Claude Mythos

Positioning of Mythos

Claude Mythos Preview is an unreleased model developed by Anthropic as the core of Project Glasswing. Unlike LLMs with general-purpose code generation capabilities, its distinguishing feature is that it covers the entire cybersecurity offense-defense cycle: discovering vulnerabilities in source code, constructing methods to exploit them, and generating remediation patches. Anthropic has described it as surpassing "the level of most human experts," and on the CyberGym benchmark, Mythos recorded 83.1% compared to 66.6% for the previous Claude Opus 4.6.

What Was Discovered

Specific examples of vulnerabilities discovered by Mythos illustrate the scope of this model's capabilities well.

A remote crash vulnerability that had been lurking in the OpenBSD network stack for 27 years. As an OS widely used as a firewall and VPN gateway, it could have become an attack vector against critical infrastructure had it been discovered maliciously. In FFmpeg, it detected a 16-year-old bug that had evaded more than 5 million automated fuzzing tests. Furthermore, in the Linux kernel, it autonomously chained multiple vulnerabilities together, achieving privilege escalation from a general user to root. The model autonomously accomplished what human penetration testers would spend days constructing as an attack path.

All of these were subject to Responsible Disclosure to the respective projects and have been patched.

The Project Glasswing Consortium

Project Glasswing was established to broadly leverage Mythos for defensive purposes. Major tech companies and security vendors including AWS, Apple, Google, Microsoft, NVIDIA, CrowdStrike, Palo Alto Networks, and the Linux Foundation are participating, advancing defensive scanning of OSS and their own systems. Anthropic committed up to $100 million in model usage credits and a $4 million donation to OSS security organizations.

In the context of DevSecOps and shift-left, eliminating vulnerabilities upstream in the development process has long been considered ideal. Models like Mythos demonstrate the potential to execute that "upstream detection" more comprehensively than human reviewers, and even against classes of vulnerabilities that existing fuzzing tools miss.

The Asymmetry Between Defense and Offense

If equivalent AI capabilities were to fall into the hands of attackers, the risks of supply chain attacks and unknown zero-day exploits would increase dramatically. The underlying philosophy of Glasswing is to "exhaust the same capabilities on the defensive side first," aiming not only to address known vulnerability categories as organized by OWASP, but to have the model proactively eliminate attack surfaces that have not yet even been classified. If AI red teaming is "attack simulation by a human team," then Mythos is closer to "continuous, large-scale, autonomous attack simulation by AI."

Anthropic has stated that "acting now can create an AI era with a defensive advantage," but conversely, this is also a warning that inaction will result in an offensive advantage.