SAN FRANCISCO — Anthropic, the artificial intelligence safety company behind the Claude family of models, has disclosed that its latest creation can autonomously discover and exploit zero-day vulnerabilities across every major operating system and web browser — and has decided to keep it out of public hands.
The model, dubbed Claude Mythos Preview, succeeded on its first attempt in 83 percent of hacking scenarios during internal testing, chaining multiple exploits together without any human guidance. Rather than releasing the tool publicly, Anthropic is restricting access to roughly 50 handpicked organisations through a programme called Project Glasswing. The decision has ignited a fierce debate about who should control the most powerful cybersecurity capabilities ever built, and whether a private company should be the one making that call.
The announcement, made publicly on April 7 after a quiet briefing to US government officials a month earlier, sent shockwaves through both Silicon Valley and Wall Street. Goldman Sachs and several major banking CEOs convened emergency cybersecurity meetings in the days that followed. Over 99 percent of the thousands of vulnerabilities Mythos identified remain unpatched — including a 27-year-old bug buried in OpenBSD — raising the spectre of a digital landscape far more fragile than anyone publicly acknowledged.
| Parameter | Details |
|---|---|
| Model | Claude Mythos Preview |
| Company | Anthropic (San Francisco) |
| First-attempt success rate | 83% across major OS and browsers |
| Access programme | Project Glasswing (~50 organisations) |
| Unpatched vulnerabilities | Over 99% of thousands discovered |
| Oldest bug found | 27-year-old vulnerability in OpenBSD |
| Public announcement | April 7, 2026 (gov briefing ~March 7) |
Situational Breakdown
Anthropic’s red team blog post laid out the findings in clinical detail. During months of controlled testing, Mythos demonstrated an ability that no human penetration-testing team has ever matched at scale: it could scan a target system, identify previously unknown flaws in its code, and build a working exploit — all autonomously. In 83 percent of trials, the model succeeded on its very first attempt. When it failed, it often needed only minor parameter adjustments before breaking through on a second or third try. Most alarming to researchers was the model’s capacity for exploit chaining — stringing together multiple vulnerabilities in sequence to escalate privileges or move laterally across networks, a technique that typically requires elite human hackers working in coordinated teams. — Anthropic Red Team Blog
The sheer volume of vulnerabilities uncovered has created a logistical crisis for the open-source community and major software vendors alike. With over 99 percent of the discovered flaws still unpatched, responsible disclosure has become a bottleneck rather than a safeguard. The 27-year-old OpenBSD bug — a system long considered among the most secure in computing — illustrated just how deep the rot goes. Maintainers of critical infrastructure projects, many of whom are volunteers, now face a tsunami of bug reports they lack the resources to address. — The Register
Wall Street’s reaction was immediate and telling. Within days of being briefed, Goldman Sachs organised emergency sessions with its cybersecurity teams, and CEOs across the financial sector scrambled to assess their exposure. The concern was not abstract: if a single AI model can crack the systems that underpin global banking, trading platforms, and payment infrastructure, the entire risk calculus of digital finance changes overnight. — Fortune
The Glasswing Gamble: Controlled Access as Policy
Anthropic’s decision to funnel Mythos through Project Glasswing — limiting access to approximately 50 vetted organisations — represents an unprecedented experiment in AI governance by corporate fiat. The company argues that restricting the tool allows defenders to patch vulnerabilities before attackers can exploit them, turning Mythos into a shield rather than a sword. The selected organisations reportedly include major technology firms, government cybersecurity agencies, and critical infrastructure operators.
But the approach has drawn sharp criticism from those who see it as a private company assuming a role that should belong to public institutions. As Reuters has reported, governments around the world are still struggling to establish regulatory frameworks for advanced AI systems, let alone ones with offensive cyber capabilities.
“The most striking aspect is how reliant we are on the judgment of a handful of private actors who are not accountable to the public.” — unnamed security expert via Fortune
The unnamed expert’s concern strikes at a fundamental tension: Anthropic is simultaneously the creator of the threat and the gatekeeper of its solution. No public body voted on the list of 50 organisations. No legislative framework governs how Glasswing operates. The company’s good intentions may be genuine, but the precedent — a private firm deciding who gets access to nation-state-level cyber capabilities — is one that democratic societies will need to reckon with far beyond this single case.
The Open-Source Crisis: Volunteers vs. the Machine
Perhaps the most human consequence of the Mythos revelation is its impact on the open-source maintainers who keep the internet running. Projects like OpenBSD, the Linux kernel, and countless libraries and frameworks are maintained by small teams, often working without compensation. They are now facing an avalanche of vulnerability reports generated at machine speed.
“These maintainers are already overworked before AI — this just makes their lives a lot better.” — Jim Zemlin, Linux Foundation CEO via NPR
Zemlin’s optimistic framing — that AI-discovered bugs ultimately help maintainers fix long-hidden flaws — is not universally shared. Critics point out that the same model capable of finding bugs can also be used to exploit them, and that dumping thousands of vulnerability reports on understaffed projects creates a window of danger, not safety. The gap between discovery and patch is where attackers operate, and Mythos has blown that gap wide open. As The Guardian has noted, the cybersecurity industry has long warned that the speed of AI-driven attacks would eventually outpace human-led defence — that moment may have arrived.
Government Response: Too Late or Just in Time?
Anthropic’s decision to brief US government officials a full month before the public announcement has drawn both praise and concern. Supporters argue it gave federal agencies time to begin assessing their own exposure and coordinate with the intelligence community. Detractors note that a month is nowhere near enough time to patch the kind of deep, systemic vulnerabilities Mythos uncovered, and that the advance notice primarily served to manage political fallout rather than improve security.
The broader question is whether any government is prepared for the era of AI-powered offensive cyber operations. The United States, despite its significant investment in cybersecurity through agencies like CISA and the NSA, has no public framework for governing AI systems that can autonomously conduct hacking operations. Europe’s AI Act, while comprehensive in scope, was not designed with this specific scenario in mind. The gap between what AI can now do and what law can govern is widening faster than any legislature can close it.
The Financial Sector’s Reckoning
The emergency meetings convened by Goldman Sachs and other Wall Street institutions reflect a dawning awareness that cybersecurity is no longer a back-office concern — it is an existential business risk. Modern financial systems are built on the same operating systems and browsers that Mythos can penetrate. High-frequency trading platforms, interbank settlement systems, and customer-facing banking apps all run on infrastructure that, as of this disclosure, contains thousands of known but unpatched vulnerabilities.
The financial industry’s response will likely accelerate two trends already underway: a massive increase in cybersecurity spending, and a growing reliance on AI-driven defence tools to match the speed of AI-driven attacks. The irony is not lost on observers — the same technology that created the threat is now the only viable defence against it, locking the industry into an arms race with no clear end point. According to BBC reporting on AI security trends, global cybersecurity spending was already projected to exceed $200 billion in 2026 before the Mythos disclosure; that figure will almost certainly rise.
🇵🇰 Pakistan Connection
Pakistan’s digital infrastructure runs on the same vulnerable platforms that Mythos can exploit — Windows, Linux, Chrome, and the open-source stacks that power everything from government portals to banking systems. The country loses an estimated $9 billion annually to digital fraud, a figure that could climb sharply if AI-powered exploitation tools proliferate. Pakistan’s $6.46 billion IT export sector, which services global clients on these very platforms, faces reputational and operational risk if it cannot demonstrate robust cybersecurity practices.
The timing is particularly pointed. Islamabad recently announced a $1 billion national AI investment plan, a landmark commitment to positioning the country as a regional technology leader. But the Mythos revelation underscores that AI buildout without a parallel cybersecurity strategy is building on sand. Pakistan’s policymakers would do well to ensure that a significant portion of that investment goes toward cyber defence infrastructure, vulnerability research capabilities, and training programmes that can keep pace with the threats AI is now capable of generating.
BOLOTOSAI Assessment
The Mythos disclosure marks a before-and-after moment in cybersecurity. Three outcomes are now likely. First, the patching crisis will force a reckoning with how open-source software is funded and maintained — governments and corporations that depend on volunteer-maintained code will face growing pressure to invest in its security, not just consume it. Second, the Glasswing model of controlled access will be replicated by other AI companies, establishing a de facto norm of corporate gatekeeping over dual-use AI capabilities — a norm that will eventually collide with demands for democratic oversight. Third, the cybersecurity arms race between AI-powered offence and AI-powered defence will accelerate dramatically, reshaping the insurance, finance, and national security sectors within the next 12 to 18 months.
What to watch: whether Anthropic expands Glasswing access or keeps it tightly controlled; how quickly the thousands of unpatched vulnerabilities are addressed; and whether any government moves to regulate AI systems with autonomous offensive cyber capabilities. The answers will determine whether Mythos becomes the tool that secured the internet — or the moment we learned it could not be secured at all.
By
By
