Key Takeaways:
- Anthropic’s Claude Mythos Preview scored 83.1% on Cybergym, finding thousands of zero-days across every major OS and browser.
- Project Glasswing launched April 7, 2026, with 11 founding partners and up to $100 million in Mythos usage credits for defenders.
- A 27-year-old OpenBSD flaw and a 16-year-old FFmpeg bug survived millions of automated tests until Mythos found them in hours.
Claude Mythos AI Scored 83% on Cybergym and Found Critical Flaws Across Every Major Browser and OS
The model, which Anthropic describes as the largest single-model capability gain in frontier AI history, completed training and was announced publicly on April 7, 2026, after internal details surfaced in late March through a misconfigured content management system that exposed roughly 3,000 internal files.
Anthropic is not releasing the Claude Mythos Preview to the public or through its general API. The company restricted access to a vetted group of partners after the model demonstrated it could discover and exploit unknown software flaws previously at a speed and scale that outpaces both human experts and prior AI systems.
On cybersecurity benchmarks, the gap between Mythos and Claude Opus 4.6 is hard to ignore. Mythos scored 83.1% on Cybergym versus 66.6% for Opus 4.6, and 93.9% versus 80.8% on SWE-bench Verified. On SWE-bench Pro, it posted 77.8% against 53.4% — a 24-point spread. It hit 56.8% on Humanity’s Last Exam without tools, compared to 40.0% for its predecessor.
The model does not need cybersecurity-specific training to find these bugs. Its gains come from broader advances in reasoning, multi-step planning, and autonomous agentic behavior. Given a target codebase in an isolated container, it reads source code, forms hypotheses about memory-safety flaws, compiles and runs the software, uses debuggers like Address Sanitizer, ranks files by vulnerability likelihood, and produces validated bug reports with working proof-of-concept exploits.
Some of those exploits required almost no human direction. Tomshardware.com reports that a 27-year-old OpenBSD TCP SACK vulnerability, a subtle integer overflow that lets an attacker remotely crash any responding host by crafting malicious packets, was found autonomously after roughly 1,000 runs at a total cost under $20,000. A 16-year-old FFmpeg H.264 bug survived more than five million automated tests and multiple audits before Mythos caught it.
The browser results drew particular attention. On Firefox 147 JavaScript engine testing, Mythos produced 181 full shell exploits and 29 register-control cases. Claude Opus 4.6 produced two shell exploits across the same test set. The model also built working Linux kernel privilege-escalation chains, user to root on servers, after filtering 100 recent CVEs down to 40 exploitable candidates and successfully exploiting more than half.
Human validators reviewed 198 of the model’s vulnerability reports and agreed with its severity ratings 89% of the time, with 98% agreement within one severity level.
Project Glasswing
Fewer than 1% of the identified bugs have been fully patched so far. Anthropic is coordinating responsible disclosure, publishing cryptographic SHA-3 commitments for unpatched issues, and following a 90-plus-45-day timeline before releasing full details. FreeBSD NFS server remote code execution bug CVE-2026-4747, 17 years old, granting full unauthenticated root access, is among the named examples already in disclosure.
Project Glasswing, announced alongside the model, is Anthropic’s attempt to direct these capabilities toward defense before similar tools become widely available. Founding partners include Amazon Web Services, Apple, Broadcom, Cisco, Crowdstrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. Access is being extended to more than 40 additional critical software organizations.
Anthropic committed $4 million in open-source security donations: $2.5 million to Alpha-Omega through the OpenSSF via the Linux Foundation, and $1.5 million to the Apache Software Foundation.
The company acknowledged that AI tools like Mythos lower the barrier for finding and exploiting vulnerabilities, and flagged near-term risk from state actors, China, Iran, North Korea, and Russia, and criminal groups if similar capabilities spread without controls. It described a period of transitional turmoil before defenders fully integrate the technology.
Anthropic said upcoming Claude Opus releases will include safeguards to detect and block dangerous cybersecurity outputs, and plans to introduce a Cyber Verification Program for vetted security professionals. A public report on partner findings and patched vulnerabilities is expected within 90 days.
