Imagine what standing global cybersecurity will have before a superhuman hacker that can sneak into any system, anywhere in the world, and steal, write or rewrite a code to sabotage a system without anyone’s knowledge. A point in history gives us a glimpse of what that situation can be like. During the US-launched Stuxnet operation in 2008, a malware was deployed in systems inside Iran’s Natanz Nuclear Facility. That code made the centrifuges push beyond their limits, tearing themselves apart while screens showed everything as normal. The personnel at the facility had no idea what was going on and what the machines were doing, but the system just ate itself from within, quietly.
Back then, the malware had to be deployed manually. But what if all that chaos can be caused using AI from any remote location, and that too with “just one click”? Sounds dangerous, isn’t it? Sorry to break it to you but that that danger is not theoretical, not anymore. Meet “Claude Mythos”, the unreleased internal AI model from Anthropic, designed to test the upper limits of software security and reasoning.
This multimodal AI model can crack operating systems, ace mathematical Olympiads, and autonomously discover and chain thousands of "zero-day" vulnerabilities (previously unknown security flaws) across major operating systems and web browsers. That is what makes it the most dangerous AI tool ever. But how did we come to know about this secret “tool”?
In late March 2026, a routine misconfiguration in Anthropic’s content management system briefly exposed thousands of unpublished internal documents to the open Internet. Among them was a draft blog post announcing a new AI model, one that the company described as “by far the most powerful AI model we’ve ever developed.” The model had a name: Mythos, and by the looks of it, the name was not accidental.
Mythos comes from the Greek for speech, for a told account, before it came to mean something more deliberate and constructed. In Aristotle’s telling, mythos was not fantasy but structure — the ordering of events that gives a narrative its force. The choice of the word carries its own warning. This is not just a tool. It is a system designed to shape outcomes.
After the leak, Anthropic pulled the documents from public view, but confirmed that a new model existed and was being tested. But the cat was already out of the bag. By the time the company issued its official statement, cybersecurity stocks had plunged, financial regulators in Germany and the United Kingdom had begun consultations, and a global conversation had ignited about what happens when artificial intelligence crosses into territory too dangerous for general use.
Mythos — codenamed “Capybara” (world’s largest rodent) during development — was officially released in preview form on April 8, 2026. It represents not just an upgrade to Anthropic’s existing lineup, but an entirely new tier of model: larger and more capable than the Opus series that had previously been the company’s flagship.
To understand why Mythos has generated such alarm, it helps to understand the scale of its performance gains. On the USAMO 2026 — the United States of America Mathematical Olympiad, a grueling two-day competition of proof-based mathematics that has historically separated elite human mathematicians from everyone else — Mythos scored 31 percentage points higher than Anthropic’s previous frontier model, Opus 4.6. It achieved a 97.6% score on the USAMO benchmark overall, and 93.9% on SWE-bench, a standard test of software engineering capability.
It would be naive to believe that these are incremental improvements. They represent a qualitative shift in what AI systems can do. Prior models could assist with coding, answer complex reasoning questions, and help debug software. Mythos, by contrast, can write, audit, and attack code at a level that approaches or exceeds the best human practitioners. That last word — attack — is where things get complicated.
While Mythos was not specifically designed for cybersecurity work, its general-purpose reasoning and coding abilities turn out to have profound implications for digital security. In internal testing, Anthropic found that the model could identify and exploit software vulnerabilities at a level that surpassed all but the most skilled human hackers. More alarming still, it found critical flaws in every major operating system and widely used web browser it was tested against.
Of those vulnerabilities, 99 percent had not yet been patched. Many were between one and two decades old. These are the silent flaws lurking in foundational software that billions of people and institutions depend upon every day. Mythos, in a matter of weeks, identified thousands of them.
The UK’s AI Security Institute (AISI), granted early access to conduct independent evaluations, found that the model succeeded in expert-level hacking tasks 73 percent of the time. That figure is both reassuring and deeply unsettling. It confirms Anthropic’s capabilities claims are not mere marketing, but also suggests the danger may be somewhat more bounded than the company’s most dramatic statements imply. As some cybersecurity experts have noted, AISI’s testing involved near-minimal software defenses — environments that don’t reflect the layered protections present in real-world systems.
Still, the consensus among security professionals is clear that Mythos is genuinely dangerous in the wrong hands. “Every cybersecurity defender should take Mythos seriously,” one independent expert noted, even while cautioning that worst-case scenarios may overstate the likely impact.
Faced with a model too capable to ignore and too dangerous to release publicly, Anthropic devised an unusual solution. Rather than a standard commercial rollout, the company launched Project Glasswing, a restricted access initiative in which a curated set of partner organizations would deploy Mythos exclusively for defensive cybersecurity purposes.
The initiative’s name evokes the glasswing butterfly, a creature whose transparency makes it difficult to target — a fitting metaphor for the goal of making software systems harder to attack by exposing their hidden flaws before adversaries do.
The initial cohort of Project Glasswing partners reads like a who’s-who of global technology: Amazon, Apple, Microsoft, Google, Nvidia, JPMorgan Chase, Cisco, CrowdStrike, Broadcom, Palo Alto Networks, and the Linux Foundation, among others. These organizations are using Mythos to scan their own networks and open-source codebases, identifying vulnerabilities and patching them before the flaws can be weaponized. Forty additional organizations beyond the core partnership have also been granted preview access.
The structure is deliberately collaborative: partners are expected to share what they learn, so that the broader technology industry can benefit from discoveries made during the preview period. It is, in essence, an attempt to use AI’s offensive power defensively — to outrun attackers by using the same capabilities first.
Anthropic has not confined its conversations to the private sector. The company has been in ongoing discussions with federal officials about Mythos, and those conversations have begun to produce concrete results. In mid-April 2026, a memo from Gregory Barbaccia, the federal Chief Information Officer at the White House Office of Management and Budget, informed officials at Cabinet departments that the government was setting up protections to allow major federal agencies to begin using the model.
The move reflects the dual reality that Mythos presents to government. On one hand, it is a powerful tool for hardening the digital infrastructure that underpins national security, financial systems, and public services. On the other, its existence in any environment creates risk — a risk that becomes vastly larger if adversarial actors develop comparable capabilities first.
The Bank of England has stated that AI risk testing intensified in the wake of Mythos’s emergence. German banks have sought guidance from cybersecurity authorities. Regulators and governments around the world are now grappling with a fundamental question: how do you govern a technology that is simultaneously one of the most effective defensive tools ever created and one of the most dangerous offensive weapons imaginable?
Ironically, the very model that Anthropic tried to keep under strict lock is already slipping through the cracks. Claude Mythos was reportedly accessed by third-party individuals through a vendor-linked environment through the familiar weak point of outsourced access. A small, private group appears to have used backchannel entry via a contractor, piecing together access through routine research techniques and leaked fragments from elsewhere, quietly turning a restricted system into an accessible one. Now, Anthropic is investigating the unauthorised access after seeing the model built to expose vulnerabilities ending up having a security breach.
Still, beyond the cybersecurity implications, Mythos signals something structurally significant about the trajectory of AI development. It is not an upgrade to an existing product line but the first model in an entirely new tier that Anthropic calls “Capybara,” which sits above the Opus series in capability and scale.
The model was trained on next-generation GPUs, the advanced chips that power AI development, and its capabilities reportedly continue to grow as training progresses. Anthropic has described it as a “general purpose” model, meaning that while its cybersecurity abilities have dominated the public conversation, Mythos is also expected to outperform existing models in scientific reasoning, software engineering, complex planning, and a wide range of other domains.
This matters because it suggests that what we are seeing with Mythos is not a one-off anomaly but a harbinger. As AI systems grow more capable, the gap between what they can do in controlled, beneficial settings and what they could do in uncontrolled, harmful ones will only widen. The decisions Anthropic is making now — how to restrict access, who to trust, what to disclose — are effectively a template for how the industry will navigate this tension going forward.
It is worth pausing on the skepticism that some experts have offered. Cybersecurity professionals and institutional actors have rational incentives to emphasize worst-case scenarios — doing so drives investment in defensive tools, justifies regulatory action, and reinforces the importance of their own roles. As one analyst observed, it is rarely in anyone’s commercial interest to predict that a new technology will turn out to be manageable.
The AISI’s finding — that Mythos succeeded at expert hacking tasks 73 percent of the time under near-ideal attacker conditions — is significant. But it also means the model failed roughly one in four times, in an environment deliberately stripped of real-world defenses. That is not a reason for complacency. It is a reason for proportionality.
The genuine risk Mythos poses may be more mundane than the most alarming headlines suggest: not a sudden AI-powered collapse of global digital infrastructure, but a gradual lowering of the barrier to entry for sophisticated cyberattacks. In a world where Mythos-level models eventually proliferate, the technical skill required to identify and exploit a vulnerability could drop dramatically, making the pool of potential attackers far larger than it is today.
But one must consider that Mythos is currently a preview, not a finished product. Its full capabilities have not been publicly disclosed, and Anthropic has said it has revealed only a fraction of the vulnerabilities the model has identified. The company has framed its cautious approach as a deliberate choice, one that is driven by safety considerations rather than commercial timidity.
Whether that framing holds up will depend on what happens next. Whether the patching work done under Project Glasswing proves effective, whether rival AI labs develop comparable models and handle them more or less responsibly, and whether governments move quickly enough to establish coherent frameworks for governing frontier AI systems.
What is clear is that Mythos is a threshold moment. It is the point at which the capabilities of AI crossed into territory that even its creators deemed too dangerous for general release, and the point at which the decisions made about AI governance stopped being theoretical and started having immediate, real-world stakes.
The mythology of artificial intelligence has long oscillated between utopian promise and existential fear. With Mythos, those two poles have never felt closer together.
.jpg)
