The Threshold Crossed
In April 2026, Anthropic made a rare and sobering decision: it withheld its most capable model, Claude Mythos Preview, from general release. The choice was not born of unreadiness, but of a startling revelation. The model had demonstrated an unprecedented ability to autonomously discover zero-day vulnerabilities across major operating systems, web browsers, and foundational software—and then chain them into working exploits with minimal human guidance. This was no incremental improvement. It was a threshold crossed.
Inside Project Glasswing
Recent tests by Cloudflare, conducted under Anthropic’s Project Glasswing, validate this paradigm shift. Pointed at more than 50 internal repositories, Mythos did not merely flag isolated, low-severity bugs; it synthesised them. It combined memory issues into exploit primitives, bypassed mitigations like KASLR, and generated full proof-of-concept chains.
To manage this, the company built an eight-stage harness utilising roughly 50 parallel agents to filter false positives and validate findings. The result was an AI operating with the proficiency of a senior security researcher—iterating through failures, compiling, testing, and refining its approach.
From Detection to Attack
This capability marks a profound departure from the past. While earlier models could spot bugs, Mythos weaponises them. Independent evaluations demonstrate high success rates on expert-level tasks that previously remained unsolved. It is the first model to complete complex, multi-step attack simulations end-to-end across several runs.
Benchmark Saturation: Mythos saturates key cybersecurity benchmarks and shows dramatic gains in vulnerability reproduction.
Unearthed Flaws: Thousands of previously unknown vulnerabilities have already surfaced during testing, including deep-seated flaws that had persisted undetected for 16 to 27 years.
The Responsible Scaling Policy
Anthropic’s response was dictated by its Responsible Scaling Policy, which triggers heightened controls when cyber capabilities meaningfully accelerate sophisticated attacks. Mythos sits exactly at—or perhaps beyond—the level where autonomous exploit chaining becomes reliable enough to warrant strict restriction.
Currently, access is tightly limited to a coalition of defenders: major cloud providers, technology giants, security firms, and open-source foundations. Their mandate is to harden critical infrastructure before these capabilities inevitably proliferate. To support this, Anthropic has committed substantial resources to open-source remediation.
The Dual-Edged Sword of AI Cyber
The implications are immediate and dual-natured.
On the defensive side, the upside is profound. Elite auditing, once bottlenecked by scarce human talent, can now scale across vast codebases. Long-under-resourced open-source maintainers have gained a powerful ally. Early results indicate that thousands of high-severity issues have been identified and patched, potentially raising the baseline security of the internet’s foundational layers. In an era of expanding attack surfaces—cloud, edge, and AI systems themselves—this capability buys critical time.
Conversely, the offensive threat cannot be wished away. The same capabilities that empower defenders will inevitably accelerate attackers. Technology does not remain permanently bottled; distillation, leaks, or competing labs will eventually spread these tools. Nation-states and sophisticated adversaries already invest heavily in offensive cyber operations. AI lowers the barrier to entry for chaining exploits, discovering fresh zero-days on demand, and sustaining automated operations.
The New Defensive Imperative
The offense-defence imbalance is sharpening: attackers need only one viable path, while defenders must secure everything. The old mantra of “patch faster” was always fragile, but it becomes entirely untenable when discovery outpaces disclosure. Because the window between vulnerability discovery and exploitation is collapsing, architectural defences must take precedence over reactive patching.
Priorities must immediately shift toward:
- Memory-safe programming languages
- Stronger sandboxing protocols
- Zero-trust architectures
- Formal code verification
Without these structural shifts, the legacy code that forms the backbone of global infrastructure remains deeply exposed.
The AGI Knife-Edge
What humanity stands to solve in the near term versus the threats it faces from Artificial General Intelligence (AGI) reveals the knife-edge we now walk.
Models like Mythos and its successors could cure long-standing systemic scourges. We could see the rapid remediation of software flaws that underpin data breaches and ransomware, accelerated scientific progress in materials and medicine through superior reasoning, and early gains against complex coordination problems in climate modelling. If defensive deployment outpaces proliferation, we could enter an era of meaningfully hardened digital systems and faster progress on humanity’s material challenges.
However, AGI-level systems—capable of autonomous R&D, self-improvement, and sustained strategic planning—pose existential risks that dwarf today’s cyber concerns. An unaligned superintelligence could optimise against human values with indifferent efficiency, pursuing mis-specified goals at a planetary scale, or enabling unprecedented weapons proliferation across cyber and biological domains. Even short of full AGI, intermediate systems could empower authoritarian control, destabilise economies through automated warfare, or erode public trust via hyper-personalised manipulation.
The “Mythos moment” is a stark preview: capabilities are arriving faster than governance. Without robust alignment, scalable oversight, and international coordination, the trajectory bends towards catastrophe.
The Path Forward
This is not hype; it is pattern recognition. Progress in AI cyber capabilities has accelerated dramatically. Mythos is not an isolated breakthrough, but the signal of a new regime where agentic systems plan and execute over long horizons. Anthropic’s restraint and the Glasswing coalition represent responsible, temporary stewardship. But the frontier is moving.
The path forward demands clarity over comfort:
- Industry must prioritise defence-in-depth and share remediation findings aggressively.
- Governments must treat advanced AI cyber as a national security imperative, investing in secure foundations, scale-driven red-teaming, and appropriate controls on dangerous capabilities.
- Researchers and Labs must double down on alignment techniques that scale alongside model capability. Complacency is the ultimate vulnerability.
Mythos does not herald the end of cybersecurity, but it ends the illusion that we can treat AI as just another tool. We have crossed into an era where intelligence itself is the battlefield. The miracles are within reach—more secure systems, accelerated discovery, and genuine progress on stubborn human problems. The threats are equally real: proliferation to adversaries, an imbalance favouring offence, and the longer shadow of misaligned AGI. How we allocate this new intelligence—directed towards defence and human flourishing, or left to diffuse unchecked—will define the decade.
The choice is ours, but the clock is running.
