A TWENTY-SEVEN-YEAR-OLD vulnerability sat undisturbed inside OpenBSD, an operating system widely reckoned to be among the most security-hardened ever shipped, running quietly inside firewalls, routers and high-security servers around the world. It had survived repeated audits and the scrutiny of a famously paranoid maintainer community. Then Anthropic pointed its newest model at the codebase, and the model found it.
The model, called Mythos Preview, is the latest tier of Claude and the first that Anthropic has refused to release publicly on safety grounds. According to Axios, Mythos can surface "tens of thousands" of vulnerabilities — orders of magnitude more than Opus 4.6, last year's flagship, which turned up roughly 500 zero-days in open-source software over its lifetime. It writes working exploits to accompany them, and reproduces a known vulnerability on the first attempt in 83.1% of cases. In testing it found bugs in every major operating system and browser, and chained several Linux kernel flaws together in a way that would let a single operator commandeer most of the world's servers. Logan Graham, who runs the company's frontier red team, told Axios that rival labs are between six and eighteen months from comparable capability.
Glasswing and the gun show
Rather than ship Mythos broadly, Anthropic is seeding it to roughly forty organisations under a programme called Project Glasswing …
Become a member to keep reading
Already a member? Sign in with your email at the top.
Start your 7-day free trialMembership includes:
- Full access to every article across all six domains
- 25+ original analytical articles each week
- The complete Vector archive, fully searchable
- Proprietary data visualizations and charts