What Happened

Anthropic has not publicly released its latest model, Claude Mythos , opting instead to make it available exclusively to a curated set of preview partners through a program called Project Glasswing. The decision is driven by Mythos's demonstrated ability to autonomously develop high-severity exploits at a scale and sophistication that Anthropic believes requires the broader software industry time to prepare defenses before wider deployment.

Claude Mythos Preview has already identified thousands of high-severity vulnerabilities across major operating systems and web browsers during restricted testing. Anthropic's framing is direct: this capability will eventually proliferate regardless, but a controlled roll out gives critical infrastructure owners a head start on remed iation.

Technical Deep Dive

The capabilities documented by Anthropic's Red Team blog are specific and alarming. Claude Mythos Preview demonstrated three distinct classes of autonomous exploit development:

  • Browser exploit chaining: Mythos wrote a web browser exploit that combined four separate vulnerabilities into a single attack chain, implementing a complex JIT heap spray that successfully escaped both the renderer sandbox and the operating system sandbox.
  • Local privilege escalation: The model autonomously developed L PE exploits on Linux and other operating systems by identifying and exploiting subtle race conditions alongside KASLR bypass techniques — a class of attack that typically requires deep kernel internals knowledge.
  • Remote code execution via R OP chains: Mythos wrote a working RCE exploit against FreeBSD's NFS server that granted unauthenticated users full root access. The exploit split a 20-gadget Return-Oriented Programming chain across multiple network packets to evade standard mitigations.

The performance delta versus the current production model is stark. Anthropic's internal evaluations show Claude 4.6 Opus scoring near 0% on autonomous exploit development benchmarks. Mythos Preview achiev es meaningful success rates on the same tasks — the full percentage is not disclosed in available documentation, but the qualitative gap is described as substantial.

Project Glasswing Scope

Partners accepted into Project Glasswing receive Mythos Preview access scoped to four primary use cases: local vulnerability detection, black-box binary testing, endpoint hardening, and penetration testing of foundational systems. The target surface is explicitly systems that constitute a large portion of the world's shared cyberattack infrastructure — operating systems, browsers, network services, and similar foundational software.

Anthropic's system card for Mythos (released as a PDF alongside the announcement) provides additional technical constraints on how the model behaves within the preview program, though full details of the access controls and rate limits applied to Glasswing partners have not been made public.

Comparison to AI Safety Norms

This approach mirrors the staged access model used for dual-use biological research tools and represents a meaningful departure from Anthropic's standard model release cadence, where capabilities become generally available through the API shortly after announcement. The Glasswing structure is closer to a responsible disclosure program applied at the model level rather than at the vulnerability level.

Who Should Care

Security engineers and vulnerability researchers at major software vendors should monitor Project Glasswing partner announcements closely — if your organization maintains found ational infrastructure (OS kernels, browser engines, network daemons), partnership may be worth pursuing to get ahead of the capability curve before broader proliferation.

Red team leads and penetration testers should treat Mythos's documented capabilities as a near -term threat model baseline. If Mythos can autonomously produce a 20-gadget ROP chain split across NFS packets today, similar capability from less safety-conscious actors is a realistic planning horizon within 12-24 months.

AI safety researchers and policy teams will find the Glasswing model itself notable — it represents Anthropic's first public instance of deliberately withholding a general-purpose model from commercial release on safety grounds, a decision that sets a precedent regardless of whether it proves technically sufficient.

What To Do This Week

If you run infrastructure that qual ifies for Project Glasswing, submit an expression of interest directly through Anthropic's partnership channels . Early access to Mythos Preview for defensive purposes is the most concrete near -term action available.

For security teams not eligible for Glasswing, treat the documented Mythos capabilities as a red team planning input now. Specifically:

  • Audit JIT compiler hardening and heap isolation in any browser engine your organization ships or embeds.
  • Review kernel KASLR implementation and race condition exposure in Linux-based systems, particularly around syscall boundaries.
  • Audit NFS server configurations and ensure unauthenticated access paths are eliminated or hardened against ROP-style packet- splitting attacks.

For developers building on Anthropic's API, no immediate action is required — Mythos is not available via standard API access and there is no announced timeline for general availability. Monitor Anthropic's model release notes and system card publications for updates.

# Check your N FS exposure as a basic hygiene step show mount -e localhost # Ensure no exports are open to wildcard hosts cat /etc/exports | grep -v '^#' | grep '*'

The Anthropic Red Team blog post on Mythos cybersecurity capabilities contains the most technically detailed public documentation currently available and is worth reading in full for teams doing threat modeling against AI-assisted exploitation.