Anthropic Mythos AI Found 2,000+ Vulnerabilities and Sparked a Global Scramble

Anthropic's Claude Mythos Preview — a general‑purpose AI model the company deems too dangerous for public release — found more than 2,000 previously unknown software vulnerabilities in just seven weeks of testing. That single finding equals roughly 30% of the world's entire annual output of discovered vulnerabilities before AI entered the picture, according to Fox News.

The model discovered bugs in every major operating system and every major web browser, Anthropic announced on its official Mythos assessment page. Some vulnerabilities had survived decades of human review and millions of automated tests. A 27‑year‑old bug in OpenBSD — an operating system famous for its security focus — allowed remote crashes of any machine running it. A 16‑year‑old flaw in FFmpeg had been hit by automated testing tools 5 million times without detection.

John Ackerly, CEO of data security company Virtru, put it plainly to:¹ "Mythos didn't pick a lock; it found thousands of locks that were never locked in the first place that no one even knew existed."

Unlike every other model Anthropic has shipped, Mythos Preview will not be made generally available. The company is restricting access to approximately 50 vetted organizations including Microsoft, Apple, Amazon Web Services, CrowdStrike, Google, JPMorgan Chase, and NVIDIA, as part of a new initiative called Project Glasswing.

Anthropic's reasoning: the same capability that finds vulnerabilities for defenders can find them for attackers — and the expertise barrier is collapsing. As Ackerly explained to,¹ "a person with bad intentions and no technical background could potentially use it to cause serious damage."

The model can also chain individually minor flaws into complete attack sequences. According to CNA, it can connect bugs the way a burglar plans a break‑in: "finding that first open window, using it to unlock a door from the inside and then disabling the alarm." Anthropic's own testing showed Mythos autonomously chained Linux kernel vulnerabilities to escalate from ordinary user access to complete machine control.

Over 99% of the vulnerabilities Mythos found remain unpatched, which is why Anthropic is using cryptographic SHA‑3 commitments instead of full disclosure — details will only be revealed after the coordinated vulnerability disclosure process completes.

The jump from Anthropic's previous top model to Mythos is not incremental. According to Anthropic's technical assessment, Mythos Preview scored 83.1% on CyberGym (vulnerability reproduction) versus Opus 4.6's 66.6%. On Firefox JavaScript engine exploits specifically, Opus 4.6 produced 2 working exploits out of several hundred attempts. Mythos Preview produced 181 working exploits plus 29 register controls.

On the OSS‑Fuzz benchmark, Mythos found 10 full control‑flow hijacks on fully patched targets at Tier 5 severity — the most dangerous category. Opus 4.6 and Sonnet 4.6 found zero at that tier. Mythos also demonstrated the ability to reverse‑engineer closed‑source binaries without source code access, making legacy systems with lost or forgotten source code vulnerable too, according to IBM.

Notably, Anthropic says these cybersecurity capabilities were not explicitly trained. "We did not explicitly train Mythos Preview to have these capabilities," the company wrote. "Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy." That's the part that should worry builders — the security capabilities are a side effect of being better at coding generally.

Within hours of Anthropic's public announcement, a small group of users on a private Discord server gained unauthorized access to Mythos. According to Fortune, the breach wasn't a sophisticated cyberattack — one group member was a third‑party contractor for Anthropic who already had legitimate access to the model. The group used previously leaked knowledge from AI training startup Mercor to guess the model's location.

The group has continued using Mythos but reportedly avoided launching cyberattacks to stay under the radar. Anthropic confirmed it is investigating the unauthorized access, telling the BBC it came "through one of our third‑party vendor environments."

David Lindner, CISO at Contrast Security, told ³ the leak was inevitable: "The more they add to this elite group, the more likely it was to get released to someone who shouldn't probably have access to it." His sharper warning: "If some random Discord online forum got access to it, it's already been breached by China."

The Mythos release has triggered an extraordinary wave of government action across three continents. Japan's Finance Minister Satsuki Katayama announced a task force to address cybersecurity risks in the financial sector, telling the:⁴ "We face a crisis unfolding right in front of us." The task force includes Bank of Japan Governor Kazuo Ueda and top executives of major Japanese banks.

In the UK, the government is negotiating with Anthropic to become the only government outside the US to receive a Mythos preview, delivered via the AI Security Institute, according to Finextra. UK technology minister Liz Kendall and security minister Dan Jarvis wrote an open letter to business leaders about AI cyber threats prompted by the Mythos release.

US Treasury Secretary Scott Bessent summoned Wall Street banking CEOs on April 8, 2026, to brief them on Mythos risks. Germany's Bundesbank chief Joachim Nagel called the model a "double‑edged sword," warning that all relevant institutions should have access to avoid competitive distortions, per.⁵

The urgency is rooted in a collapsing timeline. According to CNA, the average time between a software flaw becoming public and a working exploit being built dropped from 771 days in 2018 to less than 4 hours today.

Anthropic is trying to flip the Mythos problem into a solution through Project Glasswing, which gives partner organizations Mythos access to find and patch vulnerabilities before attackers do. Launch partners include AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.

Mozilla has already used a Mythos preview to identify and patch 271 vulnerabilities in Firefox, according to Fortune. Anthropic is committing up to $100 million in usage credits plus $4 million in direct donations to open‑source security organizations through the Linux Foundation and Apache Software Foundation.

CrowdStrike CTO Elia Zaitsev put it bluntly in Anthropic's announcement: "The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took months now happens in minutes with AI."

Post‑preview pricing for Mythos on the Claude API is set at $25 per million input tokens and $125 per million output tokens, available on Claude API, Amazon Bedrock, and Google Cloud Vertex AI.

Whether or not you ever touch Mythos directly, its existence changes the threat landscape for every developer shipping software. Here's what matters for builders:

Your code is now being attacked by machines that never sleep. As IBM's Dave McGinnis told:² "If the attackers aren't humans anymore, the defenders can't be humans anymore either. It's machine speed versus machine speed."

Open‑source dependencies are the softest target. Open‑source software underpins modern systems but is maintained by small teams with limited security resources. Jim Zemlin, CEO of the Linux Foundation, warned in Anthropic's announcement that open‑source code constitutes "the vast majority of code in modern systems, including the very systems AI agents use to write new software."

Basic security hygiene just became urgent. Richard Horne, head of the UK's NCSC, urged organizations to focus on fundamentals: updating software, upgrading legacy IT, and limiting access to vital systems. The old perimeter‑defense model — firewalls, intrusion detection, network monitoring — cannot keep pace with AI‑driven attacks that compress the attack lifecycle from weeks to minutes.

The capability will proliferate. As Anthropic warns, the rate of AI progress means these capabilities will soon proliferate beyond actors committed to deploying them safely. Other frontier AI labs are likely months away from comparable models. The question isn't whether your software will face AI‑driven vulnerability discovery — it's whether you'll find the bugs first or the attackers will.