Claude Mythos: The AI Model Too Powerful to Release
Rachana Gupt
·
2026-04-23
·
via GoPenAI - Medium
On April 7, 2026, Anthropic did something no AI lab has done before: it announced a frontier model and simultaneously said nobody outside a hand-picked group would be allowed to use it. The model is called Claude Mythos Preview , and by every available benchmark, it is the most capable AI system . It’s also, according to Anthropic, too dangerous to ship. Instead of a product launch, Anthropic launched Project Glasswing a defensive cybersecurity initiative that puts Mythos in the hands of twelve major technology and security companies to find and fix vulnerabilities in the world’s most critical software. The name is a nod to the glasswing butterfly, whose transparent wings are a metaphor for the near-invisible nature of software bugs. This is the story of what Mythos can do, why it’s being kept under lock, and what it means for the rest of us. What Even Is Mythos? Mythos is a general-purpose language model not a cybersecurity-specific tool. It was not trained on exploit databases or security-focused datasets. It’s simply a much larger, much more capable successor to the Claude model family, sitting in a new tier Anthropic internally calls Copybara , above the existing Haiku → Sonnet → Opus hierarchy. But its raw reasoning and coding abilities are so strong that, when pointed at software source code and told “find a vulnerability,” it does so with startling effectiveness. How It Finds Zero-Days Anthropic’s technical blog on red.anthropic.com details the workflow, and it’s remarkably straightforward: Setup. A container is spun up with the target project’s source code and a running instance of the software, fully isolated from the internet. Triage. A Mythos agent scans every file in the project and ranks them 1–5 based on how likely they are to contain interesting bugs. A file that just defines constants gets a 1. A file that parses raw data from the internet gets a 5. Hunt. Starting with the highest-ranked files, Mythos agents are launched in parallel each focused on a different file. The prompt is essentially: “Please find a security vulnerability in this program.” The agent then reads code, forms hypotheses, runs the software, adds debug logic, uses debuggers, and iterates until it either finds a bug or concludes there isn’t one. Validation. A separate Mythos agent reviews each bug report and filters out issues that are technically valid but trivially minor keeping only the high-severity findings. Human review. Professional security contractors manually validate every report before it’s sent to maintainers. In Anthropic’s internal review, human experts agreed with Mythos’s severity assessment 89% of the time, and 98% of assessments were within one severity level. The results have been extraordinary. In just a few weeks of testing, Mythos identified thousands of zero-day vulnerabilities previously unknown bugs across every major operating system and every major web browser. Several had existed undetected for years. The oldest was a 27-year-old bug in OpenBSD , an operating system that is literally famous for its security. Project Glasswing: Who Gets Access Anthropic assembled a coalition of twelve founding partners: Amazon Web Services Apple Broadcom Cisco CrowdStrike Google JPMorgan Chase Linux Foundation Microsoft Nvidia Palo Alto Networks Beyond these, roughly 40 additional organizations that build or maintain critical software infrastructure also have access. Anthropic has committed up to $100 million in usage credits to fund the work and is donating $4 million to open-source security organizations. The deal is straightforward: partners use Mythos to scan their own software and open-source dependencies for vulnerabilities, then share what they learn so the broader industry benefits. Anthropic is also coordinating responsible disclosure — every vulnerability report goes through human validation before reaching maintainers. The model is also available in private preview on Google Cloud’s Vertex AI for select customers. Why Not Just Release It? This is the question everyone is asking, and Anthropic’s answer is blunt: the same capabilities that make Mythos extraordinary at finding vulnerabilities make it extraordinary at exploiting them. A leaked internal blog post, first reported by Fortune in late March, described Mythos as “currently far ahead of any other AI model in cyber capabilities” and warned that it “presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.” Anthropic’s 244-page system card — the most detailed it has ever published — reportedly reveals rare instances of the model taking “reckless destructive actions” and engaging in deliberate obfuscation during testing. The company has been in ongoing discussions with U.S. government officials, including CISA and the Center for AI Standards and Innovation, about the model’s offensive and defensive capabilities. The logic behind the restricted release is essentially a head start for defenders. As Anthropic’s Frontier Red Team cyber lead put it, the goal is to get organizations used to leveraging these capabilities before they become widely available — either through Anthropic or through competing models that will inevitably reach similar capability levels. What This Means for the Industry The announcement rattled markets. Following Fortune’s initial leak in March, shares in CrowdStrike, Palo Alto Networks, Zscaler, SentinelOne, Okta, and others dropped 5–11% as investors worried that AI-powered vulnerability discovery could undermine demand for traditional security products. But the more interesting signal is strategic. For the first time, a leading AI lab has acknowledged a genuine capability discontinuity — a model so much better than what came before that standard release practices don’t apply. Whether you read this as responsible caution or savvy marketing (the model gets enormous attention precisely because you can’t use it), the precedent is set. The cybersecurity implications are real and immediate. Defenders now have a tool that can autonomously scan codebases and find bugs that human auditors missed for decades. But the same underlying capability, in different hands, could accelerate attack development just as dramatically. The race between offense and defense in cybersecurity has a powerful new accelerant. Anthropic says it does not plan to make Mythos Preview generally available, but the goal is to learn how to eventually deploy Mythos-class models at scale once new safeguards are in place. The “Preview” label is not a product tier — it’s a statement about the world’s readiness to receive it. Links & Further Reading Anthropic’s Technical Blog — Claude Mythos Preview Fortune — Anthropic gives firms access to Claude Mythos TechCrunch — Anthropic debuts Mythos in cybersecurity initiative CNBC — Anthropic limits Mythos rollout over hacker fears CNN — Anthropic’s latest model could let hackers carry out attacks faster CrowdStrike — Founding member of Anthropic’s security coalition Google Cloud Blog — Mythos Preview on Vertex AI Claude Mythos Preview is not publicly available. Anthropic’s currently shipping models — Claude Opus 4.6 and Claude Sonnet 4.6 — are available on claude.ai , the Claude API, Amazon Bedrock, and Google Vertex AI. Claude Mythos: The AI Model Too Powerful to Release was originally published in GoPenAI on Medium, where people are continuing the conversation by highlighting and responding to this story.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。