Anthropic’s Claude Mythos Preview technical write-up matters for an obvious reason. By the company’s own account, Mythos is far more capable than previous Claude models at the kind of work that actually changes outcomes in security and software engineering. It can identify and exploit zero day vulnerabilities across major operating systems and browsers, turn bugs into working exploits at a much higher rate than earlier models, and give even relatively inexperienced operators a serious lift in vulnerability research.

That is a huge deal on its own. It suggests the frontier has moved again, and moved fast.

Share

But the Mythos announcement also tells a second story, and that one may matter more to anyone who uses AI for real work. Anthropic is not broadly shipping this capability. In the Claude models overview, Mythos Preview is described as a research preview for defensive cybersecurity workflows with invitation-only access and no self-serve sign-up. In the company’s own Mythos risk report, Anthropic says the model is used heavily inside the company, available to certain customers in a limited-release preview, and not available for general access.

That changes the product story completely. For most users, Claude did not suddenly become Mythos-level better. What changed is that Anthropic showed the public what its more capable system can do while keeping that system behind a managed gate. The result is a familiar pattern in frontier AI. The most valuable capability exists. The public gets the proof. A selected group gets the tool.

More on Anthropic AI:

Pentagon used Anthropic Claude in Maduro raid

Popular AI

·

Feb 16

Read full story

Anthropic says Mythos is a real leap in AI cybersecurity

Start with the capability claims, because they are strong enough that even skeptics should take them seriously. In Anthropic’s technical Mythos write-up, the company says the model can identify and exploit zero day vulnerabilities in every major operating system and every major web browser. It describes a browser exploit chain that linked four separate vulnerabilities, a FreeBSD NFS server exploit that granted root access to unauthenticated users, and local privilege escalation work across Linux and other systems.

Anthropic also says Mythos can hand meaningful offensive capability to people who are not deep security specialists. According to the same write-up, engineers without formal security training were able to ask the model to find remote code execution bugs and wake up to complete working exploits. That is not a normal benchmark flex. That is Anthropic telling you the model can compress the distance between a vague goal and a serious result.

The performance gap over prior Claude models also looks dramatic by Anthropic’s own numbers. In one Firefox experiment, the company says Opus 4.6 produced working exploits only twice in several hundred attempts, while Mythos produced working exploits 181 times and achieved register control 29 more times. In internal OSS-Fuzz-style testing, Anthropic says Mythos produced 595 tier 1 and tier 2 crashes, added several tier 3 and tier 4 crashes, and achieved full control flow hijack on ten fully patched targets. Anthropic further says these cyber capabilities were not explicitly trained into Mythos. They emerged from broader gains in coding, reasoning, and autonomy.

That broader intelligence story matters too. On the Project Glasswing page, Anthropic positions Mythos as more than a narrow hacking model. It reports 77.8 percent on SWE-bench Pro compared with 53.4 percent for Opus 4.6, 82.0 percent on Terminal-Bench 2.0 compared with 65.4 percent, 93.9 percent on SWE-bench Verified compared with 80.8 percent, 94.6 percent on GPQA Diamond compared with 91.3 percent, and 64.7 percent on Humanity’s Last Exam with tools compared with 53.1 percent. That is why Mythos reads less like a specialized cyber demo and more like a frontier model whose strongest public impact may start in cybersecurity.

Even Anthropic’s own risk framing points in the same direction. The risk report says Mythos is significantly more capable than prior models, more agentic, and very capable at software engineering and cybersecurity tasks. The report also says Anthropic found errors in its training, monitoring, evaluation, and security processes during Mythos development, while concluding that the overall risk is still very low, but higher than for previous models.

So yes, Mythos appears to be the real thing. This does not look like a lab waving around a benchmark chart and hoping nobody reads the details. Anthropic’s own material describes a model that materially changes what is possible in coding and cyber workflows.

The biggest reveal is that you probably cannot use it

This is where the story shifts from capability to power.

Anthropic’s Project Glasswing announcement makes clear that Mythos is being placed with launch partners such as AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic also says it has extended access to more than 40 additional organizations that build or maintain critical software infrastructure, and it is backing the effort with up to $100 million in usage credits plus another $4 million in donations to open-source security organizations.

At the same time, the models overview says access is invitation-only with no self-serve sign-up, and the risk report says the model is not available for general access. That means Anthropic employees and selected institutions can work with the frontier system now, while ordinary users get the safer public product line and a promise that some future improvements may eventually flow downstream.

That is a very different message from “Claude just got much smarter.” For most paying users, the practical product has not changed by the full amount Anthropic’s internal benchmark tables suggest. What changed is visibility into a gap. Anthropic has a stronger model behind the curtain, and the company is deciding who gets to touch it.

That distinction matters because utility in AI is not defined by what a company can demonstrate in a controlled reveal. Utility is defined by what users can reliably access, integrate, and build around. If the strongest system is held back, then the real product is no longer just the model. It is the gate around the model.

Anthropic has already built a tiered trust system

Mythos is not an isolated case. It fits an access model Anthropic has already described in public.

In its Responsible Scaling Policy, Anthropic says general access systems such as Claude.ai and the API will use standard safeguards, while approved partners may receive tailored safeguards depending on the deployment context and the expected user group. The same policy says Anthropic is building a tiered access system with enhanced due diligence that evaluates potential partners based on their trustworthiness and the beneficial nature of the use case.

That is a polite way of saying Anthropic intends to sort users into classes.

This matters because it answers a question that often gets blurred in AI safety debates. When a frontier lab says a capability is too risky for broad release, that does not always mean nobody gets it. It can also mean the lab reserves the right to decide which institutions count as responsible enough to receive a less constrained version. In Mythos, that group includes major tech firms, infrastructure maintainers, cyber vendors, banks, and government-linked actors. Safety, in practice, becomes a whitelist.

Anthropic is also open about the cost of this approach for legitimate users. Its Safeguards Warnings and Appeals page says real-time cyber defenses may block activity that has legitimate defensive purposes, including vulnerability discovery. Users who believe their work should be exempt are directed to fill out a cyber use case form. That small detail says a lot. A useful workflow is not automatically permitted because it is legitimate. It is permitted if the model’s controls allow it, or if Anthropic grants an exception.

For power users, that is the practical issue. Filters do not just stop obvious abuse. They also decide which forms of difficult, adversarial, controversial, or dual-use work survive contact with the product.

Mythos fits a broader Anthropic pattern

The pattern was visible before Mythos.

In its announcement for Claude Gov models for U.S. national security customers, Anthropic said it built custom models exclusively for classified government environments and that these models offer improved handling of classified materials because they “refuse less” in that context. That is a striking admission. The company is plainly saying that the refusal behavior for public users is not the only behavior it is willing to ship. When the customer is the state, the boundary moves.

Two months later, Anthropic announced it was offering Claude access across all three branches of the U.S. government for $1, with access to frontier models and continuous updates as new capabilities are released. Whatever anyone thinks about the policy merits, the signal is clear. Anthropic is willing to remove friction aggressively for government customers, even as Mythos remains unavailable to the public.

Anthropic has also acknowledged that its restrictions can overshoot. In its usage policy update, the company said its earlier political rules were too broad and had limited legitimate use of Claude for policy research, civic education, and political writing. That matters because it is the same shape of problem many serious users complain about across frontier AI products. It is often easier for a lab to block a wide category than to judge context well.

Leave a comment

The company’s own safety research points the same way. On its Constitutional Classifiers page, Anthropic says a prototype system was robust against many jailbreak attempts but came with high overrefusal rates and compute overhead. It also says an updated version achieved similar robustness with a 0.38 percent increase in refusal rates. That may sound small, but in product terms every extra layer of control creates some number of false positives, and those false positives land on legitimate users.

Anthropic’s new constitution offers another revealing line. The company says the constitution is written for its mainline, general-access Claude models, and that it has some specialized models built for uses that do not fully fit that constitution. In other words, Anthropic already operates multiple behavioral regimes depending on audience and deployment. Mythos is not an exception to that framework. It is one of the clearest expressions of it.

And the company’s grip is not only ideological or policy-based. It is also economic and operational. TechCrunch reported that Claude Code subscribers would need to pay extra for OpenClaw and other third-party harnesses, with Anthropic describing the issue as engineering constraints and subscription plans not built for those usage patterns. That episode matters because gatekeeping is not only about on-screen refusals. It is also about pricing, routing, tool access, and who controls the workflow around the model.

Anthropic is not wrong about the risk

There is a fair case for not dropping a model like Mythos into a public self-serve interface tomorrow.

Anthropic says in its technical Mythos post that more than 99 percent of the vulnerabilities it found are still unpatched, which limits how much detail it can disclose publicly. The same write-up says non-experts can use Mythos to get serious exploit results. The risk report also says the model is more capable and more agentic than prior systems, while Anthropic is still improving its monitoring and risk mitigations.

That is not a trivial concern. A model that meaningfully lowers the skill floor for offensive cyber work is not something any lab should release carelessly. Anthropic is right to worry about rapid capability diffusion, unpatched vulnerabilities, and the possibility that attackers gain faster than defenders.

But that does not erase the product question. Anthropic’s answer to the risk is also a very recognizable SaaS strategy. Keep the highest-value capability behind managed access. Give privileged institutions an early lead. Layer safeguards, monitoring, and exemptions onto the public version. Ask everyone else to trust the lab’s judgment about where the line belongs.

The problem for users is not that safety is fake. The problem is that safety and control increasingly arrive bundled together.

What AI power users should learn from Mythos

The biggest lesson from Mythos is simple. Capability alone is not the product. Access is the product. Control is the product. Portability is the product.

A model can be extraordinary on paper and still be only partially useful if it sits behind invitation-only programs, policy classifiers, monitoring layers, usage reviews, and selective exemptions. At that point the model is no longer fully your tool. It is a managed service that can expand or narrow depending on the vendor’s priorities.

That is why serious users should treat proprietary frontier AI as rented intelligence, not durable infrastructure. Keep workflows portable across providers. Build systems that can swap models without rewriting everything around a single company’s preferences. Archive prompts, agents, and operational logic outside any one vendor’s walled garden. Keep an eye on open and local alternatives, even when they lag on flagship benchmarks, because optionality matters more once frontier access becomes stratified.

Most of all, read policy pages and deployment notes as closely as benchmark charts. The benchmark tells you what a model can do in theory. The policy tells you what you will actually be allowed to do with it. In the Mythos era, that second document may be the more important one.

Leave a comment

Claude Mythos is a warning about who gets frontier AI

Claude Mythos looks like a major breakthrough. Anthropic’s own documents make that difficult to deny. The company is describing a model that can materially accelerate advanced cyber work, outperform earlier Claude models by wide margins on agentic coding tasks, and raise the ceiling for what a strong operator can do.

But the Mythos reveal also exposes the downside of permissioned AI. The most capable system is withheld. The public gets the safer substitute. Governments and approved partners get tailored access. Legitimate users get more classifiers, more monitoring, and more chances to be told that the workflow they want requires an exemption.

That is not only a safety story. It is a power story.

The plain-English takeaway is hard to miss. Extremely powerful AI is much less useful than the hype suggests when the full capability is reserved for institutions and the people a lab has decided to trust, while everyone else gets the filtered version.

Explore more from Popular AI:

Start here | Local AI | Fixes & guides | Builds & gear | Popular AI podcast