Anthropic’s new Mythos model hit headlines in April 2026 with big impacts to the cybersecurity world. Claude Mythos Preview found thousands of high-severity vulnerabilities, including some in every major operating system and every major web browser. Some of those bugs had been sitting undetected for decades. Software that survived millions of automated tests and decades of human review was cracked in hours.
Mythos Preview won't be gated behind Project Glasswing for much longer. Anthropic announced in late May that Mythos-class models will be available to all customers in the coming weeks. OpenAI is already there: GPT-5.5-Cyber, a peer model, launched in May with comparable offensive security capabilities. The window in which only vetted defenders had access to these tools is closing quickly.
Claude Mythos found working exploits in OpenBSD, Linux, and every major browser
99% of the vulnerabilities Mythos has found remain unpatched.
Here are a few examples from Anthropic's technical red team report:
- A 27-year-old OpenBSD bug – OpenBSD is one of the most security-hardened operating systems in the world, widely used to run firewalls and critical internet infrastructure. Mythos found a vulnerability that allowed an attacker to remotely crash any machine running it just by connecting to it.
- A 16-year-old FFmpeg vulnerability – FFmpeg handles video encoding and decoding for nearly every major service that touches video. Mythos found a bug in a line of code that automated testing tools had hit five million times without ever catching the problem.
- Linux kernel privilege escalation – Mythos autonomously found and chained together several vulnerabilities in the Linux kernel, allowing an attacker to escalate from ordinary user access to complete control of the machine.
- FreeBSD remote code execution – Mythos autonomously identified and exploited a 17-year-old vulnerability that allowed anyone to gain full root access to a machine running NFS, starting from an unauthenticated user anywhere on the internet.
- Web browser exploits – Mythos found and exploited vulnerabilities in every major web browser, in one case chaining together four vulnerabilities to escape both the browser renderer and OS sandbox simultaneously.
- Cryptography library weaknesses – Mythos identified weaknesses in widely-used implementations of TLS, AES-GCM, and SSH that could allow an attacker to forge certificates or decrypt encrypted communications.
It doesn’t stop at finding vulnerabilities. Engineers at Anthropic with no formal security training asked Mythos Preview to find remote code execution vulnerabilities overnight, and woke up the following morning to a complete, working exploit.
Watch Anthropic security researcher explain it himself
Before Mythos was even announced, Anthropic Research Scientist Nicholas Carlini gave a talk at [un]prompted 2026 called "Black-hat LLMs" that most people outside the security community missed. It starts off technical and gets bigger picture as it goes. It's worth your time.
Speaking at the conference, Carlini said: "We now have a number of remotely exploitable heap buffer overflows in the Linux kernel. I have never found one of these in my life before. This is very, very, very hard to do. With these language models, I have a bunch."
A few stats from the talk that put the scale in perspective:
- The workflow is commodity-level simple – Carlini described running a trivial bash script across every source file in a repository, prompting the model to find exploitable vulnerabilities, then running a second pass to verify exploitability – with a near-100% success rate. Any motivated actor can replicate it.
- Volume is already surging – Chrome's vulnerability submissions in March 2026 already exceeded several times the total from the whole year of 2025. Firefox saw a similar surge – roughly 25% of all bugs found in an entire prior year were submitted in a single batch. IBM's 2026 X-Force Threat Intelligence Index subsequently reported a 44% year-over-year increase in attacks targeting public-facing applications, directly attributing the surge to AI-enabled vulnerability discovery.
- The capability curve doubles roughly every four months. What's possible today will seem primitive by year end.
From 2 exploits to 181: how Mythos compares to the previous generation of AI security tools
Security tooling has always been asymmetric – fuzzers, static analysis, penetration testing. These tools found vulnerabilities and bugs, but they needed to be pointed in the right direction, they were slow, and they still required significant human expertise to turn a finding into a working exploit.
Mythos changed the equation. Some numbers that illustrate the jump from the previous generation of models to Mythos:
- Exploit development success rate – Opus 4.6 turned known Firefox JavaScript engine vulnerabilities into working shell exploits twice out of several hundred attempts. Mythos developed working exploits 181 times from the same starting point.
- Autonomous exploit development – Opus 4.6 had a near-0% success rate at autonomous exploit development. Mythos operates in a different league entirely.
- Vulnerability reproduction benchmark (CyberGym) – Mythos scored 83.1%. Opus 4.6 scored 66.6%.
- Agentic coding (SWE-bench Verified) – Mythos scored 93.9%. Opus 4.6 scored 80.8%.
These capabilities came from general improvements in code, reasoning, and autonomy – not explicit security training. The capability is a byproduct of making the model better at everything. It will keep improving whether anyone wants it to or not.
OpenAI's GPT-5.5-Cyber matches Mythos on offensive security benchmarks
When Mythos Preview launched in April, it was the only model of its kind. That changed fast.
OpenAI released GPT-5.5 in April 2026 and followed it with GPT-5.5-Cyber in May – a fine-tuned variant built explicitly for binary reverse engineering, vulnerability research, and advanced defensive workflows. The UK AI Security Institute evaluated both models and found their offensive cyber capabilities roughly comparable: GPT-5.5 scored 71.4% versus Mythos at 68.6% on expert-level cyber tasks. In end-to-end attack simulations, the results were similarly close.
OpenAI's rollout mirrors Anthropic's: a gated "Trusted Access for Cyber" program vets defenders before granting access to the more capable variant, with the same defensive framing and comparable underlying capability.
Two independent frontier labs, different training approaches, nearly identical results. The step change in AI-assisted vulnerability discovery is corroborated. It's a direction, not a product.
CrowdStrike's 2026 Global Threat Report logged an 89% increase in attacks by AI-enabled adversaries in 2025 versus the prior year. The offensive side isn't waiting for defenders to catch up.
What Anthropic is doing about it: Project Glasswing
Anthropic launched Project Glasswing, bringing together AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world's most critical software.
The initiative has since grown significantly. As of June 2, Anthropic expanded Glasswing to 150+ organizations across more than 15 countries – adding sectors not represented in the original launch: power, water, healthcare, communications, and hardware. Partners have now found more than 10,000 high- or critical-severity security flaws.
At current true-positive rates, the program is on track to surface nearly 3,900 vulnerabilities in open-source code alone.
The commitments behind the initiative:
- $100M in model usage credits for Mythos Preview across Glasswing partners and participants
- $4M in direct donations to open-source security organizations including Alpha-Omega, OpenSSF, and the Apache Software Foundation
- 40+ additional organizations beyond the named launch partners have been given access to scan and secure first-party and open-source systems
- 90-day public report on vulnerabilities fixed and lessons learned, with ongoing best practice recommendations for the industry
The logic: use the same capability to get ahead of it before hostile actors do. Give critical infrastructure owners access to Mythos before comparable models reach attackers.
What CTOs and security leaders should do now
Mythos-class models will reach open source – or something close enough will. GPT-5.5 already proves the capability isn't Anthropic's alone.
Start with Claude Security – now in public beta for Enterprise customers – it scans codebases using Claude Opus 4.8, reconstructs data flow across modules, traces tainted variables through functions and files, and flags whether those flows can be triggered by an external attacker. During its two-month private preview, it surfaced more than 500 previously unknown vulnerabilities in widely-used open-source software.
The more important move is going further.
- Shorten patch cycles. Tighten patching enforcement windows, enable auto-update wherever possible, and stop treating CVE-bearing dependency bumps as routine maintenance.
- Run frontier models against your own codebase. The same scaffold Carlini described – point the model at a repository, find exploitable vulnerabilities, run a verification pass – is available today using Claude Opus 4.8 or comparable models. Run it on a regular cadence. The volume of vulnerability reports is about to increase by an order of magnitude; AI agents that ingest a CVE, assess severity against your architecture, and prioritize remediation are the only way to keep pace.
- Attempt to exploit your own systems before attackers do. If the model can build a working exploit, you have a P0. If it can't, you have better signal on actual risk than any CVSS score gives you.
- Think beyond finding bugs. Frontier models accelerate defensive work across the board: patch proposals written alongside findings, cloud environment misconfiguration analysis, pull request review for security issues, accelerated migrations from legacy systems, and incident response note-taking during active events.
- Revisit your legacy systems. Mythos didn't find its most alarming bugs in new code – it found them in OpenBSD, FFmpeg, and code written in 2003 and 2008 that nobody thought to look at again. Your oldest systems are the highest-priority targets.
Nobody has the full playbook yet – including Anthropic. The organizations that build internal AI security capability today will be in a fundamentally different position six months from now than the ones that wait. The model is going to get to your codebase eventually. The question is whether it does so on your terms or someone else's.
The AI cybersecurity threat trajectory isn't slowing down
The last twenty years gave us a relatively stable security equilibrium. New attacks emerged with more sophisticated techniques, but fundamentally the same shape as attacks in 2006. That equilibrium is ending.
When Mythos Preview launched, vetted defenders had a meaningful head start. That window has narrowed faster than expected. GPT-5.5-Cyber is already at parity. Mythos-class models are weeks from public release. Within 6 to 12 months, Anthropic expects most frontier AI companies will have comparable models – and some may release them without the safeguards Anthropic and OpenAI have built in.
The capability curve Carlini described – doubling roughly every four months – has already been validated. GPT-5.5 reached Mythos-level offensive security performance approximately two months after Mythos was revealed, through an entirely different training path. The trajectory is documented.
We see no reason to think that Mythos Preview is where language models' cybersecurity capabilities will plateau. Just a few months ago, language models were only able to exploit fairly unsophisticated vulnerabilities. Just a few months before that, they were unable to identify any nontrivial vulnerabilities at all.
The organizations that navigate this well are the ones treating it as an engineering problem right now – running AI against their own systems, building the internal tooling, shortening patch cycles, and building the muscle before they need it.
Let's talk if you want help to secure your business in the new world of AI cybersecurity.
