anthropic

Anthropic's Mythos Preview: The AI That Breaks Cybersecurity's Golden Rule

9 min read

Anthropic's Mythos Preview: The AI That Breaks Cybersecurity's Golden Rule

When the makers of Claude admit they've created something they can't safely release, the entire cybersecurity industry must pay attention.

On April 20, 2026, Anthropic did something unprecedented in the modern AI era: they announced a breakthrough model and simultaneously announced they would not be releasing it to the public. Claude Mythos Preview, Anthropic's most capable AI model for cybersecurity tasks, demonstrated abilities so concerning that the company opted for a highly restricted rollout to fewer than 40 organizations under a program they're calling Project Glasswing.

This isn't marketing theater. This is the first time since OpenAI's GPT-2 in 2019 that a frontier AI lab has withheld a model from public release due to safety concerns. And the implications are profound.

What Makes Mythos Different

Claude Mythos Preview is not a specialized hacking tool. It's a general-purpose language model that, through training and scaling, developed emergent capabilities that shocked its creators. During internal testing, Mythos demonstrated:

These aren't incremental improvements. These capabilities represent a qualitative shift in what AI can do in cybersecurity contexts.

The Numbers Behind the Concern

The cybersecurity landscape was already deteriorating before Mythos. According to CrowdStrike data cited in security analyses, AI-enabled cyber attacks increased 89% in 2025 compared to the previous year. More concerning, the average "breakout time" — the window between initial system access and malicious action — collapsed to just 29 minutes, a 65% acceleration from 2024.

Mythos threatens to compress that timeline further while expanding the attack surface dramatically. The model identified "thousands of high-severity vulnerabilities" across critical infrastructure software during testing. Each represents a potential entry point that defensive teams may not even know exists.

The economic implications are staggering. IBM's 2025 Cost of a Data Breach report (released before Mythos) already pegged the average breach at $4.88 million. With AI-augmented attackers capable of finding and exploiting zero-days at machine speed, that figure seems poised to rise substantially.

Understanding Project Glasswing

Anthropic's response to Mythos's capabilities reveals how seriously they take the threat. Project Glasswing provides restricted access to:

The stated purpose: give these organizations the ability to find and patch vulnerabilities before adversaries can exploit them. It's essentially a "change the locks before someone copies the keys" strategy.

But this approach raises uncomfortable questions:

Why these companies and not others? The selection criteria for Glasswing access remain opaque. Anthropic has said they're prioritizing "critical infrastructure operators," but that definition is broad and the actual list has never been fully disclosed.

What about everyone else? Small and medium enterprises, government agencies outside the initial cohort, educational institutions — all face the same vulnerable software but lack access to the most capable defensive tool ever created.

How long can the restriction hold? Anthropic co-founder Jack Clark acknowledged the obvious: "This is not a special model. There will be other systems just like this in a few months from other companies, and then a year to a year and a half later, there will be open-weight models from China that have these capabilities."

The Dual-Use Dilemma

Mythos crystallizes AI's dual-use problem in cybersecurity. The same capabilities that make it extraordinarily valuable for defense also make it extraordinarily dangerous in the wrong hands.

Former FBI Cyber Division deputy assistant director Cynthia Kaiser, now at cybersecurity firm Halcyon, articulated the central tension: "We've been talking a long time about how AI has made initial access a lot easier for adversaries to accomplish. Being able to autonomously find hidden vulnerabilities to exploit further streamlines that process."

But there's a crucial caveat: access doesn't automatically equal compromise. "Just because an actor gets in doesn't mean they get everything," Kaiser noted. Proper network segmentation, zero-trust architecture, and defense-in-depth strategies remain effective even against AI-augmented attackers.

The question is whether organizations have implemented these protections — and the evidence suggests most haven't.

The Nation-State Variable

What worries security professionals most isn't lone hackers getting Mythos access. It's nation-states with resources and motivation to either develop equivalent capabilities or extract them from Anthropic's safeguards.

China, in particular, has demonstrated fast-follower capability in AI. DeepSeek's models proved Chinese labs can achieve competitive results with fewer resources. If China develops Mythos-equivalent capabilities internally, or manages to jailbreak Anthropic's restrictions, the strategic calculus shifts dramatically.

Iran and North Korea present different but equally concerning scenarios. Both have demonstrated willingness to conduct cyber operations against U.S. targets. Neither has historically possessed the sophisticated capabilities required for zero-day development at scale. Mythos — or equivalent models — could level that playing field.

"Those are nation-states that we have not traditionally categorized as near peers, largely because of the lack of ability to execute complex kill chains, develop zero-day attacks, and weaponize them effectively against us," noted Adam Maruyama, a former NSA and Defense Department official now working as an independent security consultant.

Defensive Adaptation Strategies

Organizations can't wait for perfect solutions. Several defensive strategies are emerging as best practices in the Mythos era:

1. Zero-Trust Architecture

The perimeter-based security model — assume everything inside the firewall is safe — is obsolete. Zero-trust assumes breach and requires continuous verification of every user, device, and transaction. Mythos's capabilities make this transition urgent rather than optional.

2. Automated Patch Management

If AI can find vulnerabilities at machine speed, human-powered patching processes can't keep pace. Organizations need automated systems that can deploy patches within hours of release, not weeks or months.

3. Behavioral Monitoring

Even with zero-day exploits, attackers must still achieve objectives — data exfiltration, system disruption, lateral movement. Behavioral monitoring that flags anomalous activity can catch AI-augmented intrusions even when the initial entry vector is unknown.

4. Network Segmentation

Mythos or its successors may find a way into your network. The question is what they can access once inside. Proper segmentation ensures that compromising one system doesn't mean compromising everything.

5. AI-Augmented Defense

The same technology powering attacks can power defense. Microsoft's Security Response Center has already integrated AI for vulnerability triage and response. Other organizations will need to follow suit.

OpenAI's Parallel Response

Anthropic wasn't alone in recognizing the danger. One week after the Mythos announcement, OpenAI announced GPT-5.4-Cyber, a similarly restricted model for cybersecurity professionals.

The back-to-back announcements suggest industry-wide recognition that unrestricted release of advanced cybersecurity AI poses unacceptable risks. They also raise the question of coordination: did Anthropic and OpenAI discuss their approaches, or did both independently reach the same conclusion?

Either way, the emerging industry consensus is clear: some AI capabilities are too dangerous for open release, at least under current conditions.

The Long Game: Self-Healing Systems

Stanislav Fort, a former Anthropic and Google DeepMind researcher who founded AI security platform AISLE, offers an optimistic longer-term perspective. AI could eventually identify and fix the "finite repository" of historical security flaws, proactively preventing exploitation rather than reactively patching vulnerabilities.

"We are gradually finding fewer and fewer zero days, of the worst kinds we can imagine," Fort noted. Once that process is complete, "the technology could be used to proactively make sure nothing bad comes in [and] meaningfully increase the security level of the whole world as a result."

But that vision requires surviving the transition period — the gap between AI-augmented offense and AI-augmented defense. Cynthia Kaiser estimates that period at roughly a decade: "There's this period where things are going to be more vulnerable."

The Regulatory Void

One striking aspect of the Mythos announcement: the absence of regulatory framework. Anthropic made this decision independently, without government mandate or oversight.

This reflects the broader reality of AI governance. Despite years of discussion, the U.S. lacks comprehensive AI regulation. The EU's AI Act covers some applications but leaves cybersecurity largely unaddressed. Individual companies are making consequential decisions about dangerous technology with minimal external accountability.

Anthropic's choice to restrict Mythos appears to be the right call. But what happens when a less cautious actor develops equivalent capabilities? The current system assumes voluntary restraint from all major players — a fragile foundation for global security.

What Organizations Should Do Now

For security leaders reading this, the implications are immediate:

Audit your vulnerability management program. If it relies primarily on human-paced processes, it's inadequate for the threat landscape Mythos represents.

Review your exposure. What critical systems rely on software that might contain undiscovered vulnerabilities? What would happen if those vulnerabilities were systematically discovered and exploited?

Consider your network architecture. Can you contain a breach when the attacker knows vulnerabilities you don't? If not, segmentation needs to improve.

Engage with Project Glasswing. If your organization qualifies as critical infrastructure, pursue access. The application process is selective but worth attempting.

Prepare for the open-source equivalent. Jack Clark's prediction isn't speculation — it's a near-certainty. Organizations should assume Mythos-class capabilities will be widely available within 12-24 months and plan accordingly.

The Bottom Line

Claude Mythos Preview represents something genuinely new in AI development: a capability so powerful its creators won't release it. This isn't a hypothetical future risk. It's happening now.

The cybersecurity industry has spent decades learning that security through obscurity doesn't work — that vulnerabilities must be discovered and patched, not hidden. Mythos challenges that orthodoxy. When discovery itself becomes dangerous, the old rules no longer apply.

Anthropic's restriction is a stopgap, not a solution. The hard work of building defensive capabilities that can survive in a world of AI-augmented offense remains ahead. But at minimum, Mythos has forced a necessary conversation about where AI's capabilities are taking us — and whether we're prepared for what comes next.

The genie is partially out of the bottle. The question now is whether we can learn to live with it.

--