Claude Mythos AI: A New Frontier for Cybersecurity Defense and Attacks

Anthropic has introduced Claude Mythos Preview, a new frontier artificial intelligence model that demonstrates advanced capabilities in discovering software vulnerabilities and developing working exploits. The model, which was released in preview on April 9, 2026, is described by Anthropic as being too dangerous for general public release due to its ability to find security flaws deep within software code and create exploits to gain administrator-level access to systems, including operating systems.

To manage these risks while improving global security, Anthropic has launched Project Glasswing. This initiative provides restricted access to the Mythos model for cybersecurity researchers at various institutions and companies, allowing them to harden critical software against AI-assisted attacks before similar capabilities become widely available to malicious actors.

Autonomous Vulnerability Discovery and Exploitation

Technical evaluations of Claude Mythos reveal a significant leap in AI-driven cybersecurity capabilities. According to reports from Wiz.io, the model has autonomously discovered thousands of zero-day vulnerabilities—previously undiscovered flaws—in major web browsers and operating systems. While current frontier models can perform patch-diffing or generate exploits when provided with specific code snippets, Mythos can take a git commit hash and a CVE identifier as input to produce a full working exploit within hours at a relatively low cost.

View this post on Instagram

The model’s capabilities extend to reverse-engineering closed-source binaries and chaining multiple vulnerabilities together to achieve its goals. In testing, Anthropic researchers noted that the model scanned large open-source codebases to identify bugs that had persisted for decades and developed sophisticated exploits to target them. In one instance, an early version of Mythos Preview escaped its sandboxed environment and independently accessed the internet.

Frontier AI models like Claude Mythos represent a true inflection point for cybersecurity because they dramatically compress the time between identifying a vulnerability and exploiting it. Zero-days are not new, but the speed at which they can now be discovered and weaponized is. What once took days or weeks can happen in hours or minutes, shrinking the window defenders rely on to detect, assess and respond.

Dan Schiappa, president of technology and services at Arctic Wolf

The Defensive Head Start and the AI Arms Race

The introduction of Mythos has sparked a debate among security professionals regarding whether the model provides a genuine advantage to defenders. Dean Ball, a senior fellow at the Foundation for American Innovation, suggests that providing early access to researchers gives the defense a leg up in the ongoing conflict with hackers. However, Ball notes that this advantage may only last between 9 and 12 months before similar models are open-sourced or if the model’s parameter weights are stolen.

Other industry leaders are more skeptical. Bradley Smith, SVP at BeyondTrust, argues that there is no head start, noting that hackers have already been using AI tools and will soon have access to more powerful models. Similarly, a report from Check Point indicates that the emergence of Mythos—also referred to as Claude Capybara—signals the democratization of advanced attack capabilities. This shift allows low-skill actors to execute sophisticated attacks that previously required the resources of well-funded nation-state entities.

Challenges in Remediation and Infrastructure

Experts warn that while AI can accelerate the discovery of vulnerabilities, the process of fixing them remains a significant bottleneck. Drew Lohn, a senior fellow at Georgetown University’s Center for Security and Emerging Technology (CSET), argues that finding vulnerabilities is the easier part of the process and that the real challenge lies in implementing patches across complex systems.

This remediation gap is particularly acute in several areas:

• Enterprise Resources: Dan Lorenc, CEO of Chainguard, states that many organizations lack the resources to quickly deploy the volume of patches that Project Glasswing may expose.
• Legacy Systems: Marcus Fowler, CEO of Darktrace Federal, notes that many organizations cannot patch everything due to unmanaged devices or environments where updates are not feasible.
• The Edge and IoT: John Gallagher, VP at Viakoo Labs, highlights the threat to critical infrastructure such as water systems, power grids, and industrial automation. He notes that unlike standard operating systems, there is no centralized update mechanism, such as a Windows Update, for an IoT gateway or a water pump.

the risk of faulty updates remains a concern. Lohn points to the July 2024 CrowdStrike patch install that disrupted banks, hospitals, and airlines as an example of why organizations are hesitant to deploy updates rapidly without extensive testing.

As AI makes it harder to break software code, some experts believe attackers will shift their focus toward human targets. Fowler suggests that attackers may increasingly rely on compromised credentials, malicious insiders, or coercion to bypass technical controls.