing.

Mythos is not available through the standard Claude API. You cannot sign up for it. Access is gated, vetted, and tied to defensive use.

Why Mythos is different

Mythos was trained as a general-purpose model. During evaluations, Anthropic discovered it could outperform almost every human security researcher at finding and exploiting software vulnerabilities. The benchmark figures back this up: Mythos Preview scored 83.1% on the CyberGym vulnerability reproduction benchmark against 66.6% for Claude Opus 4.6, and 93.9% on SWE-bench Verified against 80.8%.

Benchmarks are one thing. The real-world findings are what should make you sit up.

According to Anthropic, Mythos Preview has discovered thousands of previously unknown (zero-day) vulnerabilities across every major operating system and web browser. Three examples stand out:

• A 27-year-old vulnerability in OpenBSD — an operating system that has built its entire reputation on being one of the most security-hardened in existence. The model found a flaw that allowed an attacker to remotely crash any machine running it, just by connecting.

• A 16-year-old flaw in FFmpeg, the video library that quietly sits underneath an enormous amount of software you use every day. Automated testing tools had executed the affected line of code five million times without flagging the bug.

• A chained sequence of bugs in the Linux kernel — the software running most of the world's servers — that allowed escalation from an ordinary user account to full machine control. Mythos found and chained these autonomously, with no human steering.

These are not theoretical bugs in obscure software. This is the plumbing of the modern internet.

What is Project Glasswing?

Project Glasswing is the defensive coalition Anthropic formed to put Mythos to work for defenders before the same capabilities show up on the attacker side. The founding partners are a who's-who of the technology industry: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Access has been extended to more than 40 additional organisations that build or maintain critical software infrastructure.

The premise is simple. Use Mythos to scan and harden the foundational software the world runs on, before adversaries develop comparable AI tools of their own. Anthropic has committed up to US$100 million in usage credits across the program and another US$4 million in direct donations to open-source security organisations, including the Linux Foundation, OpenSSF, and the Apache Software Foundation.

The name is taken from the glasswing butterfly, whose transparent wings let it hide in plain sight. A nice metaphor — though we suspect the marketing team did some heavy lifting on that one.

Why this matters in Australia

It is tempting to read all of this as a Silicon Valley story. It is not. Most Australian businesses run software made by the companies in the Glasswing coalition, and most of our critical infrastructure — banks, hospitals, energy, telcos — sits on top of the same operating systems and libraries Mythos has been probing. When the next wave of patches lands, Australian IT teams will be patching alongside everyone else. The ASD's Essential Eight already places patching applications and operating systems in its top tier. Mythos is the strongest argument yet for taking those mandates seriously, not as a compliance checkbox but as an active defensive posture.

The recent run of breaches affecting Australian organisations — from Optus and Medibank to more recent incidents — already showed how slow response and unpatched systems compound damage. Mythos-class tooling, in the wrong hands, makes that delay far more expensive.

The implications for cyber security teams

Mythos is a defensive tool today. Tomorrow is a different story.

Anthropic itself estimates that comparable capabilities will proliferate from other AI labs within six to eighteen months. OpenAI is reportedly developing a model with similar abilities, and there is no realistic scenario in which state-sponsored actors do not pursue the same. The defensive head start Glasswing offers is real, but it has a clock on it.

A few things change as a result.

The patch window has collapsed

The gap between a flaw being disclosed and being exploited used to be measured in weeks. For some classes of vulnerability it is now measured in hours. Patch management, system hardening, and rapid incident response are not best practices anymore. They are the bare minimum.

Old code is suddenly risky code

The OpenBSD and FFmpeg findings are the headline story here. Decades-old codebases that survived years of human and automated review can no longer be assumed safe. If your organisation runs legacy systems, custom-built software, or older open-source libraries, expect more disclosures over the next year. Plan for it.

Open-source supply chains are exposed

Most modern software is built on open-source components. Many of those components are maintained by a handful of unpaid volunteers in their spare time. Glasswing helps maintainers patch — but the same tools will, eventually, be turned the other way. Knowing your software bill of materials is no longer a nice-to-have.

AI is now part of the threat model

If your risk register does not mention AI-augmented vulnerability discovery, it is out of date. This is not a future risk. It is a current one.

How to actually prepare

Enough of the bad news. Here is what to do about it.

Know what you run. Audit your software inventory, including versions and end-of-life status. You cannot defend an unknown.

Tighten the patching cadence. Monthly is too slow for internet-facing systems. Push towards continuous patching where you can, and automate the parts you can automate.

Invest in detection, not just prevention. Assume some flaws will be exploited before they are patched. SIEM, endpoint detection, and behavioural analytics matter more as the time-to-exploit shrinks.

Map your third-party exposure. If your business depends on a handful of widely used libraries, those libraries are now research targets — for defenders and attackers alike.

Don't fire your security team and replace them with AI. This will be tempting in some boardrooms. It is a mistake. AI augments human defenders; it does not replace them. The teams that come out of this era ahead will be the ones that resourced both.

Ask your vendors what they are doing. Cloud, software, and security providers will all be adapting their practices. If they cannot tell you how they are responding to Mythos-class capabilities, that itself is information.

A final word

Claude Mythos is a genuine inflection point. Anthropic's decision to hold the model back, rather than ship it and let the market sort it out, says a lot about where AI capabilities have reached. The next twelve to eighteen months will determine whether defenders or attackers benefit most from this new generation of tools — and honestly, the early signs are mixed. The defenders have the head start. The attackers have time, motivation, and fewer scruples.

For Australian businesses, the message is straightforward: the old assumptions about how long a vulnerability can sit undiscovered, or how much skill is required to weaponise one, no longer apply. Update your thinking accordingly. For help getting your organisation ready for the AI-driven cyber security era, contact us at enquiries@xiphcyber.com.