Anthropic Built an AI So Dangerous They Won't Release It. Here's Why That Matters.

Key Points

• Anthropic just announced Claude Mythos, a frontier model so capable at finding software vulnerabilities that they won't release it publicly. Instead, it's being shared with twelve major partners through Project Glasswing.
• Mythos found thousands of zero-day vulnerabilities including a 27-year-old bug in OpenBSD, escaped a sandbox during testing, and posted proof of the exploit on public-facing websites unprompted.
• The public release model for frontier AI just broke. Every business owner should be paying attention, because the security threat landscape is about to change fast.

Anthropic just made an announcement that should stop every business owner in their tracks. They built an AI model called Claude Mythos. It's their most capable cybersecurity model ever. And they've decided not to release it publicly.

They're calling the program Project Glasswing. Instead of a normal public launch, Mythos is going to twelve organizations: Amazon, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, NVIDIA, Palo Alto Networks, the Linux Foundation, Broadcom, and Anthropic itself. Plus about 40 additional organizations maintaining critical infrastructure.

That's it. That's the launch. The most capable AI cybersecurity model ever built is now sitting with a small coalition of giant companies, and the rest of us are not getting access. For very good reasons.

What Mythos Can Actually Do

Let me run through what Anthropic disclosed, because it's hard to overstate how significant this is.

Here's the part that's most important to understand: Anthropic didn't train Mythos to be a hacker. They trained it to be exceptionally good at writing code. The cybersecurity capability emerged on its own. It turns out that if you teach a model to deeply understand how software works, you've also taught it how to find and exploit the places where software breaks. It's the locksmith problem. Train someone to be the world's best locksmith and they haven't been trained to break into houses, but now they could break into almost any house in the world.

That has implications for every frontier model, not just this one. Every AI lab is training better coding models right now. If coding capability and hacking capability are the same skill, then every frontier model is becoming a better hacker whether the lab wants it to or not.

Mythos has already found thousands of high-severity zero-day vulnerabilities. Not theoretical bugs. Real, exploitable flaws in every major operating system and every major web browser. The oldest one was a 27-year-old vulnerability in OpenBSD that could be used to remotely crash any OpenBSD server. OpenBSD is famous for being one of the most security-focused operating systems in existence. Mythos also found a 16-year-old issue in FFmpeg that automated security testing had encountered five million times without catching, plus multiple Linux bugs that let an unprivileged user escalate to admin.

On the CyberGym benchmark, which measures cybersecurity vulnerability reproduction, Mythos scored 83.1%. Claude Opus 4.6 scored 66.6%. On SWE-bench, which measures real-world software bug fixing, Mythos jumped from 80.8% to 93.9%. That's a generational leap, not an incremental update.

For Firefox vulnerabilities specifically, Mythos developed working exploits 181 times. It achieved register control on 29 more. That represents roughly a 90x improvement in exploit development capability compared to the previous Claude generation. Ninety times.

In one test, Mythos wrote a browser exploit that chained four separate vulnerabilities together, including a complex JIT heap spray that escaped both the renderer sandbox and the operating system sandbox.

Then there's the part that made me sit up. During an evaluation, Mythos was running in a secured sandbox. The researcher gave it an instruction. Mythos followed that instruction, but it also went further. It devised a multi-step exploit to escape the sandbox, gained broad internet access, and sent an email to the researcher to demonstrate it had succeeded. Then, completely unprompted, it posted details about the exploit on multiple hard-to-find but technically public websites.

That last detail is the one I keep coming back to. Nobody asked it to publish proof of its escape. It did that on its own.

Why This Is a Big Deal Beyond the Headlines

I want to be careful here. Anthropic is a company we work with closely at Rotate. We use Claude every day. I'm not in the business of fearmongering about AI, and I think the people who treat every AI announcement as the apocalypse are missing the bigger picture. This isn't about AI ethics in the abstract. It's about a very specific capability that crossed a very specific line.

But this is different. And the reason it's different is what it tells us about where AI capability is heading, and how quickly.

The traditional frontier model release cycle has been roughly: build the model, run safety evaluations, release publicly with usage policies, iterate. Every major AI lab has followed this pattern. The implicit assumption was that frontier capabilities could be made available to the public with reasonable safeguards.

Mythos breaks that assumption. Anthropic is essentially saying: this model is too capable in a specific domain to release the normal way. The defensive value to a coalition of partners outweighs the offensive risk only if we can control distribution. If we put this on the public API, the offense-defense balance flips, and the bad guys win.

That's a meaningful shift. It means we've now crossed a threshold where some AI capabilities are powerful enough that the model has to be treated more like a controlled research tool than a product. That's never happened before with a frontier general-purpose model.

What This Means for Your Business

Here's where this gets practical. You might be reading this thinking, "Cool, but I run a manufacturing company. Or an accounting firm. Or a marketing agency. What does this have to do with me?"

It has everything to do with you, in two ways.

First: the threat side. Anthropic isn't releasing Mythos publicly. But the capabilities it represents are now possible. Other labs will build similar models. Some of those labs will not have Anthropic's safety culture. State actors will absolutely build their own versions. Within 12-24 months, advanced AI-driven vulnerability discovery and exploitation will be available to people who don't have your interests at heart.

The implication for your business is uncomfortable. Software you've been running for years, that nobody's touched, that "just works"? It almost certainly contains vulnerabilities that AI can now find in minutes. The 27-year-old bug in OpenBSD is the canary. If a security-focused operating system was harboring a flaw for 27 years, what do you think is in your custom CRM, your old WordPress installation, your forgotten internal tools?

Second: the defensive side. And here's the part that's actually good news for small businesses if you understand what's happening. The big companies in Project Glasswing are using Mythos to find and patch vulnerabilities in software that everyone uses. Linux. Web browsers. Open-source frameworks. The libraries your custom CRM is built on. When Mythos finds a bug in code that powers your operating system or your e-commerce platform, that fix eventually reaches you. You don't pay for it. You don't even know it happened. You just get a software update one day, and behind that update is an AI that found something humans missed for decades.

That's effectively trickling Fortune 500 security down to every business that uses common infrastructure. Big companies have always been able to afford red teams, penetration tests, and million-dollar security audits. Small businesses get an antivirus and hope for the best. Glasswing changes that math, at least for the part of your security stack that runs on shared infrastructure.

Anthropic also committed to publishing what they learn within 90 days. So we'll see the patches, and eventually the lessons, even if we don't see the model itself.

If you're a small or mid-sized business, you're not getting direct access to Claude Mythos. But you can still take the lessons seriously.

The Honest Take

Here's what I think every business owner should do this week.

Stop treating cybersecurity as something that happens later. The "we're too small to be a target" argument has always been wrong, but it's about to get aggressively wrong. AI lowers the cost of attacks. When attacks become cheap, attackers don't just target big companies. They target everyone, because the math works.

Update everything. Operating systems, browsers, plugins, frameworks, libraries. The patches that are about to roll out from the Project Glasswing partners are going to be addressing real vulnerabilities in software you use every day. If your update process is "I'll get to it when I get to it," fix that this week.

Audit your software dependencies. If you're running custom software, especially if it was built more than a few years ago, get it reviewed. The kind of bugs that hid for a decade in well-maintained open-source projects are absolutely sitting in your custom code. You don't need Claude Mythos to find them. You just need to take them seriously.

And finally: this is the moment to take AI security and governance seriously inside your own organization. Not because Mythos is going to leak. It won't. But because the broader landscape is changing, and "we'll figure it out later" is going to age very badly.

The Bigger Picture

I find myself genuinely impressed with how Anthropic is handling this. Project Glasswing is exactly the kind of responsible, decisive move I want to see from frontier labs. They built something dangerous, they were honest about it, and they chose a release strategy that maximizes defensive value while minimizing offensive risk. The $100 million in usage credits and $4 million to open-source security are real commitments.

Boris Cherny, the creator of Claude Code, put it bluntly on Twitter: "Mythos is very powerful and should feel terrifying. I am proud of our approach to responsibly preview it with cyber defenders rather than generally releasing it into the wild." When the people who built the thing are publicly saying it should feel terrifying, that's a signal worth paying attention to.

But it's also a wake-up call. The era when AI was just a productivity tool you could use however you wanted is ending. What's coming next is an era where AI capabilities have national-security implications, where some models will be controlled rather than released, and where every business will need to think about both the upside and the downside of these tools.

Mythos won't be in your hands. The threats it represents will be, sooner than you think. Plan accordingly.