Anthropic unveiled Claude Mythos Preview, an unreleased AI model it says can autonomously discover and exploit severe software vulnerabilities across major operating systems, browsers, open-source projects, and some closed-source targets. The company said the model uncovered thousands of high-severity flaws, including long-lived bugs in OpenBSD, FFmpeg, Linux kernel privilege-escalation chains, and CVE-2026-4747, a FreeBSD NFS remote code execution flaw that could enable unauthenticated root access. Anthropic withheld broad release, citing offensive cyber risk, and instead launched Project Glasswing, a gated program for roughly 40 to 50 partners such as AWS, Apple, Cisco, Cloudflare, Google, JPMorgan Chase, Microsoft, Mozilla, NVIDIA, and Palo Alto Networks to validate findings, patch affected software, and study defensive uses.
Independent and industry assessments broadly agreed Mythos marks a significant advance in AI-enabled cyber capability, though several researchers questioned how much of Anthropic’s headline claims can yet be verified through public CVEs and warned that similar results may be reproducible with cheaper or open models plus strong tooling. The UK AI Security Institute found Mythos achieved a 73% success rate on expert capture-the-flag tasks and completed a full 32-step simulated enterprise attack in 3 of 10 runs, while Anthropic later reported coordinated disclosure activity spanning 1,596 vulnerabilities across 281 open-source projects and partners identifying more than 10,000 high- or critical-severity candidates. Governments, financial regulators, and CISO groups in the US, UK, Europe, Canada, and Japan responded with briefings and warnings that AI is compressing the gap between vulnerability discovery and weaponization, leaving remediation, patch governance, and defensive automation as the main bottlenecks.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
22 events from the most recent confirmed update back to the earliest known activity.
Anthropic said it had developed safeguards strong enough to make Mythos-level intelligence more broadly available while reducing dangerous capabilities that previously required restricted access. Sensitive requests in areas including cybersecurity, biology, chemistry, and model distillation are automatically routed to the lower-performing Claude Opus 4.8 model.
Anthropic reported that Mythos Preview could turn patched, newly disclosed vulnerabilities into working exploits within hours. In tests, it produced code-execution exploits for Firefox SpiderMonkey patches and built exploit chains for closed-source Windows kernel flaws that escalated privileges from a low-privileged user to SYSTEM.
Anthropic announced it was expanding access to Claude Mythos beyond the roughly 50 organizations in Project Glasswing, while still withholding full general release pending stronger safeguards. The company warned that equivalent Mythos-level models were likely to become widely available within 6 to 12 months.
Anthropic said a partner bank used Mythos Preview to stop a fraudulent $1.5 million wire transfer after a threat actor compromised a customer email account and used spoofed phone calls. The example was cited as a defensive use case for restricted deployment.
Anthropic highlighted CVE-2026-5194, a critical WolfSSL vulnerability with a CVSS score of 9.1 that could enable certificate forgery and service impersonation. The flaw was presented as one of the concrete outcomes of Project Glasswing's vulnerability discovery effort.
Anthropic disclosed that Project Glasswing had helped uncover more than 10,000 high- or critical-severity vulnerability candidates in widely used software since launch. It said 6,202 candidates were found in over 1,000 open-source projects, with 1,726 validated as true positives and 1,094 rated high or critical.
On May 22, Anthropic published a coordinated vulnerability disclosure dashboard stating that an early Mythos snapshot had identified 1,596 vulnerabilities across 281 open-source projects. It said 97 had been patched and 88 had received CVE or GHSA identifiers.
Palo Alto Networks' use of Mythos led to 26 CVEs covering 75 vulnerabilities across 130 products in a single May Patch Wednesday cycle, far above its typical monthly volume. The case illustrated how AI-assisted discovery can sharply increase remediation workload.
Cloudflare said Mythos crossed an important threshold in automated vulnerability research by not only identifying bugs but chaining them into working proof-of-concept exploits across internal repositories. It also said effective use required custom harnesses, adversarial review, and parallel agent orchestration.
Members of the House Homeland Security Committee received a live briefing and demonstration of Mythos focused on national security, federal defensive use, and AI competition with China. Lawmakers also discussed agency access, including implications for CISA and critical infrastructure sectors.
Japan's financial sector formed a task force to assess the cyber risk posed by Mythos, with senior officials publicly framing it as a threat to financial stability and customer data security. The move reflected widening international policy concern over the model.
Anthropic said it was investigating reports that unauthorized users had gained access to a version of Mythos, reportedly through a third-party environment. The issue intensified scrutiny around containment of the restricted model.
Mozilla disclosed that testing Mythos against Firefox increased discovered vulnerabilities from 22 with Opus 4.6 to 271 with Mythos. Mozilla said the result was alarming but suggested defenders may gain an advantage if they can use such systems first.
On April 16, Anthropic announced Opus 4.7 and said it had deliberately reduced the model's cybersecurity capabilities while adding safeguards to block high-risk cyber requests. The move followed the gated release of Mythos under Project Glasswing.
A coalition including the Cloud Security Alliance, SANS, and OWASP published a strategy briefing warning of an 'AI vulnerability storm' driven by Mythos-class systems. The report urged CISOs to harden core controls, accelerate patching, adopt AI-assisted defense, and prepare for higher vulnerability volume and faster exploitation.
U.S. officials including Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell held urgent discussions with major bank leaders about Mythos's cybersecurity implications. IMF Managing Director Kristalina Georgieva also warned the model could threaten financial stability and the international monetary system.
Anthropic briefed U.S. government entities including CISA and NIST's Center for AI Standards and Innovation on Mythos's capabilities before any external release. The briefings reflected concern over both defensive uses and offensive implications.
Anthropic disclosed that Mythos Preview autonomously identified and exploited CVE-2026-4747, a FreeBSD NFS remote code execution flaw that could allow unauthenticated root access on affected systems. This became the clearest publicly attributable vulnerability tied to Mythos and Glasswing.
Anthropic announced Claude Mythos Preview on April 7 and said it would not be publicly released because of its offensive cyber potential. The company launched Project Glasswing to give vetted partners restricted access for defensive vulnerability discovery and remediation.
A leaked Anthropic draft described the upcoming Mythos model as having advanced cyber capabilities and being tested with select organizations, prompting early warnings about large-scale AI-enabled attacks before the public announcement.
Anthropic published a coordinated vulnerability disclosure program for vulnerabilities discovered by Claude models. This established the disclosure process later used for Mythos-related findings.
The UK AI Security Institute evaluated Claude Mythos Preview and found major gains in autonomous vulnerability discovery, exploitation, and multi-stage attack execution in controlled environments. It reported 73% success on expert-level CTF tasks and completion of a 32-step simulated corporate attack in 3 of 10 attempts.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
50 references tracked. Mallory keeps watching after this page renders.
cybersecuritynews.com
Open sourceitpro.com
Open sourcehelpnetsecurity.com
Open sourcecio.com
Open sourcegovtech.com
Open sourcewww-cdn.anthropic.com
Open sourcelabs.cloudsecurityalliance.org
Open sourcewww-cdn.anthropic.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.