Meet Claude Mythos – the model that found a 28-year-old bug in one of the world’s most secure operating systems.
The Leak That Changed Everything
On March 26, 2026, a security researcher noticed something unusual. A misconfigured data store on Anthropic’s infrastructure had left nearly 3,000 internal files publicly accessible – no password required. Draft blog posts, internal memos, product launch documents. Everything.
Among those files was a detailed description of a model that had not been announced yet. A model codenamed internally as Capybara, and publicly referred to as Claude Mythos.
Anthropic did not deny it. A spokesperson confirmed they were developing a model with meaningful advances in reasoning, coding, and cybersecurity. What they did not say at the time was how significant – and how alarming – those advances turned out to be.
On April 7, 2026, Anthropic made it official. Claude Mythos Preview exists. It is their most capable model to date. And it will not be released to the public.
What Is Claude Mythos?
Claude Mythos, officially named Claude Mythos Preview, is Anthropic’s latest and most advanced AI model. It surpasses its predecessor, Claude Opus 4.6, and according to independent benchmark reporting, outperforms competing models including Gemini 3.1 across multiple performance categories.
But the capability that defines Mythos – and the one that made Anthropic pause – is its ability to find vulnerabilities in software.
Not occasionally. Not inconsistently. Systematically, rapidly, and at a level that had never been seen from an AI model before.
What It Actually Did – And Why It Scared Everyone
In the weeks following its internal development, Claude Mythos was tested across a range of tasks. The cybersecurity results were extraordinary.
In a matter of weeks, Mythos identified more software vulnerabilities than many experienced human security researchers find in an entire career. The model did not just scan for known vulnerability patterns – it reasoned about the code and found issues that had gone undetected for decades.
The most striking example: a critical flaw in OpenBSD, a highly secure operating system used to protect firewalls and critical infrastructure around the world. The bug could allow a remote attacker to crash the system simply by connecting to it. It had existed – undetected – for nearly thirty years.
Anthropic described the model’s capabilities in a way that was unusually candid for a tech company. They called it, in some internal discussions, terrifying. That word matters. When the people who built a tool describe it that way, it is worth taking seriously.
The concern is not that Mythos is malicious. The concern is that a tool this capable at finding vulnerabilities is equally useful to attackers as it is to defenders. If it falls into the wrong hands – a criminal organization, a state actor, a ransomware group – it could enable a new generation of cyberattacks faster and more sophisticated than anything we have seen.
That is why Anthropic made a decision that almost no technology company has made in the modern AI era: they built something exceptional, and then chose not to release it.
Project Glasswing: The Most Exclusive AI Club in the World
Rather than launch Mythos publicly, Anthropic created a controlled access program called Project Glasswing. The idea is straightforward: give Mythos to the companies whose software forms the backbone of the internet, and let them use it to find and fix their own vulnerabilities before attackers do.
The list of organizations with access reads like a who’s who of global technology and finance: Amazon Web Services, Apple, Cisco, Google, JPMorgan Chase, Microsoft, Broadcom, NVIDIA, CrowdStrike, Palo Alto Networks, and the Linux Foundation, among others.
These are not random selections. These companies collectively maintain operating systems, cloud infrastructure, financial networks, and security tools that billions of people rely on every day. If there are critical vulnerabilities in their systems – and there almost certainly are – finding them quietly, through a controlled process, is far better than discovering them after an attack.
Anthropic has also briefed senior officials across the US government on Mythos’s full offensive and defensive capabilities, and has made itself available to support government testing and evaluation of the technology.
The goal, as Anthropic framed it, is to give defenders a durable advantage in what they are calling the AI-driven era of cybersecurity. Attackers are already using AI. Defenders need it more.
Why Anthropic Made This Decision
It would have been very easy – and very profitable – to release Claude Mythos publicly. The demand for a frontier AI model would have been enormous. Enterprise contracts, API revenue, developer adoption. All of it.
Anthropic chose not to do that.
This decision reflects something worth understanding about Anthropic as a company. Unlike many of its competitors in the AI race, Anthropic was founded explicitly around the question of AI safety. Its founders left OpenAI in part because of disagreements about how aggressively to push capability development. The company’s entire positioning is built around the idea that more powerful AI requires more careful handling.
Claude Mythos is the most visible test of that philosophy. A model they believe is genuinely dangerous in open access – and a decision to restrict it accordingly.
The question for the rest of the industry is whether this becomes a precedent. If AI models can now discover critical vulnerabilities in widely-used software at scale, the gap between what AI can do and what we are ready for as a society is widening. Anthropic’s response – controlled release to defenders first – is one answer. It will not be the last one proposed.
What This Means for Businesses and Founders
If you are building a company, advising one, or preparing to raise investment, Claude Mythos matters to you even if you never use it directly.
First, cybersecurity is no longer optional. If frontier AI can find decades-old vulnerabilities in military-grade operating systems within weeks, it can find vulnerabilities in your software stack too. The question of how secure your systems are is going to become a more prominent part of investor due diligence, particularly for any company handling customer data, financial information, or sensitive operations.
Second, the AI capability gap is accelerating. Claude Mythos is a preview model – restricted, gated, not publicly available. The publicly available models are already being used by your competitors. The gap between companies that are integrating AI seriously into their operations and those that are not is compounding every quarter.
Third, the companies with access to Mythos – JPMorgan, Apple, Google, Microsoft – are going to have a security advantage that their smaller competitors do not. That asymmetry between large-cap and small/mid-cap companies on AI capability is a structural risk that boards and investors will increasingly pay attention to.
If you are building your investor pitch or your financial model, understanding how AI is reshaping the competitive landscape in your sector is no longer background context. It is a core part of the story. Our services help founders translate these dynamics into a presentation that sophisticated investors will take seriously.
The Bigger Picture
There is a version of this story that ends well. Anthropic finds a way to deploy Mythos responsibly, the Project Glasswing partners patch critical vulnerabilities before they are exploited, and the security of global digital infrastructure improves as a result. AI becomes a net positive for cybersecurity rather than a net threat.
There is another version. Restrictions get loosened over time. A competitor releases a similar model without the same caution. The capability becomes widely available before the defenses catch up.
We do not know which version we are living yet.
What we do know is that Anthropic built something genuinely new, thought carefully about the consequences, and made a decision that cost them revenue in service of a principle. In the current AI landscape, that is notable regardless of what you think of the outcome.
The race is not just about who builds the most powerful model anymore. It is about who builds the most powerful model and still decides what happens next.
Sources: CNN, StartupNews.fyi, Anthropic official release notes, Renovate QR AI Model Tracker (April 2026).