Anthropic disclosed last month that its newest model, Mythos, can identify and exploit unpatched software vulnerabilities at a pace that has unsettled even the company's own red team. In the weeks since, internal evaluations have produced thousands of zero-day findings across every major operating system and web browser, along with a long list of N-day exploits weaponised from already-disclosed bugs.
Rather than ship Mythos broadly, Anthropic has routed it through Project Glasswing, a controlled-access programme limited to a small group of US firms — Apple, Amazon, JPMorgan Chase and Palo Alto Networks among them — and a curated list of open-source maintainers. The aim, the company says, is to give defenders a head start before models with similar capabilities reach the open market.
The model is not yet generally available, and Anthropic has declined to publish technical details that would aid replication. The UK AI Security Institute's evaluation, published this week, called Mythos's offensive cyber capabilities "qualitatively new" and noted that the model was the first the institute had assessed to find a critical vulnerability in production browser code without human guidance.
Cybersecurity teams have spent the past month racing to consume the disclosures Anthropic and Project Glasswing partners have shared. CNBC reported that some banks have stood up dedicated triage teams to process the inbound advisories; Firefox has, according to TechCrunch, restructured large parts of its security organisation around the incoming work.
OpenAI responded last week with the announcement of GPT-5.5-Cyber, a model the company says is fine-tuned for vulnerability research and offered, like Mythos, only to vetted partners. Sam Altman called the move "the new normal" for frontier model releases.
Anthropic CEO Dario Amodei used the term "moment of danger" in a CNBC interview last week, arguing that capability gains in offensive cyber are now outpacing the ability of incumbent defensive tooling to keep up. He said the company expected the gap to widen before it narrowed.
The Pentagon, separately, has reopened conversations with Anthropic after excluding it from a recent round of $200 million-plus AI contracts awarded to eight competitors. Anthropic had insisted on safety guardrails that the Trump administration initially considered a bar to defence contracting; the Mythos disclosures have changed that calculus.
Outside the US, regulators in the EU and UK have asked for early access to Mythos under existing frontier-model agreements. Anthropic has separately committed roughly $200 billion over five years to Google Cloud and TPU access, with Amazon adding a further $5 billion in late April.