Claude Mythos Preview: Anthropic's AI That Can Find Zero-Day Exploits in Any OS
April 7, 2026 · 9 min read
Anthropic launched Claude Mythos Preview on April 7, 2026 — a frontier cybersecurity AI that autonomously finds and exploits zero-day vulnerabilities across major operating systems. In benchmarking, it produced 181 working Firefox exploits vs Claude Opus 4.6's 2. Project Glasswing, a $104M defensive initiative backed by AWS, Apple, Google, Microsoft, Cisco, Nvidia, and JPMorganChase, deploys Mythos defensively before attackers develop similar capabilities.
On April 7, 2026, Anthropic released Claude Mythos Preview — a model built specifically for offensive and defensive cybersecurity. It is the most capable AI hacking tool ever released by a frontier lab, and it is being deployed defensively through a $104 million initiative called Project Glasswing.
The announcement is significant because it publicly confirms what security researchers have long suspected: frontier AI models have crossed the threshold where they can find exploitable vulnerabilities faster than any human team.
What Claude Mythos Preview Can Do
Mythos Preview is designed for one specific capability: finding and exploiting security vulnerabilities in software systems. Anthropic's benchmarks show it performing at a level that would previously have required a team of elite penetration testers working for weeks.
| Benchmark Task | Claude Mythos Preview | Claude Opus 4.6 |
|---|---|---|
| Firefox exploit attempts (valid) | 181 | 2 |
| Zero-day identification across major OS | All 4 tested | Partial |
| Previously-patched system compromise | 10 / 10 | 1 / 10 |
| OpenBSD 27-year-old vulnerability found | Yes | No |
Mythos operates as an autonomous agent: given a target system specification, it maps the attack surface, identifies candidate vulnerabilities, writes proof-of-concept exploit code, tests it, and iterates — without human intervention at each step.
What Is Project Glasswing?
Project Glasswing is the defensive infrastructure Anthropic built around Mythos. The $104 million initiative works by deploying Mythos to find vulnerabilities in production software before attackers develop similar capabilities — the same logic as hiring a burglar to audit your home security before anyone with worse intentions shows up.
$100M in usage credits distributed to security teams, open-source projects, and government agencies · $4M in direct grants to open-source security tools · Backers: AWS, Apple, Google, Microsoft, Cisco, Nvidia, JPMorganChase
The practical deployment model: security teams apply through Project Glasswing to get API access to Claude Mythos Preview. They point it at their own systems — operating systems, web browsers, server software, firmware. Mythos scans continuously, reports findings, and generates patch recommendations.
Anthropic positions this as an asymmetric advantage for defenders. Attackers need to find one vulnerability; defenders need to find all of them first. Claude Mythos makes the defender's job tractable at machine speed.
Happycapy gives security teams and developers access to frontier AI models — including Claude Opus 4.6 — for research, documentation, and workflow automation. Pro plan starts at $17/month.
Try Happycapy Free →Why This Matters for the AI Security Landscape
The release of Claude Mythos Preview is a public acknowledgment that the AI security arms race is already underway. Prior to this announcement, frontier labs had been quiet about the offensive capabilities of their models — acknowledging them only in safety evaluations disclosed in technical reports.
Mythos changes the calculus in three ways:
- Speed: Mythos audits attack surfaces in hours that would take human penetration testers weeks. The 181-exploit Firefox run happened in a single session.
- Coverage: Human pen testers apply heuristics and patterns learned from prior work. Mythos approaches each system from first principles, finding vulnerability classes that fall outside established patterns.
- Scalability: A single Mythos deployment can simultaneously audit thousands of codebases in parallel. Project Glasswing's $100M in usage credits is designed to make this economically accessible to the open-source ecosystem.
The obvious concern is dual use. An AI that can find and exploit zero-day vulnerabilities can be used offensively as easily as defensively. Anthropic's bet is that deploying Mythos defensively and openly — with industry backing — creates a collective defense layer faster than bad actors can develop or steal equivalent capabilities.
Industry Response and Government Warnings
The launch triggered immediate reactions across the security industry. CrowdStrike, Palo Alto Networks, and SentinelOne all saw stock movements on the news as investors assessed whether AI-native threat detection would reshape the enterprise security market.
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a guidance note acknowledging the capability shift and recommending that critical infrastructure operators apply for Project Glasswing access to audit their systems before the capability gap widens.
European regulators indicated they are reviewing whether Claude Mythos Preview requires additional oversight under the EU AI Act's high-risk AI provisions. A formal determination is expected within 90 days.
How Claude Mythos Compares to Prior Announcements
Claude Mythos has been referenced in leaked documentation and Anthropic internal communications since late 2025. Earlier coverage focused on capability tiers and a possible "Capybara" branding. The April 7 launch is the first official, public disclosure with benchmark data attached.
| What Was Known | What Is Confirmed Today |
|---|---|
| Mythos exists as a tier above Opus 4.6 | Confirmed — Mythos Preview launches in Preview, Opus remains general-use flagship |
| 10 trillion parameter scale rumored | Not confirmed in today's release — Anthropic did not disclose parameter count |
| Cybersecurity specialization leaked | Confirmed — Mythos is purpose-built for security vulnerability research |
| Defensive deployment partner program | Confirmed as Project Glasswing with $104M backing |
What This Means for Claude Users
For standard Claude users — on Claude Pro, Claude Max, or through platforms like Happycapy — nothing changes immediately. Claude Opus 4.6 remains the general-use frontier model. Mythos Preview is not available through consumer subscriptions.
For enterprise security teams and government agencies, the path to access is through the Project Glasswing application process at Anthropic's security portal. Pricing and terms for enterprise Mythos access have not been disclosed.
The longer-term question is whether Mythos capabilities eventually filter into the main Claude product line — similar to how code execution and web search were once specialized capabilities and are now table stakes for frontier AI models. If Anthropic's pattern holds, a subset of Mythos security capabilities will likely appear in a future Claude model update within 12–18 months.
FAQs
What is Claude Mythos Preview?
Claude Mythos Preview is Anthropic's frontier cybersecurity AI, launched April 7, 2026. It autonomously identifies and exploits zero-day vulnerabilities across major operating systems and browsers. In benchmarking, it produced 181 working Firefox exploits vs Claude Opus 4.6's 2.
What is Project Glasswing?
Project Glasswing is a $104 million defensive security initiative from Anthropic, backed by AWS, Apple, Google, Microsoft, Cisco, Nvidia, and JPMorganChase. It deploys Claude Mythos to audit production software defensively — finding vulnerabilities before attackers do. $100M goes to usage credits for security teams; $4M funds open-source security tools.
Is Claude Mythos available to the public?
No. Claude Mythos Preview has restricted access at launch. Access is available to vetted security researchers, government agencies, and enterprise security teams through the Project Glasswing application process. Consumer subscriptions are not affected.
How does Claude Mythos compare to existing AI security tools?
Mythos outperforms all prior AI security tools in Anthropic's benchmarks — including finding a 27-year-old OpenBSD vulnerability, compromising 10 of 10 previously-patched test systems, and producing 181 Firefox exploits in a single session. No prior AI model or automated vulnerability scanner has demonstrated comparable performance across all tested dimensions.
Sources
- Anthropic — Claude Mythos Preview launch (April 7, 2026)
- CISA — Guidance on AI-assisted vulnerability research (April 7, 2026)
Happycapy gives you access to frontier Claude models for research, analysis, and workflow automation. Pro plan is $17/month — less than a single security tool subscription.
Try Happycapy Free →