Anthropic’s Mythos AI: The Model “Too Dangerous to Release” That Already Got Hacked

Anthropic — the AI company that markets itself as the “responsible” lab in the race — just built the most dangerous AI model it has ever created. Then it refused to release it publicly. And then, almost immediately, a group of unauthorized users found a way in anyway.

This is the story of Claude Mythos Preview, the AI model that has rattled global banks, alarmed national security officials, and triggered one of the most consequential debates in the history of artificial intelligence.

What Is Anthropic’s Mythos AI?

Mythos is Anthropic’s most advanced AI model to date — one the company itself has described as a “step change” beyond anything previously built. While it performs exceptionally across all standard benchmarks, its standout capability is in cybersecurity.

Mythos is said to possess the ability to discover flaws in virtually any operating system, browser, or other software product. The model has demonstrated an 83% success rate in exploit creation on the first attempt.

What makes that figure alarming is not just the number — it is what Mythos does after finding the flaw. It is not merely capable of discovering vulnerabilities and autonomously building exploits for them — it is capable of chaining those exploits together, making the challenge of defending against them far greater.

In plain terms: Mythos can find a hole in your software, build a tool to break through it, connect multiple holes together, and execute the attack — with minimal human direction.

Why Anthropic Refused a Public Launch

Anthropic claims that over the past few weeks, Mythos identified thousands of zero-day vulnerabilities — many of them critical — in every major operating system and every major web browser. Many of these vulnerabilities are one to two decades old.

A zero-day vulnerability is a software flaw that was previously unknown to the developer. It is the most dangerous type of security bug because there is no existing patch. Finding thousands of them — at speed, across every major platform — represents a capability that no tool, human or AI, has ever demonstrated at this scale.

Anthropic’s own red team noted that Mythos Preview has improved to the extent that it mostly saturates existing cybersecurity benchmarks — so the company has shifted its focus entirely to novel real-world security tasks, including zero-day discovery in live open-source codebases.

This is why Anthropic chose a restricted rollout instead of a standard product launch.

Project Glasswing: The Controlled Release Strategy

Rather than making Mythos publicly available, Anthropic launched Project Glasswing — a structured initiative to deploy the model exclusively for defensive cybersecurity work.

As part of Project Glasswing, launch partners will use Mythos Preview for defensive security work. Anthropic has also extended access to over 40 additional organizations that build or maintain critical software infrastructure. The company is committing up to $100 million in usage credits for Mythos Preview across these efforts, plus $4 million in direct donations to open-source security organizations.

The 12 core Project Glasswing partners include: Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, and Palo Alto Networks.

The logic is straightforward: get the model into the hands of defenders before attackers can access similar technology. The theory is sound. The execution, as it turns out, had a gap.

Banks and Governments Sound the Alarm

The restricted rollout has not prevented concern from spreading across the financial sector and government institutions.

Goldman Sachs, Citigroup, Bank of America, and Morgan Stanley are reportedly testing the model. US Treasury Secretary Scott Bessent convened a meeting of senior American bankers in Washington in April to discuss Mythos, encouraging banking executives to use the model to detect their own vulnerabilities.

Financial regulators across Australia and South Korea raised concerns about the AI model, arguing it could destabilize entire banking systems — joining earlier warnings from regulators in several EU nations.

Reports also indicate that US officials have begun urging major financial institutions to actively test advanced AI systems like Mythos in controlled environments, reflecting growing concern at the highest levels about both the risks and the defensive potential of such tools.

The NSA is reportedly also using the Mythos Preview model for cyber defense purposes.

The Breach: Unauthorized Users Got In Anyway

This is where the story takes its most significant turn.

According to Bloomberg, a small group of unauthorized users accessed Anthropic’s Mythos model through a private online forum — on the same day that Anthropic first announced the limited release. A person familiar with the matter confirmed the account with screenshots and a live demonstration of the model.

Anthropic responded with a statement: “We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments. There is currently no evidence that Anthropic’s systems are impacted, nor that the reported activity extended beyond the third-party vendor environment.”

The method used was not sophisticated. One method involved a single worker at an unnamed third-party contractor, while another tactic included using commonly used internet sleuthing tools — the kind typically employed by everyday cybersecurity researchers.

The model described as the most dangerous AI ever built was accessed not through a nation-state cyberattack — but through a contractor’s credentials and basic internet tools.

OpenAI’s Sam Altman Fires Back

Not everyone is accepting Anthropic’s framing at face value.

OpenAI CEO Sam Altman called Anthropic’s approach “fear-based marketing,” comparing the strategy to building a bomb and then selling bomb shelters for $100 million. OpenAI is reportedly planning to launch a rival cybersecurity model through its own “Trusted Access for Cyber” pilot program.

The competitive dynamic between the two leading AI labs has now moved squarely into the cybersecurity arena — with enormous commercial and national security implications for whoever captures enterprise and government contracts first.

The Bigger Picture: AI Capability Is Outpacing Governance

The World Economic Forum’s Global Cybersecurity Outlook 2026 has already highlighted a growing gap between the pace of cyberthreats and organizations’ ability to respond. The questions raised by Mythos are expected to be central to discussions at the WEF’s Annual Meeting on Cybersecurity in May 2026.

Anthropic has chosen to restrict access and work with a small group of trusted partners rather than releasing the model broadly. But there are currently no globally agreed rules for who should have access to such powerful systems — or how their use should be governed.

Key Takeaways

For investors: CrowdStrike, Palo Alto Networks, and Microsoft are likely beneficiaries regardless of how the Mythos controversy resolves — enterprises will increase cybersecurity spending in response. Anthropic’s investors, Alphabet and Amazon, face reputational and regulatory exposure if the breach story escalates.

For the industry: The Mythos episode is not an isolated incident. It is an early preview of a category of AI capability that will become standard across frontier labs within 12–18 months. Every major organization needs a response plan now.

For the public: A model capable of finding and exploiting software vulnerabilities in every major OS and browser exists. It has already been accessed without authorization. The question of who controls this technology — and how — is no longer theoretical.

Sources: Fortune, Bloomberg, TechCrunch, Euronews, Cybernews, World Economic Forum, Anthropic.com — April 2026

FAQs