Anthropic just announced Project Glasswing, and with it, Claude Mythos.

Claude Mythos is a new tier of Claude model. Opus is smarter than Sonnet. Mythos is lightyears ahead of Mythos.

Mythos is such a breakthrough that Anthropic is refusing to release it. I can see why - This is the first time a model announcement has actually made me nervous.

The security nightmare

Anthropic says Mythos Preview has already found thousands of high-severity vulnerabilities, including zero days in every major operating system and every major web browser. Its security team says the model can autonomously find zero-days in real software and often develop them into working proof-of-concept exploits with minimal human steering.

One of the most startling details in Anthropic’s system card is that internal staff with no formal security training were able to ask the model to hunt remote code execution bugs overnight and wake up to a working exploit.

For a while, it was easy to talk about AI coding in terms of productivity. Faster boilerplate. Better autocomplete. Quicker test writing. Useful repo search. That framing is now too small.

The same general capability gains that push up SWE-bench also push up vulnerability discovery and exploit development. Anthropic says that directly in its security writeup: the improvements that make the model better at patching vulnerabilities also make it better at exploiting them.

Mythos crushes benchmarks

The benchmark numbers are the first reason this matters. Anthropic says Claude Mythos Preview hit 77.8% on SWE-bench Pro, 93.9% on SWE-bench Verified, and 82.0% on Terminal-Bench 2.0.

On the same reporting, Opus 4.6 sat at 53.4%, 80.8%, and 65.4%. Anthropic also says the margin holds even after excluding problems that show signs of memorization. Jumps this large are not the kind of thing you explain away with prompt tweaks or benchmark luck.

Intelligence in the hands of the few

Anthropic is not generally releasing Mythos Preview. Its public announcement says the model is being restricted to Project Glasswing partners (to find and fix vulnerabilities) plus a group of more than 40 additional organizations involved in critical software infrastructure and defensive security work.