HarshPatel

Ahmedabad, Gujarat
Hire Me Sign In
Back to Blog
AIClaude MythosAnthropicCybersecurityLLMAI SafetyProject Glasswing

Claude Mythos: The Most Powerful AI Model Anthropic Built - and Why You Can't Use It

Harsh PatelMay 16, 20268 min read20 views
Claude Mythos: The Most Powerful AI Model Anthropic Built - and Why You Can't Use It

Introduction

Every few months, an AI lab announces a new model and the internet debates whether it's genuinely better or just better marketing. Claude Mythos is different. When Anthropic announced it on April 7, 2026, they didn't open a waitlist. They didn't launch an API. They didn't even let most companies try it.

They locked it away — and explained exactly why.

What Mythos can do is genuinely alarming. And understanding it tells you something important about where AI is headed and the uncomfortable choices labs are now being forced to make.

What is Claude Mythos?

Claude Mythos (officially Claude Mythos Preview) is Anthropic's most capable AI model to date. It's a general-purpose model, but it has a very specific area where it's terrifyingly good: cybersecurity.

Anthropic describes it as "a new class of intelligence built for ambitious projects focusing on cybersecurity, autonomous coding, and long-running agents."

Unlike previous AI models that could explain how vulnerabilities work, Mythos can find them, exploit them, and chain multiple attack steps together autonomously — compressing weeks of expert hacker work into hours.

What makes it technically different?

Several capabilities set Mythos apart from every model before it:

  • Infinite context window — it can ingest and reason across an entire codebase simultaneously. Not a file, not a folder — an entire production codebase in one pass.
  • Recursive self-correction — it observes results, adjusts its approach, and retries automatically. It doesn't just suggest a fix and wait — it tests its own hypotheses.
  • Native system tool integration — it can launch debuggers, interact with live systems, and execute code directly. It's an active agent, not just a reasoning engine.
  • Agentic scaffolding — it forms hypotheses, launches containers, runs tests, and executes multi-step plans without human hand-holding at each step.

Put simply: previous AI models could tell you there might be a lock on a door. Mythos can find the door, pick the lock, walk in, and report back — all on its own.

The numbers that made Anthropic say "no"

During internal evaluations, Mythos's performance crossed thresholds that hadn't been reached before:

  • It discovered 271 vulnerabilities in Mozilla's Firefox — and developed working exploits for 181 of them.
  • It successfully took over a simulated corporate network in 3 out of 10 attempts — the first AI model to succeed at that task at all.
  • The UK's AI Security Institute found it succeeded at expert-level hacking tasks 73% of the time. Before April 2025, no AI model could complete those tasks at any success rate.

That last number is the one to pause on. In under a year, AI went from 0% to 73% success on tasks that previously required expert human hackers. That's not incremental improvement — that's a category shift.

Why can't normal users access it?

The answer is simple: the same capabilities that make it useful for defence make it catastrophic in the wrong hands.

A security team using Mythos can find and patch vulnerabilities in their systems before attackers do. But a malicious actor with access to the same model could scan any target's codebase, find 271 vulnerabilities, and have 181 working exploits ready in the time it used to take a team of human hackers to find one.

This is the dual-use problem at its starkest. The tool is identical — only the intent differs. And unlike a knife or a car, an AI model capable of autonomous network intrusion can be pointed at millions of targets simultaneously.

Anthropic's decision to restrict Mythos entirely is the first time a major AI lab has taken this step since OpenAI temporarily withheld GPT-2 in 2019 — though GPT-2's concerns feel almost quaint in comparison.

So who does have access? — Project Glasswing

Instead of a public release, Anthropic created Project Glasswing — a tightly controlled access programme that lets a small number of vetted organisations use Mythos exclusively for cybersecurity defence. The idea: let trusted defenders use the model to find and fix vulnerabilities before malicious actors find them first.

The initial cohort of roughly 40 organisations includes some of the most powerful companies in tech and finance:

  • Microsoft
  • Google
  • Apple
  • Amazon Web Services
  • JPMorgan Chase
  • Nvidia

Notice anything? Every single company in that list is American. That's not a coincidence — and it's become a major geopolitical flashpoint.

India's response: alarm, meetings, and a fight for access

India's exclusion from Project Glasswing triggered a rapid and serious government response — because the problem is asymmetric. American companies can use Mythos to defend their systems. Indian companies cannot use it to defend theirs. But any attacker with access — whether a state actor or criminal group — can use it to target anyone, including India's financial infrastructure.

The April 23 emergency meeting

On April 23, 2026, Finance Minister Nirmala Sitharaman and IT Minister Ashwini Vaishnaw chaired an emergency meeting with:

  • Reserve Bank of India (RBI)
  • National Payments Corporation of India (NPCI)
  • Ministry of Electronics and IT (MeitY)
  • Department of Financial Services
  • Indian Banks' Association (IBA)

Sitharaman called the threat "unprecedented". The meeting directed banks to report all suspicious cyber incidents to CERT-In immediately, the IBA to build a coordinated cyber response mechanism, and all financial institutions to urgently strengthen their cybersecurity infrastructure.

India's bid to join Project Glasswing

MeitY Secretary S. Krishnan confirmed on April 28 that India is actively working out the logistics with US authorities to secure access for Indian entities under Project Glasswing.

Nasscom wrote directly to Anthropic, arguing that Indian technology firms maintain critical code used by organisations worldwide, and that it is "imperative that Indian technology firms are included in the global industry consortium." This is a strong point — Indian IT companies maintain backend infrastructure for thousands of global enterprises. If those systems have vulnerabilities, Indian firms need the same tools to find them.

SEBI acts — a first in Indian regulatory history

In a historic move on May 5, 2026, SEBI named Claude Mythos by name in a formal circular — making it the first Indian financial markets regulator to reference a specific AI model in a regulatory directive. The circular ordered every regulated entity in India's securities markets — stock exchanges, mutual funds, brokers, and credit rating agencies — to immediately overhaul their cybersecurity infrastructure in response to the Mythos threat.

Is the danger real or overhyped?

Cybersecurity researchers who've studied the Mythos evaluations make an important nuance: the vulnerabilities it finds are not novel in type — they're generally variations of known vulnerability classes like buffer overflows, injection attacks, and authentication bypasses.

What is genuinely new is the speed and scale. A human expert red team might find 5–10 vulnerabilities in a large codebase over several weeks. Mythos found 271 in Firefox and had working exploits for 181 — in a fraction of the time. The danger isn't that it invented a new kind of attack. It's that it made expert-level attacks accessible at machine speed and machine scale.

As one expert put it: "AI is compressing the timeline of cyber risk — vulnerabilities that once took weeks or months to exploit can now be identified and weaponised in hours."

What does this mean for developers?

If you're building software — especially anything that handles financial data, user authentication, or sensitive infrastructure — Mythos changes the threat model you should be designing against. Here's what I'd take away:

  • Dependency audits matter more now — AI can scan your entire dependency tree for known vulnerability patterns at a speed no human auditor can match. Run npm audit and snyk test regularly.
  • Input validation is non-negotiable — injection attacks are among the oldest and most common vulnerability classes. They're also the ones AI models are best at finding and exploiting.
  • The patching window is now hours, not weeks — once a vulnerability is public, assume an AI model somewhere is already generating exploits. Patch faster.
  • Security can't be bolted on after launch — if Mythos can scan a codebase and find 271 vulnerabilities in Firefox, it can scan yours too. Build with security as a first principle.

Conclusion

Claude Mythos is the first AI model where the question isn't "is it good enough to be useful?" but "is it too capable to be safe?" Anthropic's answer — restrict it entirely, give access only to vetted defenders — is a reasonable response to an unreasonable situation. But it creates a new problem: a world where some organisations can use AI to defend their systems and others cannot.

India's response — emergency government meetings, SEBI circulars, and a diplomatic push to join Project Glasswing — shows that AI safety is no longer just a Silicon Valley conversation. It's a geopolitical one.

For now, normal users won't get access to Mythos. And honestly? That might be exactly the right call.

All Posts
AIClaude MythosAnthropicCybersecurityLLMAI SafetyProject Glasswing