On April 7, 2026, Anthropic announced an AI model it refused to sell.
That decision alone was unusual. What followed was not.
Within 24 hours, the Federal Reserve Chair and the Treasury Secretary sat in a room with the CEOs of America's biggest banks. Within weeks, the International Monetary Fund issued a formal warning about AI-driven cyberattacks threatening the global financial system.
All of it traces back to Anthropic’s Mythos.
What Mythos Actually Does
Mythos is not a hacking tool. Anthropic did not build it to find vulnerabilities. Instead, it is a general-purpose AI model trained to reason and write code.
However, during internal testing, something unexpected happened. The model turned out to be extraordinarily good at finding security flaws that human researchers had missed for decades.
The numbers are striking. An earlier Anthropic model found about 20 vulnerabilities in the Firefox browser. Mythos, by contrast, found nearly 300. Furthermore, across every major operating system and web browser, the total now runs into the tens of thousands. Many of the flaws are 10, 20, even 27 years old.
Anthropic CEO Dario Amodei explained why his team has not disclosed most of them publicly. "If we announce something without it being fixed, then the bad guys will exploit it."
Why Access Is Restricted
Anthropic chose not to release Mythos to the public. Instead, the company launched Project Glasswing, giving roughly 40 organizations monitored access to find and fix vulnerabilities before attackers can exploit them.
Partners include Amazon Web Services (AMZN), Apple (AAPL), Microsoft (MSFT), Alphabet (GOOGL), Nvidia (NVDA), Cisco (CSCO), CrowdStrike (CRWD), JPMorgan Chase (JPM), and Palo Alto Networks (PANW). In addition, Anthropic committed ...
