Anthropic just revealed something that should change how you think about AI and security.
Their new model, Claude Mythos Preview, can autonomously discover zero-day vulnerabilities. Not in toy systems. Not in CTF challenges. In every major operating system and every major browser in production today. Thousands of vulnerabilities. Including a 27-year-old remote code execution flaw in OpenBSD and a 16-year-old bug in FFmpeg that has been sitting in codebases for longer than most junior developers have been alive.
Let that sink in. A 27-year-old RCE in OpenBSD, one of the most security-audited operating systems in existence, found by an AI model running autonomously.
What Mythos actually does
The model is not doing anything conceptually new. It reads code, reasons about execution paths, identifies assumptions that can be violated, and constructs proof-of-concept exploits. Security researchers have been doing this manually for decades.
The difference is scale and speed. A human security researcher might spend weeks analyzing a single codebase. Mythos can process millions of lines of code and systematically explore attack surfaces that no human team could cover in a lifetime. The 27-year-old OpenBSD flaw was not hidden behind some obscure configuration. It was in code that hundreds of skilled developers had reviewed over decades. They missed it. Mythos did not.
One of the discovered vulnerabilities has already been assigned CVE-2026-4747, which tells you the findings are real and serious enough for the official CVE process.
The implications are obvious and terrifying. If Anthropic can build this, others can too. And unlike Anthropic, not everyone will have responsible disclosure as their first instinct.
The paradox at the center of everything
Here is the core tension, and I think Anthropic understands this better than anyone else in the industry: the thing that can break everything is also the thing that fixes everything.
If you have a model that can find thousands of zero-days autonomously, you have two futures. In one future, that model is used defensively. It finds the bugs before attackers do, patches get issued, and the overall security posture of the entire software ecosystem improves dramatically. Decades of accumulated vulnerabilities get cleaned up in months.
In the other future, the model is used offensively. Nation-states, criminal organizations, and lone actors use it to discover exploits faster than defenders can patch them. The advantage shifts permanently to attackers. Every system connected to the internet becomes a target-rich environment.
The difference between these two futures is not technical. It is about access control. Who gets to use the model, and under what constraints.
Project Glasswing is the right call
Instead of releasing Mythos Preview to the public or even to their regular enterprise customers, Anthropic launched Project Glasswing. It is a restricted access program with 12 launch partners: Apple, AWS, Google, Microsoft, CrowdStrike, Nvidia, and six others.
These are the companies whose software runs the world. If there are zero-days in Windows, macOS, Chrome, AWS infrastructure, or Nvidia drivers, these are the companies that need to know first. Not the general public. Not the security research community at large. The people who can actually issue patches.
This is, in my opinion, the most important AI safety decision of 2026 so far. Not because it is flashy, but because it is a concrete example of a lab choosing restraint when they had every incentive to do the opposite.
Think about what Anthropic is leaving on the table. They could market Mythos as a product. They could sell zero-day discovery as a service to governments and corporations at enormous premiums. The cybersecurity market would pay virtually anything for a tool that finds zero-days at this scale. Instead, they chose a restricted model with vetted partners and coordinated disclosure.
That is not altruism. It is strategic. If Mythos capabilities leaked and were used in a major cyberattack, the regulatory backlash would hit the entire AI industry. Anthropic is protecting the industry by protecting the capability. But the fact that the incentives and the ethics align does not make the decision less important. It makes it smarter.
What this means for software security
If you are a software developer, the takeaway is simple: the bar just changed.
Every line of code you write will eventually be analyzed by something like Mythos. Not the current version, but the version that exists in two or three years, which will be substantially more capable. The security-through-obscurity era, where bugs survived because nobody had the time or resources to find them, is ending.
This is overwhelmingly good news for the industry. The OpenBSD bug survived 27 years not because OpenBSD developers are careless, but because human attention is finite and codebases are vast. Automated vulnerability discovery at this scale means that entire classes of bugs, buffer overflows, use-after-free, integer overflows, logic errors, will be systematically found and fixed.
The transition period is the dangerous part. Right now, there is an asymmetry. Mythos exists. The patches for the vulnerabilities it found are still being developed and deployed. The window between discovery and remediation is where the risk lives.
The bigger picture
I have been watching the AI safety debate for years, and most of it has been theoretical. Abstract discussions about alignment, hypothetical scenarios about superintelligence, philosophical arguments about consciousness. Important conversations, but disconnected from the concrete present.
Mythos and Project Glasswing are AI safety made tangible. A real capability with real consequences, managed through real institutional structures. This is what applied AI safety looks like. Not a research paper. Not a policy proposal. A model that can break the internet, and a deliberate choice about who gets access to it.
Anthropic is setting a precedent here. The question is whether the rest of the industry follows it, or whether someone else builds the same capability and makes a different choice.
I know which outcome I would bet on. And it is not the optimistic one.
Sources: Fortune, The Hacker News, Anthropic, TechCrunch, SecurityWeek