Claude Mythos: The AI Model Anthropic Built and Refused to Release — The Full Story

On March 26, 2026, a routine audit of Anthropic's content management system by Fortune journalist Bea Nolan uncovered something extraordinary: nearly 3,000 unpublished assets sitting exposed on Anthropic's website — including a draft blog post about a model called "Mythos," a name that had never been mentioned publicly. Within hours, the AI world was asking one question: what exactly had Anthropic been quietly building?

The answer, confirmed in full on April 7, 2026, was more consequential than almost anyone predicted. Claude Mythos Preview is Anthropic's most capable model ever built — a frontier general intelligence that dramatically outperforms every AI system in existence across coding, reasoning, and mathematics. But those benchmarks are not what stopped Anthropic from releasing it. What gave them pause was something far more alarming: in just a few weeks of internal testing, Mythos had identified thousands of previously unknown zero-day security vulnerabilities across every major operating system and every major web browser on the planet.

93.9% — SWE-bench Verified (vs 80.8% Opus 4.6)  ·  97.6% — USAMO 2026 maths score (vs 42.3%)  ·  1,000s — Zero-day vulnerabilities found  ·  99%+ — Of findings still unpatched

The Accidental Reveal: How the World Found Out About Mythos

Fortune's Bea Nolan was the first journalist to stumble on what Anthropic insiders later attributed to a "human error" in CMS configuration. The accidental exposure included close to 3,000 assets — draft blog posts, internal documentation, and research previews — that were technically accessible to the public but had never been linked or announced. Among them was a detailed write-up of a model described as representing "a step change" in AI performance. An Anthropic spokesperson confirmed the model was real but declined to comment further. The AI community immediately began speculating about what that phrase actually meant.

The situation became more complex just five days later. On March 31, 2026, Fortune reported a second security lapse: approximately 500,000 lines of source code from Anthropic's own Claude Code tool — across roughly 1,900 files — had also been inadvertently exposed. For a company that has consistently positioned itself as the safety-conscious leader in frontier AI development, the back-to-back incidents attracted significant scrutiny and pointed further attention toward the Mythos question: if Anthropic could not secure its own files, what exactly was it building behind closed doors?

What Is Claude Mythos Preview?

Claude Mythos Preview — internally codenamed "Capybara" during development — is a new tier of frontier AI model from Anthropic, positioned above Claude Opus 4.6 in both capability and computational cost. It is a general-purpose model, built to excel across the full range of tasks that businesses use AI for: code generation, data analysis, long-form reasoning, research synthesis, and autonomous agent workflows. What makes it different from every model that came before is the magnitude of the capability jump.

Unlike incremental updates that improve benchmark scores by a few percentage points, Mythos represents what Anthropic internally describes as a "step change." On standard industry benchmarks, its performance gaps over previous models are not marginal improvements — they are wholesale redefinitions of what AI can do. Many of the benchmarks that researchers use to track cybersecurity capability have been so thoroughly exceeded by Mythos that Anthropic had to develop entirely new evaluation frameworks, because the old ones no longer differentiate meaningfully between what Mythos can do and what it cannot.

Crucially, Mythos was not built with cybersecurity as a primary focus. That is what makes the findings so significant. It is a general intelligence that happens to be so extraordinarily capable across coding, systems analysis, and logical reasoning that offensive cybersecurity capability emerged as a natural consequence of its broader abilities. Anthropic did not train it to find zero-day exploits. It just turned out to be extraordinarily good at it.

The Benchmark Numbers: Just How Capable Is Mythos?

93.9% — SWE-bench Verified  ·  97.6% — USAMO 2026 (world-class maths)  ·  79.6% — OSWorld autonomous computer tasks  ·  80.8% — Previous best: Claude Opus 4.6 on SWE-bench

To contextualise the SWE-bench number: SWE-bench Verified tests AI models on real-world GitHub software engineering issues — the kind of complex, multi-file, context-heavy coding problems that professional developers spend hours solving. Claude Opus 4.6, the previous best model, scored 80.8%. Mythos scores 93.9%. That is not an incremental improvement. That is AI moving from "impressively capable developer assistant" to "operates at the level of the most skilled human engineers in the world."

The USAMO number is even more striking. The United States Mathematical Olympiad is a competition designed to identify mathematical prodigies — the top fraction of a percent of mathematical talent. Claude Opus 4.6 already scored an impressive 42.3%. Mythos scored 97.6%. By that measure, it is operating at the level of a world-class mathematician. When you combine elite-level code understanding with elite-level mathematical reasoning and the ability to autonomously control computer interfaces — as measured by OSWorld — you have a system capable of doing almost anything a skilled human security researcher can do, at scale, without rest.

The Zero-Day Findings: What Mythos Actually Discovered

In the weeks before its public announcement, Anthropic turned Mythos loose on real-world security research. The results, as reported by The Hacker News, Anthropic's own red team blog, and corroborated by the UK AI Safety Institute's independent evaluation, were alarming. Mythos identified thousands of zero-day vulnerabilities — flaws previously unknown to the software's developers — across every major operating system and every major web browser. These were not minor bugs. Many were classified as critical: vulnerabilities that, if exploited, would allow an attacker to take complete control of affected systems.

The most striking individual finding: Mythos fully autonomously identified and then exploited a 17-year-old remote code execution vulnerability in FreeBSD that allows anyone to gain root access on a machine running NFS. The vulnerability had been sitting in production systems for nearly two decades, undetected by human security researchers and all prior AI tools. Mythos found it, understood it, and demonstrated exploitation — without any human guidance.

The oldest vulnerability Mythos found was a 27-year-old bug in OpenBSD. But perhaps its most technically sophisticated discovery was a web browser exploit that chained together four separate vulnerabilities — requiring the model to write a complex JIT heap spray that escaped both the browser's renderer sandbox and the operating system's sandbox simultaneously. Security researchers who reviewed the output described it as the kind of exploit chain that would typically require a team of highly specialised researchers working for months to develop.

• Every major operating system — Windows, macOS, major Linux distributions, FreeBSD, OpenBSD
• Every major web browser — Chrome, Firefox, Safari, Edge
• Critical infrastructure software and widely-used open-source codebases
• Vulnerabilities ranging in age from newly introduced to 27 years old
• Over 99% of all findings remain unpatched at time of writing, per Anthropic's disclosure

Why Anthropic Refused to Release It Publicly

On April 7, 2026, Anthropic made a decision with no direct precedent in the commercial AI industry: it announced its most capable model to date and simultaneously announced it would not be making it generally available. The reasoning was unambiguous. Anthropic stated that Mythos is "currently far ahead of any other AI model in cyber capabilities" and that it "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders."

The concern is not hypothetical. The UK AI Safety Institute — AISI — conducted an independent evaluation of Mythos Preview's capabilities and published its findings, making the UK one of the first national safety bodies to formally assess a withheld frontier model. UK security researchers concluded that Mythos is "at least capable" of autonomously compromising smaller, weakly defended enterprise networks. A joint security report warned that in the near term, organisations are "likely to be overwhelmed" by threat actors using AI to find and exploit vulnerabilities faster than defenders can patch them.

For Anthropic — a company whose stated mission is the responsible development of AI for humanity's long-term benefit — releasing a model that could supercharge offensive cyber capability worldwide would have been a direct contradiction of its own founding principles. The decision to withhold public access while channelling the model's capabilities toward defence represents a calculated attempt to use Mythos as a shield, not a weapon. Whether that calculation holds as competitors inevitably close the gap remains an open question.

Project Glasswing: Turning the Most Powerful AI Into a Defensive Shield

Rather than locking Mythos away entirely, Anthropic launched Project Glasswing on April 7, 2026 — an industry-wide cybersecurity initiative designed to use Mythos Preview exclusively for finding and fixing vulnerabilities in the world's most critical software before adversaries can exploit them. Named after the glasswing butterfly — whose transparent wings are a metaphor for making the internet's hidden vulnerabilities visible — the project launched with twelve founding partners and more than 40 additional participating organisations.

The twelve founding partners are among the most significant technology and security organisations in the world: AWS, Apple, Anthropic, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Each gets direct access to Mythos Preview to harden their own products and infrastructure. The 40+ additional organisations — which include maintainers of critical open-source software — use the same access to scan their codebases for the vulnerabilities Mythos is uniquely capable of finding.

• AWS — hardening cloud infrastructure and managed services used by millions of enterprises worldwide
• Apple — securing macOS, iOS, and the Safari browser across its 2 billion active devices
• Google — hardening Chrome, Android, and Google Cloud infrastructure
• Microsoft — securing Windows, Azure, and the Edge browser
• CrowdStrike — integrating Mythos findings into threat intelligence and endpoint detection
• JPMorganChase — financial sector infrastructure security across one of the world's largest banks
• NVIDIA — securing AI acceleration hardware, drivers, and the CUDA stack
• Linux Foundation + 40+ open-source maintainers — scanning the critical open-source infrastructure underpinning global digital systems
• Palo Alto Networks and Cisco — network security infrastructure and enterprise firewall protection

Anthropic has committed up to $100 million in model usage credits to Project Glasswing participants during the research preview period. Beyond the direct industry consortium, Anthropic donated $2.5 million to the Alpha-Omega project and OpenSSF through the Linux Foundation, and $1.5 million to the Apache Software Foundation — targeting the open-source infrastructure that underpins the majority of the world's digital systems and which, by definition, has no single corporate owner responsible for security hardening.

The UK Response: Regulators Move Fast

The UK has been among the most active and coordinated responders to the Mythos announcement. The UK AI Safety Institute conducted and published an independent capability evaluation — one of the most transparent government assessments of a frontier model ever published. Separately, the Bank of England, the Financial Conduct Authority, and the Treasury entered urgent discussions with the National Cyber Security Centre to examine potential systemic risks to UK financial infrastructure. Banks, insurers, and exchanges were scheduled to receive regulatory briefings within two weeks of the April 7 announcement.

CyberScoop reported that UK and US cybersecurity organisations are developing coordinated response frameworks, given that the vulnerabilities Mythos identified exist in software used globally. The implicit message is clear: there are no borders in software infrastructure. Every enterprise running major operating systems and browsers is affected, regardless of jurisdiction.

What Claude Mythos Means for Your Business Right Now

For the vast majority of businesses, direct access to Claude Mythos Preview is not available — the model is invitation-only for Project Glasswing participants. But the downstream effects of its existence will be felt by every organisation that runs software, which is every organisation. Here is what business leaders need to understand and act on.

Patch cycles need to shorten — significantly

The Mythos findings reveal that the world is sitting on a mountain of unpatched vulnerabilities, many of them decades old. As the Project Glasswing partners scan and patch their codebases, the software your business runs on will become substantially more secure over the coming months. But within 12–24 months, Anthropic has signalled that enterprises will likely gain access to AI models with comparable discovery capabilities — meaning both defenders and attackers will be able to scan codebases at Mythos-class depth. Organisations that still treat patching as a quarterly exercise will find themselves catastrophically exposed.

AI-powered security scanning is coming to your stack

Within one to two years, the same category of capability that Mythos demonstrated will reach broader enterprise deployment. Organisations that begin building internal AI security programmes now — establishing tooling, governance, and process for AI-assisted vulnerability management — will be positioned to use these tools effectively and responsibly when they arrive. Those that wait will be scrambling.

Governance frameworks need updating today

When AI agents with infrastructure-level access enter enterprise environments — whether through future Glasswing-style programmes or commercial availability — they will represent a new category of powerful autonomous agent that current AI governance frameworks at most organisations are simply not designed to manage. CISOs and boards should begin updating their AI risk frameworks now, before these tools arrive, not after.

• Conduct an immediate inventory of software dependencies across your stack and prioritise patching anything flagged in CVE databases
• Move to automated patch deployment where possible — eliminate manual, quarterly patch review cycles entirely
• Review your AI governance framework to explicitly account for agentic AI with system-level access
• Assess your cyber insurance coverage — underwriters are already repricing risk in light of the Mythos findings
• Monitor NCSC and AISI guidance closely — UK-specific frameworks for AI-powered cybersecurity risk are being developed and will carry regulatory weight for UK-regulated businesses

The Bigger Picture: A New Threshold in AI Capability

The significance of Claude Mythos goes far beyond cybersecurity. It marks the first time in the history of commercial AI that a company has built a frontier model, determined it too capable for public release, and structured a controlled deployment consortium around it. This is a genuinely new moment in the trajectory of the technology — and a preview of a dynamic that will likely repeat.

What Anthropic has demonstrated is that the race between AI capability and AI safety is real, not theoretical. Mythos did not require any special "hacking" training — its cybersecurity capabilities emerged from the same general reasoning and coding abilities that make frontier models valuable for business. The security breakthrough is a consequence of the same skills that would make Mythos extraordinary at writing production code, analysing legal documents, or orchestrating multi-step autonomous agent workflows.

The model represents a step change in AI performance and is the most capable we have built to date.

— Anthropic spokesperson, March 2026 (via Fortune)

The consortium structure of Project Glasswing also sets a template worth watching. The 12 founding partners — every major cloud provider, the world's leading cybersecurity companies, and the largest US financial institution — now have access to defensive capabilities their competitors do not. In the near term, this widens the security gap between Glasswing participants and the broader enterprise ecosystem. In the medium term, it establishes a model: frontier AI capabilities may increasingly be channelled through controlled consortia before (or instead of) broad public release.

The Opportunity Inside the Alarm

It would be easy to read the Mythos story as purely a threat narrative. But for businesses that are building serious AI programmes, it is also a signal of extraordinary opportunity. The same reasoning and code comprehension capabilities that make Mythos alarming in a security context make the next generation of business AI systems extraordinarily powerful for every other application. The model that can autonomously find a 27-year-old bug in a multi-million-line codebase is the same class of model that can autonomously analyse your entire customer dataset, build and test complex software, and orchestrate end-to-end business workflows without human intervention.

Claude Mythos is a wake-up call for how fast frontier AI is advancing. If your business does not have a clear AI adoption roadmap — covering both the opportunity and the risk — you are already operating with an information disadvantage. The capability curve is steeper than most organisations' planning assumptions. What felt like a 2028 problem is a 2026 problem. What feels like a 2026 problem today may arrive in 2025.

Sources & Further Reading

This article is based on primary reporting and official publications from the following sources. All facts, benchmark figures, partner names, and financial commitments cited are drawn directly from these references.

1. Anthropic Red Team Blog — "Claude Mythos Preview" (April 7, 2026): red.anthropic.com/2026/mythos-preview — Primary source. Anthropic's official technical write-up of Mythos Preview's capabilities, the zero-day findings, and the decision not to release publicly.
2. Anthropic — "Project Glasswing: Securing Critical Software for the AI Era" (April 7, 2026): anthropic.com/glasswing — Official announcement of Project Glasswing, partner list, and $100M usage credit commitment.
3. Fortune — "Exclusive: Anthropic 'Mythos' AI model representing 'step change' in power revealed in data leak" (March 26, 2026) — Original breaking story by Bea Nolan. Fortune.com.
4. Fortune — "Anthropic accidentally leaked details of a new AI model that poses unprecedented cybersecurity risks" (March 27, 2026) — Follow-up on the security implications of the leak. Fortune.com.
5. Fortune — "Anthropic is giving some firms early access to Claude Mythos to bolster cybersecurity defences" (April 7, 2026) — Full Glasswing launch coverage. Fortune.com.
6. Fortune — "Anthropic's Mythos finds software flaws faster than companies can fix them" (April 14, 2026) — Analysis of the patching gap created by AI-powered vulnerability discovery. Fortune.com.
7. TechCrunch — "Anthropic debuts preview of powerful new AI model Mythos in new cybersecurity initiative" (April 7, 2026) — Independent confirmation of Mythos capabilities and Glasswing launch. TechCrunch.com.
8. The Hacker News — "Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems" (April 2026) — Technical analysis of the zero-day vulnerability findings. TheHackerNews.com.
9. UK AI Safety Institute (AISI) — "Our evaluation of Claude Mythos Preview's cyber capabilities" (April 2026): aisi.gov.uk — Independent UK government evaluation of Mythos Preview's offensive cybersecurity capabilities.
10. InfoQ — "Anthropic Releases Claude Mythos Preview with Cybersecurity Capabilities but Withholds Public Access" (April 2026) — Technical community analysis. InfoQ.com.
11. NBC News — "Why Anthropic won't release its new Claude Mythos AI model to the public" (April 2026) — Mainstream coverage of the withholding decision. NBCNews.com.
12. Euronews — "What is Anthropic's Mythos? The leaked AI model that poses 'unprecedented' cybersecurity risks" (March 30, 2026) — European perspective on the leak and its implications. Euronews.com.
13. Forrester — "Project Glasswing: The 10 Consequences Nobody's Writing About Yet" (April 2026) — Analyst take on the broader industry implications of Project Glasswing. Forrester.com.
14. Linux Foundation — "Project Glasswing: Giving Maintainers Advanced AI to Secure the World's Code" (April 2026) — Official Linux Foundation statement on open-source participation in Glasswing.
15. CrowdStrike — "CrowdStrike Founding Member: Anthropic Mythos Frontier Model to Secure AI" (April 2026) — CrowdStrike's perspective as a founding Glasswing partner. CrowdStrike.com.