In early April, Anthropic announced the release of Claude Mythos Preview, its most advanced AI model to date.

Though trained as a general-purpose large language model, Mythos quickly distinguished itself through a notable capacity for complex, multi-step cybersecurity work – autonomously parsing massive codebases, detecting critical-severity software defects and identifying vulnerabilities that have eluded human researchers for decades. Anthropic describes its cybersecurity capabilities as “substantially beyond those of any model we have previously trained,” including its prior flagship, Claude Opus.

The numbers back up that claim. When Anthropic ran the model against CyBench, a benchmark measuring autonomous vulnerability discovery and exploitation across sandboxed challenges, Mythos achieved a perfect 100% pass rate, a score Anthropic says no other AI model has achieved. On CyberGym, a separate cybersecurity evaluation site, Mythos scores 83.1% compared to 66.6% for Claude Opus 4.6. Across 17 of 18 total benchmark measures, Mythos led the field.

In practice, the model has already produced results that underscore its potential. During a preview period, Mythos found thousands of major bugs across every major operating system and browser, flaws that even the most skilled researchers had missed for years. Among the most striking findings was a vulnerability in OpenBSD that went undetected for 27 years.

“We are looking at an AI system that does not merely assist human researchers but autonomously outperforms them at scale,” said Elliott Broidy, Chairman and CEO of Broidy Capital Holdings, LLC, a seasoned entrepreneur and investor with extensive experience in national security technology and defense tech. “What Anthropic has built with Mythos is a tool that, in the right hands, could protect millions of people from attacks that would otherwise go undetected for years. The question is now whether our institutions are moving fast enough to deploy it responsibly before our adversaries find a way to use it against us.”

Given both the power and the risks that such a model entails, Anthropic decided to roll it out to a limited group of tech companies rather than the general public through a controlled defense initiative called Project Glasswing. Among the major tech companies forming the coalition are Amazon Web Services, Microsoft, Nvidia and Cisco, along with 40 other organisations that build or maintain critical infrastructure software. To support the effort, Anthropic committed $100 million in usage credits and $4 million in direct donations to open-source security organisations, enabling these partners to use Mythos exclusively for defensive security work, finding and fixing vulnerabilities before adversaries can.

Anthropic was direct about the stakes in its announcement, writing that “no one organisation can solve these cybersecurity problems alone: frontier AI developers, other software companies, security researchers, open-source maintainers, and governments across the world all have essential roles to play.”

However, the model’s very strengths are what make experts uneasy. Cybersecurity professionals have warned that if Mythos can identify and exploit vulnerabilities faster than companies can patch them, the consequences of misuse could be severe. A single AI agent scanning for flaws at this speed and scale, well beyond normal human capacity, represents what many describe as a sea change in the threat landscape.

The model has also become a flashpoint in the relationship between Anthropic and the U.S. government. The Pentagon designated Anthropic a “supply chain risk,” ordering companies working with the military to remove its software from their workflows.

The situation is evolving rapidly. White House Chief of Staff Susie Wiles and Treasury Secretary Scott Bessent met with Anthropic CEO Dario Amodei last month to discuss Mythos and pathways for renewed government collaboration. The White House is now reportedly developing an executive action that would allow federal agencies to work around the supply chain risk designation and onboard Anthropic’s models, including Mythos.

This push and pull reflects a deeper shift, raising broader questions about how emerging technologies are regulated as AI systems like Mythos begin to occupy a space between commercial tools and strategic infrastructure.

“Concerns related to government use of AI technology are reasonable,” said Broidy. “But it’s imperative to consider how technologies that today seem too dangerous or non-feasible may be life-saving tomorrow.”

Broidy added that while the safe deployment of these advanced capabilities must remain a top priority, heavy-handed regulations may prevent important technologies from developing as quickly as they may be needed.

“Solving such complex cybersecurity issues is a joint effort,” said Broidy. “Economic industries, government agencies and technology companies must work together to balance AI innovation and safety.”