Anthropic's new AI model, Mythos Preview, can autonomously find and exploit zero-day vulnerabilities across every major operating system and every major web browser. That is the company's own claim, published Wednesday on red.anthropic.com, and backed by benchmark numbers that are difficult to contextualize without recourse to weapons testing terminology.
The most cited result: Mythos Preview turned 181 of 200 Firefox JavaScript engine vulnerabilities into working exploits. Its predecessor, Opus 4.6, managed 2 out of several hundred attempts. Mythos Preview also achieved full control-flow hijack (tier-5, in Anthropic's own taxonomy) on ten separate, fully patched targets. Opus 4.6 reached tier-3 once. The 90.5x improvement is not a rounding error. It is a qualitative change in capability.
The model found bugs that humans missed for years. It found a now-patched 27-year-old vulnerability in OpenBSD, a 17-year-old remote code execution flaw in FreeBSD's NFS implementation that grants root to unauthenticated users, and a 16-year-old vulnerability in FFmpeg's H.264 codec that fuzzing runs measured in the millions had not caught. In one test, Mythos Preview chained four browser vulnerabilities together with a complex JIT heap spray that escaped both the renderer sandbox and the operating system sandbox in a single exploit. Anthropic describes these results in the language of defense. The capabilities themselves do not read as defensive.
The company has named this initiative Project Glasswing and committed up to $100 million in usage credits plus $4 million in direct donations to the Linux Foundation and Apache Software Foundation, according to Anthropic's Glasswing landing page. Launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, Nvidia, and Palo Alto Networks, alongside approximately 40 additional organizations. The list reads like a coalition of companies with a vested interest in the outcome of exactly this kind of research. That is worth noting, not as an accusation, but as context for why the partnership formed quickly and at this scale.
Anthropic frames Glasswing as a defender's tool: give security teams a model that finds vulnerabilities before attackers do, and the math changes in favor of defenders. The blog post does not dwell on what happens when the same model is directed by someone with different intentions. There is no mention of an exploit moratorium, a responsible disclosure framework with teeth, or a governance structure for deciding who gets access under what conditions. The blog says the model can identify and exploit zero-day vulnerabilities when directed by a user to do so. The conditional is doing significant work.
This is the gap Anthropic has not closed: the research demonstrates offensive capability, the partnership structure serves defensive ends, and the gap between those two things is governed by nothing more than the company's own say-so. The 27-year-old OpenBSD bug is now patched. The 17-year-old FreeBSD flaw is now patched. The model found them before anyone else did. That is genuine and valuable work. It is also exactly the kind of capability that does not become less powerful by virtue of being described as a reckoning for cybersecurity rather than a reckoning for everyone who runs software.
The research is real. The governance question is not answered.
