Anthropic Mythos Expands to 200+ Organizations: The AI That Found 23,000 Vulnerabilities

Anthropic Mythos Preview is Anthropic’s most capable model to date, and you cannot find it on any public API. On June 2, Anthropic announced it is expanding Mythos access to 150 additional organizations, bringing the total count under the Project Glasswing framework to roughly 200. New members include NATO, Samsung, Okta, and the EU’s cybersecurity agency ENISA.

The 150 new organizations span more than 15 countries, concentrated in the power, water, healthcare, communications, and hardware supply chain sectors. The common thread: a successful cyberattack on any one of them would affect more than 100 million people.

181 Working Firefox Exploits vs. 2 for the Previous Model

The reason Anthropic chose to restrict access comes down to a qualitative leap in Mythos’s exploitation capabilities.

The Firefox test is the clearest evidence. Researchers gave Mythos Preview and its predecessor, Opus 4.6, the same set of Firefox vulnerabilities and asked each model to produce working JavaScript shell exploits. Opus 4.6 succeeded twice across hundreds of attempts. Mythos Preview succeeded 181 times. On OSS-Fuzz control-flow hijack benchmarks, Opus 4.6 completed one target; Mythos completed ten.

CyberGym benchmark scores tell a similar story: 83.1% for Mythos versus 66.6% for Opus 4.6. The gap looks moderate on paper, but the real-world exploitation rate difference is an order of magnitude higher. Anthropic noted in its technical report that these capabilities were not the result of deliberate security-focused training. They emerged as “a downstream consequence of general improvements in code, reasoning, and autonomy.” In other words, offensive security ability came along uninvited when the model got smarter.

Across the Glasswing program so far, Mythos has identified over 23,000 potential vulnerabilities. More than 6,000 are estimated to be confirmed severe flaws. The number that have been patched: 75.

The gap between discovery and remediation is the central tension in the project right now.

Project Glasswing: 12 Founding Members and $104 Million in Commitments

Project Glasswing was co-founded by twelve organizations: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic. Financial commitments include $100 million in model usage credits and $4 million in direct donations to open-source security organizations.

The vulnerabilities Mythos has surfaced illustrate why the project targets legacy codebases. A 27-year-old remote crash flaw in OpenBSD. A 16-year-old bug in FFmpeg that survived five million automated test runs. Multiple Linux kernel privilege escalation vulnerabilities. These issues persisted through decades of human review and automated fuzzing. Mythos found them through autonomous reasoning. More details are available on Anthropic’s Project Glasswing page.

Why Anthropic Is Not Making Mythos Publicly Available

Anthropic explicitly stated that Mythos Preview will not be made generally available. A model capable of writing working remote code execution exploits against major software in minutes would, if released as a standard API, lower the barrier for attackers to near zero.

The alternative Anthropic chose is controlled access: grant usage rights to organizations with the capacity to handle the tool responsibly, paired with coordinated disclosure workflows. The addition of NATO and ENISA extends the Glasswing framework into government-level cross-border defense, covering territory well beyond the founding tech companies.

According to SecurityWeek’s report on the expansion, Anthropic is also working on improving how vulnerability reports are formatted for open-source maintainers, trying to speed up remediation from the process side.

Six thousand severe vulnerabilities found. Seventy-five patched. The next problem to solve may already be whether AI can automate the remediation work itself.

If this was useful, subscribe to the newsletter for weekly AI PM insights and GenAI case studies.