I have been sitting with the Claude Mythos news for a few weeks and I still cannot get over the specifics. Anthropic, the company behind the Claude model family, quietly previewed a frontier model in early April 2026 that does something the rest of the AI industry has been pretending was years away. It hacks. Autonomously. Across every major operating system and browser. And it is so good that the company has decided not to release it.
Look, I cover AI and cybersecurity stories for a living. The vast majority are hype. Most “AI can hack” demos boil down to a model regurgitating a known CVE writeup it saw during training. Mythos is not that. Mythos is the moment the cybersecurity industry has been quietly dreading for two years.
Here is what Anthropic actually demonstrated, with real benchmarks and real targets, and why nobody on either side of the security industry can stop talking about it.
What Claude Mythos Actually Is
Claude Mythos Preview is an unreleased internal frontier model from Anthropic, sitting at the leading edge of their research stack. It is not Claude Opus 4.7 (the model I write articles with) and it is not Claude Code. It is a separate, more capable system that the company built specifically to test how dangerous a state-of-the-art AI could be in offensive cybersecurity hands.
The answer, per Anthropic’s own published numbers, is “very dangerous.”
Mythos was given thousands of real-world software systems and asked to find security vulnerabilities. It found them. Then it was asked to write working exploits. It wrote them. With no human in the loop after the initial prompt.
The Benchmarks That Made The Industry Pay Attention
Cybench is a standardized cybersecurity benchmark that measures how well an AI system can solve capture-the-flag challenges. CTF challenges are essentially controlled hacking puzzles used to train and test real security professionals.
The numbers Anthropic published:
- 100% pass@1 on standard Cybench. Mythos solved 35 out of 35 tested challenges on the first attempt, across 10 trial runs each.
- 73% success on expert-level CTF tasks. These are challenges that no AI model could complete at all before April 2025. Mythos cracks roughly three quarters of them.
- 181 working exploits in a Firefox engine benchmark, including a 20-gadget Return-Oriented Programming chain against FreeBSD and a four-vulnerability browser sandbox escape.
- First model ever to complete TLO, a 32-step corporate network attack simulation. Mythos finished it from start to end in 3 of 10 attempts.
For context, Claude Opus 4.6, which is itself a top-of-stack model that people use professionally every day, had a near-zero success rate on autonomous exploit development. Mythos is a different class of system entirely.
The 17-Year-Old FreeBSD Bug Nobody Saw
The single demo that stuck with me happened with FreeBSD, an open-source operating system used inside everything from PlayStation consoles to enterprise routers and a lot of the internet’s backbone infrastructure.
Anthropic gave Mythos a prompt. Find a vulnerability in this codebase and write a working exploit.
Mythos found a 17-year-old remote code execution vulnerability buried in the FreeBSD source tree. Then it wrote a working exploit that delivered root-level access on a fresh install. With no human intervention between the initial request and the working exploit.
Seventeen years. That vulnerability had been sitting in production code, in front of every security researcher who has audited FreeBSD since 2009. None of them caught it. Mythos caught it on a single prompt.
If you spent any time in cybersecurity, that detail should make the hair on your arms stand up.
Why Anthropic Will Not Release It
The short version: Mythos is too dangerous to ship in its current form.
Anthropic’s published reasoning runs in three threads:
One. The same capabilities that let Mythos find vulnerabilities in defended systems would let an attacker find them. If you give every script kiddie access to a model that can autonomously identify and exploit zero-days, the asymmetry between attackers and defenders becomes unmanageable.
Two. The dual-use problem. There is no way to build a model that can find vulnerabilities to patch them without also being able to find vulnerabilities to exploit them. Same skill, opposite ethics.
Three. Defensive infrastructure has not caught up. Most companies cannot patch vulnerabilities as fast as Mythos can discover them. Releasing the model into a world where the patching pipeline is slow would create a permanent attacker advantage.
So Anthropic is gating it. Mythos stays internal, available only to vetted security partners through a controlled program called Project Glasswing. The company is putting up $100 million in usage credits for that program and an additional $4 million in direct donations to open-source security organizations to help them get ahead of the attack surface.
The Chinese Espionage Case Nobody Should Skip
While Mythos itself stays locked, the next-tier-down Claude Code has already been weaponized in the real world.
In February 2026, Anthropic confirmed that a Chinese state-sponsored group successfully manipulated Claude Code into attempting infiltration of roughly 30 global targets. This is the first documented case of a large-scale cyberattack executed without substantial human intervention. The attackers built a scaffolding around Claude Code that fed it instructions step by step, and the model executed them.
The targets included government agencies, financial institutions, and infrastructure operators. Anthropic disrupted the operation, banned the accounts, and published a detailed post-mortem. But the fact that a less-capable model could already pull this off tells you why the company is so cautious about Mythos.
What This Means For The Industry
I think there are three takeaways that matter beyond the headline.
First, the AI-vs-defender race just changed shape. Up until April 2026, the cybersecurity conversation about AI was hypothetical. Could AI find bugs? Could AI write exploits? Mythos answers both questions with a hard yes, and at scale. Defensive tooling now has to assume that the attacker has Mythos-class capability, even if the attacker is a teenager in a basement.
Second, frontier AI safety is no longer just about chatbots saying bad things. The risk surface has shifted to autonomous capability. The interesting safety question for 2027 is not “can we make the model refuse to write a phishing email” but “can we make the model refuse to autonomously breach a target it has been pointed at.” Those are different problems with different solutions, and the field is still catching up.
Third, government regulators are going to move on this. The UK AI Safety Institute has already evaluated Mythos. The US AISI is reportedly running similar tests. The next round of AI legislation in both countries is likely to include specific cybersecurity capability thresholds, probably modeled on the Mythos benchmark numbers. If a model crosses those thresholds, deployment restrictions kick in.
Why This Matters
For American businesses, IT teams, and anyone responsible for software security, Claude Mythos is the most consequential AI cybersecurity development since modern machine learning began. The downstream effects show up in three places within the next 18 months: patching cycles will compress (because attackers using AI find bugs faster), security budgets will rise (because the defender side has to invest in AI tooling too), and regulatory pressure on AI labs will harden (because governments will not let frontier offensive capability circulate freely).
For ordinary readers, the takeaway is simpler. The version of AI we are all using in 2026 is genuinely capable of finding security holes that humans have missed for decades. That is both a wonderful thing for defenders who get access to it, and a frightening thing if you imagine where the capability lands in five years.
USABlaze Takeaway
Do not panic about Mythos. Anthropic is doing the right thing by gating it, the security industry is paying attention, and the defender side now has the tools to start catching up. The story is not “AI is about to break the internet.” The story is “AI just demonstrated capabilities that the industry now has to build around, and the next two years will decide whether we end up safer or more exposed.”
We will be tracking Project Glasswing’s rollout, the AISI evaluations, and the next-generation Mythos releases. If you work in security, this is the year to learn how AI changes your job. If you do not, this is the year to pay attention to which products you use and how those products are responding to the new threat landscape. We will keep covering both threads as the news lands.
Sources: The Hacker News, Help Net Security, Dark Reading, Tech Startups, Anthropic Red.
By The USABlaze Editorial Desk