Anthropic Says Unreleased Claude Mythos Found Thousands of Zero-Days, Launches $100 Million Defensive Cyber Push

Anthropic Says Unreleased Claude Mythos Found Thousands of Zero-Days, Launches $100 Million Defensive Cyber Push

N
News Editor 01
2026-07-08 14:22:14
Anthropic says its unreleased Claude Mythos Preview discovered thousands of high-severity zero-days across major operating systems and browsers, prompting the launch of Project Glasswing with up to $100 million in AI usage credits for defenders.
AnthropicClaude Mythoscybersecurityzero-day vulnerabilitiesAI safety

Anthropic has unveiled striking claims about Claude Mythos Preview, an unreleased AI system that the company says independently uncovered thousands of high-severity zero-day vulnerabilities across major operating systems and web browsers. Alongside the disclosure, Anthropic launched Project Glasswing, a defensive cybersecurity coalition backed by up to $100 million in AI usage credits intended to help security teams and critical software organizations respond before comparable offensive capabilities become widely available.

Benchmark results show a sharp jump over prior models

According to Anthropic, Claude Mythos Preview posted 83.1% on Cybergym, compared with 66.6% for Claude Opus 4.6. The company also reported 93.9% on SWE-bench Verified versus 80.8% for Opus 4.6, and 77.8% on SWE-bench Pro compared with 53.4%. On Humanity’s Last Exam without tools, Mythos scored 56.8%, while its predecessor reached 40.0%. Anthropic described the model as representing a major step up in capability and said training was completed before the system was publicly announced on April 7, 2026.

The company emphasized that Mythos was not released publicly and is not available through Anthropic’s general API. Access has instead been restricted to a selected set of partners after internal testing showed that the model could discover and exploit previously unknown software flaws at a pace and scale that exceeded both human experts and earlier AI systems.

How Anthropic says Mythos finds vulnerabilities

Anthropic said the model does not rely on narrow, cybersecurity-specific training to produce these results. Instead, its performance reflects broader improvements in reasoning, multi-step planning, and autonomous agent behavior. In an isolated container environment, Mythos can read source code, form hypotheses about memory-safety failures, compile and execute software, use debugging tools such as Address Sanitizer, rank files by likely vulnerability, and generate validated bug reports complete with working proof-of-concept exploits.

That workflow matters because it moves beyond simple code review or static analysis. Anthropic’s description suggests a system able to iterate experimentally: inspect, test, refine, and validate. In practice, that means the model can narrow attention to exploitable pathways and then demonstrate whether the flaw is real, reducing the gap between “possible bug” and actionable security finding.

Decades-old bugs reportedly surfaced in hours

Among the most attention-grabbing claims were examples involving vulnerabilities that had survived years of scrutiny. Anthropic said Mythos autonomously found a 27-year-old OpenBSD TCP SACK vulnerability, a subtle integer-overflow issue that could allow a remote attacker to crash a responding host using crafted packets. The company said the issue was identified after roughly 1,000 runs at a total cost of less than $20,000.

Another example involved a 16-year-old FFmpeg H.264 bug that had reportedly survived more than five million automated tests and multiple audits before Mythos detected it. These examples were cited as evidence that AI systems may now be reaching a level where they can expose deep, long-lived flaws that conventional auditing pipelines repeatedly missed.

Browser and kernel results drew particular attention

Anthropic’s browser testing claims were especially notable. In evaluations against the JavaScript engine in Firefox 147, Mythos reportedly generated 181 full shell exploits and 29 cases of register control. In the same test set, Claude Opus 4.6 generated only two shell exploits. If validated more broadly, that difference would mark a significant shift in how quickly a capable model can move from vulnerability identification to exploit construction in widely used software environments.

The company also said Mythos built working Linux kernel privilege-escalation chains, moving from user to root on servers. In one workflow, it filtered 100 recent CVEs down to 40 exploitable candidates and successfully exploited more than half of them. That claim underscores not just raw bug-finding ability, but the capacity to prioritize exploitability in a practical offensive context.

Anthropic added that human validators reviewed 198 vulnerability reports generated by the model. Reviewers agreed with the model’s severity assessments in 89% of cases, with 98% agreement when allowing a one-level difference in severity. Those figures, if representative, suggest that Mythos can produce reports that align closely with expert judgment rather than merely surface noisy or low-quality findings.

Project Glasswing aims to tilt the balance toward defenders

Anthropic said that less than 1% of the identified bugs have been fully patched so far, highlighting the scale of remediation still ahead. To manage disclosure responsibly, the company said it is coordinating with affected parties, publishing cryptographic SHA-3 commitments for unpatched issues, and following a 90-plus-45-day schedule before releasing full technical details.

One public example cited in the report is CVE-2026-4747, a 17-year-old remote-code-execution vulnerability in the FreeBSD NFS server that can grant full unauthenticated root access. By naming already disclosed cases while withholding others pending fixes, Anthropic appears to be trying to show proof of capability without immediately increasing operational risk.

Project Glasswing, announced alongside the model, is the company’s attempt to deploy these capabilities in service of defense before similar systems become common in hostile hands. Anthropic said the initiative launched on April 7, 2026 with 11 founding partners: Amazon Web Services, Apple, Broadcom, Cisco, Crowdstrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. Access is expected to expand to more than 40 additional critical software organizations.

Anthropic also committed $4 million in open-source security donations. That includes $2.5 million to Alpha-Omega through OpenSSF under the Linux Foundation, and $1.5 million to the Apache Software Foundation. The funding is intended to support the ecosystem that underpins much of the software stack now facing increased scrutiny from advanced AI systems.

The company acknowledges the dual-use risk

Anthropic explicitly warned that systems like Mythos lower the barrier to both discovering and exploiting vulnerabilities. The firm pointed to near-term risks from state actors and criminal groups if equivalent capabilities spread without meaningful safeguards. In particular, it referenced threats involving China, Iran, North Korea, and Russia, along with cybercriminal organizations. The company described the current period as one of transition turbulence, in which attackers may be able to adopt such tools faster than defenders can fully integrate them.

To reduce that risk, Anthropic said future Claude Opus releases will include safety measures designed to detect and block dangerous cybersecurity outputs. It also plans to introduce a Cyber Verification Program for vetted security professionals, presumably to control access to high-risk functionality while still enabling legitimate research and remediation work.

A broader signal for AI, software security, and infrastructure risk

Even if some of the most dramatic claims invite scrutiny from outside researchers, the implications are significant. If frontier AI models can reliably identify exploitable bugs in mature codebases, the economics of cybersecurity could shift quickly. Defensive teams may gain the ability to audit legacy software at unprecedented speed, but attackers could also automate exploit discovery in ways that strain patching capacity across the industry.

Anthropic said a public report covering partner findings and patched vulnerabilities is expected within 90 days. That publication will likely be watched closely by security researchers, infrastructure operators, and enterprise technology teams looking for evidence of how reproducible these results are in real-world workflows. For now, the company’s message is clear: the next phase of AI competition is no longer only about productivity or chat interfaces. It may also be about who can secure, or destabilize, the software foundations of the internet first.

This article was originally published by Bit.Fan. For more cryptocurrency news and market insights, visit www.bit.fan.
400

Disclaimer:

The market information, project data, and third-party content displayed on this platform are for industry information sharing only and do not constitute any form of investment advice or return commitment.

Cryptocurrency trading carries high risks. Users should fully assess their risk tolerance and make independent decisions. All profits, losses, and legal responsibilities are borne by the users themselves.