Anthropic Built an AI That Hacks Anything. They're Not Releasing It.

On April 8, Anthropic published an announcement that should have been the biggest AI story of the month. They built a model called Claude Mythos Preview. They benchmarked it against their best public model, Claude Opus 4.6, on a series of offensive security tasks. The numbers were not close.

On exploit development against Firefox 147, Mythos produced 181 working JavaScript exploits. Opus 4.6 produced 2.

On OSS-Fuzz tier-5 crashes — the kind that give an attacker full control of a target program's execution — Mythos hit 10 separate targets. Opus 4.6 hit zero.

On Linux kernel CVEs, Mythos chained multiple vulnerabilities together to escalate privileges. Older models, in Anthropic's words, "struggled."

And then Anthropic decided not to release it.

What Mythos Actually Did

To get a sense of what "different league" means in practice, look at what the model found while researchers were testing it. Anthropic's announcement lists the highlights:

• A 27-year-old vulnerability in OpenBSD's TCP/SACK implementation that allows remote denial-of-service.
• A 16-year-old memory corruption bug in FFmpeg's H.264 codec — the codec your Zoom call, your Netflix stream, and your security camera footage all run through.
• Remote code execution in FreeBSD's NFS server, assigned CVE-2026-4747.
• Memory corruption in production virtual machine monitors — the software that isolates your cloud workloads from everyone else's.
• Vulnerabilities in TLS implementations and other cryptography libraries.

These aren't curiosities. They're the kinds of bugs that take a skilled human security researcher months or years to find, if they find them at all. Mythos surfaced them in the course of routine evaluation runs.

Why They're Not Selling It

Most companies, given a model that dramatically outperforms competitors at any task, would race to monetize it. Anthropic chose the opposite path. From their announcement: "Mythos Preview is in a different league" — but it won't be available to the general public.

Instead, they launched Project Glasswing, an initiative to "use Mythos Preview to help secure the world's most critical software" through partnerships with industry leaders and open-source developers. The model is being deployed defensively, not commercially.

The reasoning isn't spelled out in detail, but it's not hard to reconstruct. A model that can autonomously find and weaponize vulnerabilities in shipped software is a tool that does the same job for whoever runs it. Defenders can use it to harden their systems. Attackers can use it to break in. Whichever side has access first wins.

This is not a hypothetical. The 16-year-old FFmpeg bug Mythos found means there has been a memory corruption flaw in one of the most widely deployed video codecs in the world for the entire iPhone era. If Mythos can find it now, an equivalent model in someone else's lab could have been finding things like it months ago. We just don't know about those.

What Anthropic Tells Defenders to Do

Anthropic's announcement is unusually direct about what defenders should do today, with the tools they already have. Three pieces of guidance stand out.

Use existing models for defense. Opus 4.6 — the model anyone can pay for through Anthropic's API — is, in Anthropic's words, "extremely competent" at vulnerability discovery, even if it's far behind Mythos at exploitation. Defenders don't need a frontier-class offensive model to find their own bugs. They need to start running the models they already have access to against their own code.

Shorten patch cycles. The window between a vulnerability being discovered and being exploited is closing fast. Anthropic's recommendation: "shorten patch cycles" and "drive down the time-to-deploy for security updates." If your software updates ship monthly, that's a problem. If a Mythos-class model is in adversary hands, monthly is glacial.

Expand AI past bug-finding. Most discussion of AI in security is about finding vulnerabilities. Anthropic recommends letting models help with triage, deduplication, patch proposals, cloud misconfiguration analysis, and pull-request review. The bottleneck in most security teams isn't finding problems — it's keeping up with the flow of problems and fixing the right ones.

What This Means for a Business That Isn't Anthropic

You aren't going to get access to Mythos. Project Glasswing is for major OSS maintainers and infrastructure providers. That's appropriate. But the implication for everyone else is real.

A small business doesn't run Firefox internals or maintain TLS libraries. What it runs is a stack of vendor software — accounting tools, CRMs, scheduling apps, e-commerce platforms — all of which are built on top of the same open source components Mythos is now hardening. When Mythos finds a critical flaw in a popular library and the maintainer ships a fix, that fix has to make it through your vendors before it reaches you. The companies you depend on may be on quarterly release cycles. Some may be on slower cycles than that.

The practical question for any business owner reading this: how do you know your tools are getting patched?

Most don't. Most of the SaaS tools a small business uses ship updates silently and you never see them. That's fine, mostly. But it means the speed at which your real-world security posture improves is set entirely by your slowest vendor — and you have no visibility into that.

This is one of the recurring themes when we audit clients' agent governance and tooling setups: the security profile of an AI-powered business is almost entirely a function of the supplier choices you make. Knowing your vendors' patching cadence is no longer optional.

The Two Worlds Already Splitting Apart

The Mythos announcement makes one thing concrete that many people have been saying for a while: there are now two worlds.

In one world, defenders have access to advanced offensive AI through partnerships with labs like Anthropic. They can audit their own code at a depth previously available only to nation-states. Critical infrastructure gets hardened.

In the other world, smaller organizations rely on the security work done in the first world filtering down through their software supply chains. They benefit eventually, but slowly, and often through channels they can't see.

This isn't a bug in the system. It's the system. Critical infrastructure should get priority access to defensive tooling. The OSS maintainers in Project Glasswing — Linux kernel, OpenBSD, FFmpeg, FreeBSD, OpenSSL — are the people whose code runs everything else. Hardening them first cascades to everyone.

But it means the difference between "AI helped fix this last week" and "AI will help fix this when our vendor gets around to it" is now the dividing line for security risk in 2026. And as we've covered before, 86% of organizations deploying AI agents aren't ready for the threat environment that already exists, before Mythos even enters the picture.

What to Actually Do This Week

This isn't a problem you solve by reading one blog post. But there are three things any business can do this week that materially change their position.

1. List your AI-touching vendors. Not your tools — your vendors. Who supplies them, who patches them, what's their disclosed cadence? If you can't answer this in an hour, that's the problem to solve first.

2. Use what you have. If you're using Claude Opus 4.6, GPT, or any other current frontier model, point it at the parts of your operation that handle sensitive data. Ask what the failure modes are. The model will tell you. This costs less than a takeout dinner.

3. Ask one supplier the patching question. Pick your most security-critical SaaS vendor and ask, in writing, "what is your typical patch deployment time after a critical CVE is published?" Their answer — or their inability to answer — tells you everything.

Anthropic published a research paper that quietly redrew the offensive-defensive AI line. The companies that adjust now have a quarter or two of head start. The ones that wait will spend that time learning the same lessons the harder way.

---

Blue Octopus Technology helps small businesses understand the security implications of the AI tools they use — and the vendors they depend on. If you're not sure what your AI exposure looks like, let's talk.