The Mythos Moment

What Anthropic's newest model means for the people defending real networks

By the Emry Networks Security Team

A few months ago, if you had told most security engineers that an AI model would autonomously find a 27-year-oldvulnerability in OpenBSD—an operating system built, reviewed, and re-reviewed by some of the most paranoid engineers on the planet—they would have raised an eyebrow and kept patching. That is no longer a hypothetical. In April 2026, Anthropic pulled the curtain back on Claude Mythos Preview, a model it openly describes as too dangerous to release broadly, and the industry's assumptions about "how hard is it, really, to find a zero-day" shifted overnight.

This post is our attempt to make sense of the Mythos moment from two angles at once: what it means for defenders on the ground, and what it means for how we communicate risk to the people we protect.

1. What Mythos Actually Is

Claude Mythos Preview is a frontier model from Anthropic that the company is deliberately not releasing to the general public. Instead, it is being made available to a tight circle of roughly 50 organizations under a program called Project Glasswing—named after a butterfly whose wings are literally transparent, a nod to the kind of hiding-in-plain-sight vulnerabilities the model is designed to surface.

The launch partners read like a who's-who of critical infrastructure and platform providers: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Another 40-plus organizations—many of them maintainers of open-source projects that underpin everything we do—are being given access as well. Anthropic has committed up to $100 million in model usage credits to the effort, plus $4 million in direct donations to open-source security organizations.

Anthropic's framing is straightforward: the same capability that makes Mythos terrifying in the wrong hands makes iti nvaluable in the right ones. Project Glasswing is a bet that if defenders get there first, we can patch a decade of latent flaws before adversaries catch up.

The core claim in one sentence

AI has crossed a threshold where it can now find and exploit software vulnerabilities better than all but the most skilled human security researchers—and Anthropic is arguing that the only responsible response is to put that capability in defenders' hands  first.

2. Why This Is Different From "AI Finds a Bug" Headlines

We've all seen a lot of "AI found a vulnerability" stories over the last couple of years. Most were incremental—AI-assisted fuzzing, better static analysis, a senior researcher using a model to speed up their workflow. Mythos is categorically different, and it's worth spelling out why:

•        It operates autonomously. Anthropic reports that Mythos identified nearly all of the vulnerabilities it disclosed—and developed working exploits for many of them—entirely without human steering.

•        It finds things human review kept missing. The FFmpeg vulnerability it discovered sat in a line of code that automated fuzzing tools had hit five million times without catching it.

•        It chains exploits. In at least one case, the model autonomously strung together four separate vulnerabilities in a web browser to build a heap-spray exploit that escaped both the renderer sandbox and the OSsandbox.

•        The scope is civilization-scale. Anthropic reports finding zero-day vulnerabilities in every major operating system and every major web browser.

The benchmark numbers make the jump explicit. Against Opus 4.6—until recently the state of the art—Mythos Preview doesn't just edge ahead; it opens a gap that is hard to ignore:

Bear in mind these are snapshots from Anthropic's own reporting and should be read as vendor-published figures. Healthy skepticism is warranted. But the pattern across independent partner testimonials—Cisco, Microsoft, Palo Alto, AWS all describing the model as surfacing things previous generations missed—suggests the underlying capability shift is real, even if the exact magnitudes get debated.

3. What This Means If You Run a Business

Here is the part that matters for the people we actually serve: the CFO who signs the cyber-insurance check, the practice manager who just wants email to keep working, the board member asking "are we okay?" The honest answer is that the ground is moving, and the old mental models need updating.

The patch window is closing

CrowdStrike's CTO put it bluntly in Anthropic's announcement: what used to be a months-long gap between vulnerability discovery and active exploitation is collapsing into minutes. If your patching cadence assumes you have weeks to test and deploy, that assumption is now a liability. Defenders get the same speed advantage Mythos offers—but only if you're resourced to act on it.

Open-source hygiene is no longer optional

The vulnerabilities Mythos has been uncovering sit in the bedrock of the modern internet: OpenBSD, the Linux kernel, FFmpeg, browser engines. These are not exotic dependencies—they are running on your firewalls, your video conferencing, your backup systems, and the SaaS platforms you don't even think about. A software bill of materials (SBOM) and a repeatable process for tracking upstream advisories are no longer "mature program" nice-to-haves. They are table stakes.

Your attackers are getting the same tools, eventually

Anthropic is being unusually direct about this: these capabilities will proliferate. Holding Mythos back buys time, not permanence. The defensive playbook has to assume that within 12 to 24 months, a meaningful fraction of the threat actors targeting small and mid-sized organizations will have access to something roughly as capable.

What we're telling Emry clients

Three priorities for the next two quarters: (1) tighten your patch SLAs—especially for internet-facing systems and end-user browsers, (2) get an honest inventory of your open-source and third-party software exposure, and (3) invest in detection, not just prevention. If the exploit window collapses, the value of knowing you've been hit quickly goes up enormously.

4. The Marketing Angle: Talking About This Without Scaring Everyone

Let's switch hats for a moment. A lot of security vendors are going to use the Mythos announcement as a cudgel—fear-of-missing-out marketing dressed up as thought leadership. That's a trap worth avoiding, for three reasons.

First, fear-based messaging burns trust. Clients who've been told the sky is falling three times in 18 months tune out by the fourth. When something genuinely new arrives, they no longer know the difference. Mythos actually is a step change—spending the trust capital now on yet another "cyber pearl harbor" headline means we'll have nothing left when the moment calls for real urgency.

Second, the story is more interesting than fear anyway. The Project Glasswing model—frontier lab, platform companies, open-source maintainers, and the Linux Foundation all sitting at the same table—is a genuinely new pattern. It's the first time we've seen the AI industry treat a capability as dual-use from day one and build the rollout around that reality. That's a narrative worth telling honestly.

Third, buyers can smell a pivot. If your messaging last quarter was "AI is the future of your business" and this quarter is "AI is coming for your business," the whiplash reads as opportunism. The more defensible posture is consistency: AI raises the ceiling for attackers and defenders simultaneously, and the organizations that come out ahead are the ones who adopted both capabilities and discipline.

5. What We're Doing at Emry

We're treating the Mythos announcement as a forcing function rather than a product launch to react to. In the near term, that means three concrete changes to how we run client engagements:

•        Tightening our baseline patch SLAs, with a stronger emphasis on internet-exposed assets and browsers.

•        Formalizing open-source exposure reviews as a standing part of our M365 and endpoint assessments, not a point-in-time exercise.

•        Leaning harder into end-user education—because as AI raises the floor for sophisticated attacks, the human layer becomes both more exposed and, honestly, more fixable than the software layer.

We'll have more to share over the coming weeks as Anthropic publishes its 90-day Project Glasswing report and as the partner ecosystem (especially Microsoft's side of it, given how much of our client work lives inside M365) rolls out concrete defensive tooling built on top of Mythos-class capabilities.

The bottom line. Mythos doesn't rewrite what good security looks like—it raises the price of doing it poorly. The fundamentals still win: know your assets, patch on a real schedule, segment what matters, train your people, and assume you will be tested. What's new is that the test is going to come faster and look smarter than it used to.

Sources & further reading

Anthropic, "Project Glasswing: Securing critical software for the AI era"(anthropic.com/glasswing)

Anthropic Frontier Red Team, "Claude Mythos Preview" (red.anthropic.com)

Partner statements from Cisco, AWS, Microsoft, CrowdStrike, Palo Alto Networks, Google, and The Linux Foundation

‍