Anthropic built its most powerful model yet โ and then decided the world wasn't ready for it. Here's what Mythos can do, why it was restricted, and what it means for everyone online.
In the history of technology, it is rare for a company to build something, confirm it works extraordinarily well, and then deliberately choose not to release it. That is exactly what Anthropic has done with Claude Mythos Preview โ and the reason they gave is one of the most consequential statements in AI history: the model poses "unprecedented cybersecurity risks."
This is not a PR headline. It is a technical reality, verified independently by the UK's AI Security Institute and documented in painstaking detail by Anthropic's own research team. Understanding what Mythos is, what it can do, and why it was restricted is essential for anyone operating a business, managing data, or simply using the internet in 2026.
Claude Mythos Preview, announced on April 7, 2026, is Anthropic's newest and most powerful AI model. On the surface it is a general-purpose language model โ the same category as ChatGPT or standard Claude โ capable of writing, reasoning, coding, and analysis.
But during internal testing, something unexpected emerged. The model turned out to be strikingly capable at a specific and dangerous task: finding and exploiting security vulnerabilities in software โ autonomously, at scale, and with a success rate that alarmed even the engineers who built it.
During testing, Mythos Preview was capable of identifying and exploiting zero-day vulnerabilities โ previously undiscovered security holes โ in every major operating system and every major web browser. The oldest vulnerability it found was a 27-year-old bug in OpenBSD, an OS known specifically for its security focus.
Critically, Anthropic did not train Mythos to have these capabilities. They emerged as a natural consequence of general improvements in the model's reasoning, coding, and autonomous task execution โ the same improvements that make it better at legitimate software development also make it better at breaking software security.
To understand how significant this is, compare Mythos against Anthropic's previous best model, Claude Opus 4.6, on the same security benchmark.
In one specific test, both models were asked to find vulnerabilities in Mozilla's Firefox 147 JavaScript engine and turn them into working exploits. Opus 4.6 succeeded twice out of several hundred attempts. Mythos succeeded 181 times โ and achieved partial control on 29 additional attempts.
The exploits were not simple. In one case, Mythos wrote a browser exploit that chained together four separate vulnerabilities, constructing a technique that escaped both the browser's renderer sandbox and the operating system's own protections. In another, it wrote a remote code execution exploit for a server that gave full administrative access to unauthenticated users โ with no human guidance beyond the initial instruction.
Anthropic engineers with no formal security training asked Mythos Preview to find remote code execution vulnerabilities overnight. They woke up the following morning to complete, working exploits โ ready to use. This is not a capability that previously existed outside of elite specialist security teams.
The existence of Claude Mythos was not announced on Anthropic's schedule. The model was inadvertently leaked on March 26, 2026, when a draft blog post describing the model was found in a publicly accessible, unsecured data cache โ and reviewed by journalists at Fortune magazine before Anthropic could remove it.
Anthropic's response to their own discovery was to launch Project Glasswing โ a coordinated initiative to deploy Mythos Preview specifically to help find and fix vulnerabilities before malicious actors can exploit them. Rather than shelving the model or releasing it publicly, they chose a third path: controlled deployment for defence.
Access is restricted to a small group of critical infrastructure operators, cybersecurity firms, and vetted partners. Anthropic has offered up to $100 million in usage credits to partners and is coordinating closely with government stakeholders. CrowdStrike, a founding member of the security coalition, described the model as fundamentally reshaping what's possible in both offensive and defensive cybersecurity.
The same frontier models that expand the attack surface give defenders a capability advantage that did not exist a year ago โ discovering vulnerabilities, detecting threats, and responding to incidents faster than ever before.
โ Anthropic, Project Glasswing announcement
Anthropic's position is nuanced: they believe that in the long run, powerful AI will benefit defenders more than attackers, because defenders have more resources, infrastructure, and incentive to use these tools systematically. But they acknowledge the transition period is dangerous โ and that releasing Mythos publicly before defences are in place would hand attackers a significant asymmetric advantage.
It is tempting to view Claude Mythos as a story about elite AI researchers and government security agencies โ a world away from everyday business owners and entrepreneurs. That would be a mistake.
The capabilities Mythos demonstrated will not remain exclusive to Anthropic for long. Anthropic itself has acknowledged that similar capabilities from other AI providers are likely within months. The question is not whether AI-powered vulnerability discovery will become widespread โ it is how quickly, and whether defences will keep pace.
For business owners: If you run a website, store customer data, or use cloud services, your attack surface is real. Review your hosting provider's security practices, ensure software and plugins are updated, use strong authentication, and consider a basic security audit if you haven't had one recently.
For developers: The same AI that finds vulnerabilities can help you fix them. Models like Mythos (and future public equivalents) will make automated security scanning standard practice. Building security review into your development workflow now is the right preparation.
For everyone: Keep software updated. Use a password manager. Enable two-factor authentication everywhere. These fundamentals become more important, not less, as automated exploit tools become more capable.
Claude Mythos represents something more significant than a powerful new model. It marks a moment where AI capabilities crossed a threshold that required a genuinely different response โ not a press release and a product launch, but a coordinated effort involving governments, financial institutions, and cybersecurity firms.
Anthropic's decision to restrict the model rather than release it is itself notable. It reflects a belief โ controversial in some quarters โ that the responsible path is not always the most commercially aggressive one. Whether that decision holds as competitive pressure mounts remains to be seen.
What is certain is this: the AI systems being built today are no longer just productivity tools. They are consequential infrastructure โ with the power to secure or threaten the software that the modern world runs on. Understanding them, even at a high level, is no longer optional for anyone serious about operating in the digital economy.