Anthropic has not made Claude Mythos publicly available. The model exists inside a closed programme called Project Glasswing, accessible to roughly 50 organisations chosen for their role in critical software infrastructure. Three weeks in, those organisations are quietly telling the Financial Times that the experiment has already outrun their ability to respond.
The model has found more than 2,000 previously unknown vulnerabilities in seven weeks of testing. Flaws in every major operating system. Bugs in every major browser. Some of them have sat undiscovered for decades.
This is not a benchmark result. It is a live operational signal, and the industry is still working out what to do with it.
A Patch Tuesday That Broke Records
Microsoft integrated Mythos into its Security Development Lifecycle alongside its open-source CTI-REALM benchmark, using the model to surface vulnerabilities earlier in the development process before code ships. The April Patch Tuesday that followed addressed 167 security flaws.
Rapid7 lead software engineer Adam Barnett called it "a new record." He stopped short of drawing a direct line to Project Glasswing, but noted that the timing was difficult to ignore, given the announcement came one week prior.
Mozilla's Firefox 150 told a similar story: 271 vulnerabilities fixed in a single release, with the company crediting Mythos as part of the discovery process.
Two data points do not make a trend. But 2,000 unknown vulnerabilities across every major OS and browser in seven weeks is a discovery rate that no existing patch infrastructure was designed to absorb.
Who Has Access, and Why It Matters
Anthropic's initial partner list reads like a guest list for a systemic risk summit: Amazon, Apple, Google, Nvidia, JPMorgan Chase, CrowdStrike, and approximately 40 additional organisations that build or maintain critical software infrastructure.
The financial sector received its own mobilisation. On April 7, Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened banking executives specifically to urge internal deployment of Mythos against their own systems. Goldman Sachs, Citigroup, and Bank of America are now running it.
The pressure has spread internationally. India's Finance Minister Nirmala Sitharaman held meetings with bank leaders and the Reserve Bank of India to assess exposure. The European Central Bank began quietly surveying banks about their defences. Deutsche Bank's chief executive told reporters that "everyone is trying to gain access to Mythos." Anthropic has confirmed it will extend access to European and UK banks in the near future.
This is not the normal arc of an enterprise AI rollout. Regulators do not typically convene emergency summits around a model capability preview. The speed of institutional response suggests that what Mythos is surfacing is genuinely alarming to the people who have seen it.
The Asymmetry Problem
The harder issue is not the patches themselves. It is the asymmetry the model creates.
Palo Alto Networks framed it clearly: capabilities like those in Mythos will not remain exclusive to US firms operating within Anthropic's safeguard framework. Once similar models exist without those constraints, the defensive advantage flips. Palo Alto warned of "autonomous attack agents unlike any the industry has encountered," systems that do not just find vulnerabilities but chain them into working exploits without human direction.
"Defenders are finding themselves in a race they're not yet equipped to win."
The structural problem is straightforward to articulate and very hard to solve. Vulnerability discovery has been the bottleneck in security for years. Mythos has removed that bottleneck on the discovery side. But it has not removed the bottleneck on the remediation side: the engineering teams, the testing cycles, the staged rollouts, the organisational processes that decide when a patch ships. Those operate on timescales that AI cannot compress. The finding half of the loop is now dramatically faster than the fixing half.
What Anthropic Is Doing, and What It Is Not
Anthropic has committed up to $100 million in usage credits and $4 million in direct donations to open-source security organisations as part of Project Glasswing. The framing is deliberate: this is positioned as a public-good initiative, not a product launch.
The company has also been explicit that Mythos will not become generally available until new safeguards are in place. What those safeguards look like, and what timeline they are operating against, Anthropic has not said publicly.
The $100 million in credits is real money, but it is also downstream of the problem. Usage credits help organisations run Mythos. They do not help those organisations build the remediation capacity to act on what Mythos finds.
The calls from Project Glasswing partners for a "unified effort across the public and private sectors" are the first honest acknowledgement that this cannot be solved inside individual organisations' security teams. The scale of what Mythos is surfacing is a coordination problem, not just a technical one.
What This Means for Engineering and Security Teams
If you are working in security or platform engineering, the practical near-term implications are worth thinking through now rather than when Mythos-equivalent capabilities are more widely available.
- The discovery-to-patch pipeline is about to become the constraint. Organisations that have invested in automated patch testing, staged deployment infrastructure, and fast-track remediation processes will handle this transition better than those that have not. The limiting factor is no longer finding the bugs.
- The dependency graph matters more than it did. Mythos found vulnerabilities in components that have been in production for decades. Systems built on assumptions of legacy stability will need those assumptions re-examined. Supply chain exposure is not a new concept, but the surface area it covers is about to be quantified at a scale nobody has attempted before.
- Coordinated disclosure processes were not designed for this volume. The industry norm of 90-day disclosure windows made sense when finding a critical vulnerability required significant human expertise. The process needs to scale, and organisations running critical infrastructure should be thinking now about how their internal triage processes handle a sustained increase in inbound vulnerability reports.
- The access asymmetry is temporary. Anthropic controls who has Mythos today. That control degrades over time as the capability proliferates. The window where defenders have structural advantage over attackers is the current moment. The organisations using it are running against that clock.
