The most striking detail in Anthropic’s Claude Mythos story is not the model’s benchmark scores or its restricted access. It’s this: a 27-year-old vulnerability in OpenBSD — a security-focused operating system that has been under continuous expert review since 1999 — was found by Claude Mythos Preview in a single session. Human security researchers, using every tool available to them, had missed it for nearly three decades. Mythos found it as part of a routine defensive scan.
What Mythos Is Actually Doing in Project Glasswing
Project Glasswing is Anthropic’s controlled deployment of Claude Mythos Preview for defensive cybersecurity. Roughly 40 organizations — including Amazon, Apple, Microsoft, Cisco, Broadcom, CrowdStrike, Palo Alto Networks, and the Linux Foundation — are using the model to find and patch vulnerabilities in their own systems and in widely used open-source software. Anthropic has committed up to $100 million in usage credits for these efforts.
The scope of what Mythos has found is significant:
- Thousands of previously unknown zero-day vulnerabilities across operating systems and web browsers
- Flaws that had gone undetected for decades — including the 27-year-old OpenBSD bug
- Vulnerabilities in widely deployed software that affects hundreds of millions of devices and systems globally
- Complete, working exploit code generated from scratch by engineers with no security training, in a single overnight session
Why This Is Genuinely Unprecedented
To understand why Mythos represents a qualitative shift rather than a quantitative improvement, it helps to understand how traditional security research works. Skilled security researchers spend weeks or months analyzing a specific piece of software, looking for logic flaws, memory errors, and edge cases. The constraint is human time and cognitive bandwidth — there are only so many researchers and only so many hours.
Mythos removes those constraints. It can analyze an entire codebase simultaneously, reason about interactions between components that are too complex for human working memory, and apply knowledge of vulnerability patterns across hundreds of thousands of software projects to identify flaws that match known attack surfaces. The 27-year-old OpenBSD bug survived because finding it required holding a specific combination of context in mind that exceeded what human researchers typically track. For Mythos, that’s a routine task.
CrowdStrike’s CTO Elia Zaitsev described the consequence: the window between vulnerability discovery and exploitation has “collapsed” — what once took attackers months to develop from a discovered flaw can now happen in minutes with AI assistance.
Anthropic’s Deliberate Restriction
This is the first time Anthropic has limited a general-purpose model release specifically on cybersecurity grounds. The company’s responsible scaling policy had always foreshadowed this possibility — the idea that a sufficiently capable model might require restricted deployment — but Mythos is the first case where that line has been enforced in practice.
The restriction is explicit: Mythos will not be made generally available. The Project Glasswing partners are all organizations that build or maintain critical software infrastructure — not general AI developers or enterprise users. The goal, in Anthropic’s framing, is to give defenders a head start: letting the organizations responsible for the world’s most critical software identify and patch their vulnerabilities before Mythos-class capabilities become more broadly accessible through competitors or open-source replication.
Newton Cheng, Anthropic’s Frontier Red Team cyber lead, described the current moment directly: “Engineers with no security training have asked Mythos to find remote code execution bugs overnight and woken up to complete, working exploits.” That sentence captures both the defensive opportunity — authorized security teams can do the same — and the offensive risk that makes unrestricted release untenable.
The Dual-Use Tension at the Core
Claude Mythos Preview is Anthropic’s clearest confrontation yet with the dual-use dilemma that runs through all powerful AI: the same capability that makes a defensive tool invaluable also makes an offensive tool devastating. A model that can find a 27-year-old OpenBSD vulnerability for defenders can find the same vulnerability for attackers. The only variable is who has access.
Project Glasswing is Anthropic’s bet that a controlled, vetted, defenders-first deployment can create asymmetric advantage — giving the organizations responsible for critical infrastructure a detection capability that outpaces the offensive use of similar techniques by less scrupulous actors. Whether that bet is sustainable as AI capabilities proliferate is one of the most important open questions in technology policy in 2026.
Conclusion
Claude Mythos finding a 27-year-old OpenBSD vulnerability is a single data point that illuminates a much larger shift: AI systems are now capable of systematic security analysis at a scale and depth that exceeds what human expertise can achieve. The question of how that capability is governed, who has access to it, and how defenders stay ahead of its offensive applications will define the cybersecurity landscape for years. Browse our directory to follow Claude and the broader AI ecosystem as the Mythos story continues to unfold.
