Anthropic · 2026-04-07 · seismic
Claude Mythos Preview + Project Glasswing: Anthropic's Restricted AI for Zero-Day Discovery
Claude Mythos Preview autonomously finds zero-days in every major OS and browser — 83.1% on cyberattack reproduction vs. Opus 4.6's 66.6%, with a 181× improvement on Firefox exploit generation. Released only to 12 industry partners via Project Glasswing. Accessed by an unauthorized group via URL-guessing on Day 1.
Anthropic's Mythos Preview autonomously discovers and exploits zero-days across every major OS and browser — the first frontier model Anthropic deemed too dangerous for public release.
Key specs
| Cyberattack reproduction score | 83.1% |
|---|---|
| Claude opus 4.6 baseline | 66.6% |
| Firefox exploit improvement over opus 4.6 | 181× |
| Oldest vulnerability found | 27 years (OpenBSD) |
| Launch partners | 12 |
| Usage credits committed | $100M |
| Open source security donations | $4M |
What is it?
On April 7, 2026, Anthropic announced Claude Mythos Preview and Project Glasswing — an industry coalition restricting Mythos access to 12 trusted partners: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic used Mythos internally to find thousands of zero-day vulnerabilities across every major operating system and web browser, including a 27-year-old OpenBSD bug and a 17-year-old FreeBSD remote code execution vulnerability (CVE-2026-4747). The $100M in usage credits and $4M in donations to open-source security organizations support the defensive disclosure effort. On April 21, an unauthorized group accessed the Mythos endpoint by guessing its URL based on familiarity with Anthropic's URL naming patterns.
How does it work?
Mythos Preview scores 83.1% on cybersecurity vulnerability reproduction, compared to 66.6% for Opus 4.6. On Firefox JavaScript exploit generation, Opus 4.6 succeeded roughly 0.6% of the time; Mythos achieved working exploits 181 times from similar attempts. It can chain multiple vulnerabilities together for privilege escalation, construct JIT heap sprays to escape browser sandboxes, and build multi-stage exploits without human intervention. Over 99% of discovered vulnerabilities remain unpatched during the coordinated disclosure window; Anthropic published SHA-3 hash commitments to establish discovery priority.
Why does it matter?
This is the first publicized case of a frontier lab deciding a model is too capable to release publicly — and demonstrating that decision with real, reproducible vulnerability discoveries rather than theoretical risk claims. The 181× improvement over the prior generation on Firefox exploit generation is a concrete capability jump. The unauthorized access incident (URL-guessing on Day 1) illustrates that 'restricted' model endpoints need security-by-design, not security-by-obscurity. For security practitioners, Mythos is the first public evidence that AI can autonomously operate as a high-skill offensive security researcher.
Who is it for?
Security researchers, ML safety practitioners, enterprise teams managing offensive AI risk and disclosure strategy