Anthropic’s Mythos 1 is coming: why this model could rewrite cybersecurity

Anthropic is on the verge of turning one of the most powerful AI systems ever built into a real product. The model is called Mythos 1, and early evidence suggests it can find and exploit software vulnerabilities at a level previously associated with nation-state hackers. At the same time, Anthropic is signaling caution in public while quietly wiring Mythos into its security tools and enterprise stack.

Here’s what Mythos 1 can actually do, why it’s so controversial, and what its rollout could mean for cybersecurity, AI safety, and the broader AI race.

What is Mythos 1 and where did it come from?

Mythos 1 is Anthropic’s next-generation, high-end AI model—positioned above its Claude Opus line—that has so far been used mostly in controlled security research. It first appeared in public through Anthropic’s internal initiative called Project Glass Wing.

In Project Glass Wing, Anthropic used a preview version of Mythos to scan critical software and infrastructure for vulnerabilities. The results shocked even seasoned security researchers and AI safety experts.

Project Glass Wing: Mythos vs. the internet’s code

Under Project Glass Wing, Anthropic pointed Mythos at the kind of software that quietly keeps the internet running: open-source libraries, operating systems, browsers, and infrastructure tools.

In just 30 days, Mythos reportedly:

• Discovered over 10,000 high-severity or critical vulnerabilities across roughly 50 major tech companies and infrastructure projects.
• Analyzed code from organizations like Cloudflare, Mozilla, and OpenBSD, all of which are deeply embedded in the modern internet.

The details are staggering:

• Cloudflare: Mythos found around 2,000 vulnerabilities in core system pathways, with about 400 rated high or critical. Its false positive rate was reportedly lower than top human security testers.
• Mozilla Firefox: A single Mythos-powered pass on Firefox 150 led to patches for 271 critical vulnerabilities—more than 10× what Anthropic’s older Opus 4.6 model had found in Firefox 148.
• OpenBSD: Mythos uncovered a 27-year-old hidden bug and then autonomously built a full exploit chain with no human guidance.

The UK AI Safety Institute later confirmed that Mythos preview was the first AI model capable of fully defeating its end-to-end dual network challenge—a benchmark designed to test advanced cyber exploitation capabilities.

Security researchers have described Mythos’s capabilities as effectively nation-state level cyber offense in a box.

When AI stops a $1.5M bank fraud in real time

Mythos isn’t just a lab curiosity. Anthropic has already used it in at least one real-world business setting.

At a partner bank, Mythos was deployed to monitor activity and detect anomalies. During one incident, attackers had:

• Compromised customer email accounts
• Used AI voice cloning to place fraudulent calls
• Initiated a $1.5 million wire transfer

Mythos flagged the behavior as suspicious in real time and blocked the transfer before it completed. That’s the upside: an AI system powerful enough to catch sophisticated fraud that blends social engineering, account compromise, and deepfake-style voice attacks.

Mythos 1 quietly appears inside Anthropic products

Publicly, Anthropic has been clear: Mythos-class models are too powerful to release broadly without stronger safeguards. As recently as last week, the company said Mythos would remain restricted and was unlikely to be made generally available anytime soon.

Then something strange happened.

Within a day of that statement, users noticed new options labeled “Mythos 1” and “Claude Mythos 1 preview” briefly appearing inside Anthropic’s developer tools, including Claude Code and Claude Security. These options quickly disappeared, but not before people captured screenshots and spotted new references to Mythos in the underlying code.

That suggests one of two things:

• Anthropic is preparing a faster-than-expected rollout of Mythos 1 to select customers, or
• Its internal safety and deployment plans changed much more rapidly than its public messaging.

Either way, Mythos 1 is clearly moving from research-only status toward real product integration.

Claude Security: turning Mythos into a security platform

Alongside Mythos, Anthropic is building a full enterprise security product stack. The centerpiece is Claude Security, a tool that doesn’t just find vulnerabilities—it also proposes or generates fixes.

Key features in development include:

• A security dashboard that surfaces discovered vulnerabilities with 7-day and 30-day historical views.
• Deeper triage and prioritization to help teams focus on the most critical issues.
• Positioning as a competitor to established vulnerability management platforms like Snyk and Veracode.

In just three weeks after launch, Anthropic says enterprise customers used Claude Security to help fix over 2,100 vulnerabilities by combining automated patch generation with human review.

Anthropic has also open-sourced several components:

• A bug-finding pipeline with tuned instructions for scanning codebases
• An automation framework that lets Claude navigate large repositories and spin up sub-agents for parallel scanning
• A threat model builder that automatically identifies likely weak points in a system

Cisco has joined the push by open-sourcing its Foundry Security Spec System, aiming to build a security evaluation framework inspired by what Anthropic is doing with Mythos.

The vulnerability tsunami: 23,019 bugs and a human bottleneck

To understand why Mythos is so disruptive, you have to look at what happens when it’s turned loose on open-source software.

Anthropic used Mythos to scan over 1,000 core open-source projects that underpin much of the internet. The model identified:

• 23,019 total vulnerabilities
• 6,202 of those flagged by Mythos as high or critical

Six independent security firms manually verified a large sample. The result: Mythos achieved a 90.6% true positive rate. After final verification, 1,094 vulnerabilities were confirmed as genuinely high severity or critical with conclusive evidence.

One case shows just how dangerous this can get: WolfSSL, a widely used cryptography library embedded in billions of devices, from routers and IoT gadgets to smart cars.

Mythos didn’t just find a bug in WolfSSL. It also wrote working attack code that could allow an attacker to forge digital certificates and spin up completely convincing fake banking sites or login pages. If that vulnerability had been discovered first by malicious actors, the fallout could have affected billions of devices worldwide.

This leads to a new problem: the bottleneck in cybersecurity has shifted.

• Old bottleneck: Finding vulnerabilities was slow and expensive.
• New bottleneck: Mythos can find vulnerabilities at near-zero marginal cost, but humans can’t patch them fast enough.

Some open-source maintainers have reportedly emailed Anthropic asking them to slow down vulnerability disclosures because they’re overwhelmed. Even with detailed reports, human developers are taking about two weeks on average to fix a single high-severity issue.

Out of 1,129 vulnerabilities Anthropic submitted to open-source authors, only 75 critical issues have been patched so far. The gap between what AI can find and what humans can fix is already huge—and growing.

Why Mythos isn’t public (yet): the safety risks

Given what Mythos can do, Anthropic has been explicit about the risks of a full public release.

An independent report on the XBOW web exploit benchmark found that Mythos preview made a “generational leap” over existing models in its ability to generate precise, step-by-step web exploitation code—even down to the level of individual tokens.

If an unrestricted Mythos API were available today, it could enable:

• Global hacker groups and extremist organizations to generate thousands of zero-day exploits at minimal cost.
• Automated attack pipelines against hospitals, power grids, financial systems, and government infrastructure.

Anthropic’s public stance is that Mythos-class models will not be fully released until the company has implemented much stronger, higher-level safeguards. The tension is that Mythos 1 is already being wired into enterprise tools and internal platforms, raising questions about how those safeguards are being defined and enforced in practice.

For a broader look at how control over models like this is becoming a geopolitical issue, you may find this deep dive on who really controls advanced AI models useful context.

Anthropic’s financial story: explosive growth or creative accounting?

While Mythos is reshaping the technical landscape, Anthropic’s finances are raising eyebrows.

The Wall Street Journal recently reported that Anthropic is on track for its first profitable quarter, with an operating profit of about $559 million. Revenue is said to be jumping from $4.8 billion in Q1 to $10.9 billion in Q2.

However, critics like writer Ed Zitron have challenged this narrative, pointing out several red flags:

• The Journal notes that it’s unclear what accounting methods Anthropic is using, since it’s not yet subject to public-company reporting rules.
• The reported profitability appears to be on a non-GAAP EBITDA basis and may apply to only a single quarter.

Things get more complicated when you look at Anthropic’s massive compute deal with SpaceX. According to sworn filings, Anthropic is paying SpaceX about $1.25 billion per month starting in May and June to take over its Colossus 1 and parts of Colossus 2 data centers. That’s roughly $15 billion a year in compute costs—though discounted during the exact months Anthropic is using to claim operating profit.

On the revenue side, there are inconsistencies too:

• In February, Anthropic said it had reached $14 billion in annual recurring revenue (ARR).
• By March 3, that number jumped to $19 billion ARR.
• But on March 9, CFO Krishna Rao testified under oath that Anthropic had generated just over $5 billion in total revenue to date.

If leaked charts showing $4.8 billion in Q1 2026 are accurate, that would imply Anthropic made over 90% of its lifetime revenue in a single quarter, with very little revenue before that—technically possible, but hard to believe.

A more likely explanation is that Anthropic is:

• Booking large prepayments for tokens (for example, a $50 million annual commitment) as immediate revenue rather than spreading it over the contract term.
• Offering 10–30% discounts on tokens while front-loading annual subscription commitments.

That would inflate short-term revenue and make costs look temporarily lower, especially if the compute to serve those tokens hasn’t been fully consumed yet.

Two stories, one company: productivity magic vs existential risk

In the same week Mythos 1 quietly surfaced in Anthropic’s tools, the company also presented two very different faces to the world.

At a European developer event called “Code with Claude,” the message was all about productivity and creativity. Developers got free lunches, swag, and even mini-computers. The mood was optimistic and playful. When someone asked how many people had shipped Claude-written code without even reading it, a surprising number of hands went up.

One day later, Anthropic co-founder Jack Clark gave a lecture at Oxford University with a much darker tone. He argued that:

• AI poses a non-zero chance of killing everyone on the planet.
• The next few years will bring more disruption than any period in living memory.
• By around 2028 (or sooner), AI could reach recursive self-improvement—systems that can meaningfully improve themselves without human intervention.

Clark said most of the world is in denial about what current AI systems can already do, let alone what’s coming in the next six months. He also admitted that Anthropic itself underestimated the speed and scale of progress. When Mythos finished training, he said, the reaction inside the company was essentially: “It’s here faster than we thought, and we’ve done insufficient preparation.”

So on one side, Anthropic is selling a story of AI as a magical productivity booster. On the other, it’s warning policymakers and academics about potential civilizational risk. Those two narratives aren’t necessarily incompatible—but seeing them back-to-back makes the tension impossible to ignore.

If you’re interested in how people are already using Claude in everyday life, this contrast pairs interestingly with experiments like replacing social interaction with AI companions for a week, which show how quickly these tools are being normalized.

Talent moves: Anthropic hires Andrej Karpathy

Anthropic’s ambitions around Mythos and future models are also reflected in who it’s hiring.

The company recently brought on Andrej Karpathy, a co-founder of OpenAI and former head of AI at Tesla, where he led the Autopilot computer vision team. Karpathy’s work at both OpenAI and Tesla was a recurring theme during the recent Musk vs. Altman trial, which ended in Sam Altman’s favor.

Karpathy is joining Anthropic’s pre-training team—the group responsible for training its largest and most capable models. His arrival follows the hiring of Ross Nordeen, a founding member of xAI and former Tesla employee, who also joined Anthropic earlier this month.

Combined with the buildout of Mythos infrastructure and Claude Security, these hires signal that Anthropic is gearing up for an even more aggressive push at the frontier of model capability.

What Mythos 1 means for the future of cybersecurity

Mythos 1 crystallizes a new vision of cybersecurity where:

• AI systems continuously scan codebases, infrastructure, and behavior for vulnerabilities and anomalies.
• The same systems propose or generate patches, with humans acting as reviewers and final decision-makers.
• Security becomes a largely automated, AI-driven process, with human experts focusing on oversight, policy, and edge cases.

In that world, the main question isn’t whether AI can find vulnerabilities—it’s who controls the most capable models, how they’re governed, and whether defensive uses can stay ahead of offensive ones.

Anthropic says it will only release Mythos-class models more broadly once it has strong enough safeguards in place. But with Mythos 1 already appearing in internal tools, enterprise dashboards, and security products, it’s fair to ask whether those safety conditions are truly being met—or whether competitive pressure is quietly eroding them.

Either way, Mythos 1 is a turning point. It shows that frontier AI models are no longer just chatbots or coding assistants—they’re becoming full-spectrum cyber capabilities that can reshape both how we defend systems and how they might be attacked.

The AI world is about to get a lot more interesting, and Mythos 1 is likely to be right at the center of the storm.