There is a 27-year-old vulnerability in OpenBSD. OpenBSD is not some dusty legacy codebase; it has a reputation as one of the most security-hardened operating systems in existence. Security professionals have been over it with a fine-toothed comb for nearly three decades. Automated tools have hammered it. And last month, an AI model found a remote crash vulnerability that had been sitting in it the entire time.

The same model found a 16-year-old bug in FFmpeg, the video encoding library that underpins a vast stretch of the world's software. In a line of code that had been hit by automated testing tools five million times. Five million attempts, no result. The model got it.

This is Claude Mythos Preview. And Anthropic are not shy about what it is.

What they built

Mythos Preview is a frontier model trained specifically to be exceptionally good at reading, reasoning about, and exploiting code. Anthropic's own description of it is pretty blunt: it has "reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities." They didn't bury that sentence. They put it in the opening paragraph.

The headline numbers are striking. On CyberGym, a cybersecurity benchmark, Mythos Preview scores 83.1% compared to Opus 4.6's 66.6%. On SWE-bench Verified, a coding task benchmark, it scores 93.9% against Opus 4.6's 80.8%. On Humanity's Last Exam with tools, it hits 64.7%. These are not incremental improvements. This is a different class of capability.

More concretely: in the weeks before the announcement, Anthropic used Mythos Preview to identify thousands of zero-day vulnerabilities. Not theoretical vulnerabilities. Not "in a test environment" vulnerabilities. Zero-days in every major operating system and every major web browser. The Linux kernel. Firefox. Safari. Windows. Bugs that had survived years of professional security review, then a model found them autonomously, without any human steering.

Anthropichave reported all of them to the relevant maintainers and are sitting on the rest until patches are in place. But the point stands: a single model, in a matter of weeks, found more critical security flaws than most security teams discover in years.

Project Glasswing and the coalition

This is where it gets interesting, because Anthropic didn't just build a thing and announce it. They built a thing and immediately convened everyone who matters in tech security to use it defensively before the announcement went live.

Project Glasswing is a coalition of AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. That is not a list of organisations that typically announce things together. Getting all of those parties to coordinate on anything, let alone a joint security initiative built around a single AI model, suggests Anthropic went to them with something genuinely alarming.

The model is named, incidentally, for the Ancient Greek word for "utterance" or "narrative" - the system of stories through which civilisations made sense of the world. That's either a very considered choice or remarkable hubris. Possibly both.

Anthropichave committed $100 million in usage credits to Glasswing partners, plus $4 million in donations to open-source security organisations. They've extended access to over 40 additional organisations that maintain critical software infrastructure. The stated logic is: put these capabilities in the hands of defenders before adversaries develop equivalent tools independently.

The dual-use problem, made enormous

Here is the tension at the heart of all of this, and Anthropic are well aware of it. The same model that can find a 16-year-old bug in FFmpeg can also exploit it. The same reasoning capabilities that make Mythos Preview invaluable for defence make it extremely dangerous in the wrong hands.

CrowdStrike put it starkly: "The window between a vulnerability being discovered and being exploited by an adversary has collapsed. What once took months now happens in minutes with AI."

That sentence deserves sitting with for a moment. The entire field of vulnerability disclosure is built around the assumption that there is a meaningful gap between discovery and exploitation - enough time for a patch to be developed, tested, and distributed before attackers can weaponise a flaw. Mythos Preview compresses that window dramatically. And it doesn't just find vulnerabilities; it develops exploits. The OpenBSD bug wasn't just identified: the model worked out how to use it.

Anthropichave made a deliberate bet: release to defenders now, before adversaries have equivalent capability, and use that head start to patch as much of the world's critical software as possible. You can argue about whether that bet is correct. But you cannot argue they haven't thought about it.

Why "not releasing publicly" is only half an answer

Mythos Preview will not be made publicly available. Anthropic have been clear about that. Access is restricted to vetted security partners. The plan is to develop robust safety guardrails using an upcoming Opus model before anything Mythos-class reaches general release.

This is probably the right call. It is also, in the medium term, largely beside the point.

The capabilities Mythos Preview demonstrates are the result of applying enough compute and training to the right objectives. Anthropic is not the only organisation with the resources and expertise to do that. If you believe the AI capability curve continues upward, and there is no serious evidence that it won't, the question isn't whether a powerful code vulnerability model exists. It's who has it, and what they do with it.

Anthropicknow this. Their own announcement says so: "Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely." They built this to get ahead of that moment, not to prevent it.

What it actually means

The conventional wisdom in AI security has been that language models are useful assistants for security researchers: write some boilerplate, help document findings, speed up repetitive tasks. What Mythos Preview represents is a different category of thing. It is not a tool that helps security experts. It is an autonomous agent that conducts security research at a level competitive with the best human experts.

That is a qualitative shift, not a quantitative one. And the implications spread in every direction.

For defenders: every organisation running critical infrastructure now has access to something that can find the bugs that survived decades of human review. That is genuinely useful and the industry should use it aggressively.

For attackers: any adversary who develops or acquires equivalent capability no longer needs a team of elite human security researchers. They need compute and access. The barrier to sophisticated cyberattacks just dropped.

For the security profession: a model that scores 93.9% on SWE-bench Verified and finds zero-days autonomously is not a junior assistant. The role of human security expertise is being redefined in real time.

For everyone else: a lot of the software that runs hospitals, power grids, financial systems, and national infrastructure has been sitting with undetected vulnerabilities for years. Some of those vulnerabilities are now being found and patched. Others may be found and exploited before a patch exists.

Anthropicnamed this model after the ancient stories civilisations used to make sense of the world. Given what it can do, that seems about right. We're going to need some new ones.