Anthropic's latest Claude Mythos Preview is not open to the public at the pace of conventional large models, but is first put into defensive cybersecurity research scenarios. The reason is straightforward: the model's capabilities in zero-day vulnerability discovery, chain generation and reverse analysis have forced large model companies to talk about security boundaries first and then product expansion.
Mythos Preview was first put into the secure sandbox
Anthropic announced on April 7 that Claude Mythos Preview is a general-purpose language model, but its most prominent capabilities fall on cybersecurity tasks, especially vulnerability mining and exploitation development. Project Glasswing, which was launched at the same time, first handed over the model to key industry partners and open source developers.
This means that instead of treating Mythos Preview as a normal model iteration, Anthropic treats it as a new variable that could change the balance of offense and defense. The access method is not an open call, but an invitation-only gated research preview, and the release signal is clear: the capability has reached a critical point, and the spread must be controlled first.
Zero-day vulnerability mining has entered the AI acceleration period
Anthropic disclosed that Mythos Preview was able to find and exploit zero-day vulnerabilities in mainstream operating systems and browsers in testing, and even found an OpenBSD vulnerability that had existed for 27 years. More sensitively, the team said the model can also string together multiple vulnerabilities into a complete attack chain, including browser sandbox escape and remote code execution.
Judging from the benchmarks, this leap is not a minor fix. Previously, Opus 4.6 had a success rate of nearly zero in autonomous exploit development, while Mythos Preview has been able to generate runnable exploits multiple times in similar experiments. The improvement of model capabilities is no longer just about "writing code better", but is beginning to approach part of the actual process of security researchers.
AI security products are being redefined
What is more worthy of the industry's vigilance is not whether the model will find bugs, but that it lowers the threshold. Anthropic bluntly states that engineers without formal security training backgrounds may also be able to obtain available exploits of remote code execution vulnerabilities overnight with the help of Mythos Preview. This rewrites the user profile of the security tool.
This is also a direct change to the AI industry chain. In the past, when we talked about AI for Security, we focused more on alarm classification, log analysis, and automatic repair. Now the cutting-edge model has begun to cover the complete chain of "discovering vulnerabilities, verifying problems, generating and utilizing", and the commercial value and governance pressure of large security models have been increased at the same time.
The industry judgment behind Project Glasswing
Project Glasswing's list of partners includes Amazon Web Services, Apple, Cisco, CrowdStrike, Google, Microsoft, NVIDIA, Palo Alto Networks, and the Linux Foundation, among others. Anthropic clearly wants to throw the model to the defenders first, patching critical software infrastructure ahead of a wider range of similar capabilities before it spills over.
This also reflects a more realistic judgment: generative AI is moving from office efficiency improvement tools to high-risk professional infrastructure. Whoever can encapsulate the model into vulnerability governance, patch validation, code auditing, and supply chain hardening processes will be more likely to have a say in the next round of AI security market.
When the large model competition has reached this stage, the judging criteria are no longer just list scores and reasoning speed. AI security is becoming one of the most sensitive and commercially penetrating battlegrounds for cutting-edge models, and Mythos Preview just puts this on the table ahead of time.
