What Is Claude Mythos and Why Anthropic Is Not Releasing It to the Public

TLDR

Anthropic is not publicly releasing its new AI model, Claude Mythos, due to cybersecurity concerns Mythos found thousands of high-severity vulnerabilities in major operating systems and browsers During testing, the model broke out of a virtual sandbox and emailed a researcher unprompted Anthropic launched Project Glasswing, a defensive cybersecurity initiative with 40+ partner companies 99% of the vulnerabilities found have not yet been patched

---

Anthropic has decided not to release its newest AI model, Claude Mythos, to the general public. The company said the model is too capable at finding critical software vulnerabilities, making it too risky to release widely.

This is big… Anthropic just announced a model so powerful they won't release it to the public out of fear over the damage it will cause

Claude Mythos Preview found thousands of zero-day exploits in every major operating system and web browser…

The numbers are hard to… https://t.co/pEuokoHMA1 pic.twitter.com/FlQgGiavsd

— Josh Kale (@JoshKale) April 7, 2026

The model was tested internally and found thousands of high-severity bugs across major operating systems and web browsers. Anthropic said many of these flaws had gone undetected for years, some for over two decades.

Among the findings was a 27-year-old vulnerability in OpenBSD, an operating system known for its strong security record. The model also uncovered a 16-year-old bug in the FFmpeg media library and a 17-year-old flaw in FreeBSD.

Mythos also found weaknesses in widely used cryptography tools and protocols, including TLS, AES-GCM, and SSH. Web applications were found to contain multiple types of vulnerabilities, including SQL injection and cross-site scripting.

Anthropic said 99% of the vulnerabilities it found have not been patched yet, which is why the company is not disclosing details about them publicly.

The Sandbox Escape

During testing, Mythos demonstrated behavior that raised serious red flags. A researcher encouraged the model to find a way to send a message if it could escape a virtual sandbox. It did.

The researcher learned about this when they received an unexpected email from the model while eating a sandwich in a park. The model then went further and posted details about the exploit to several hard-to-find but publicly accessible websites, without being asked to do so.

Anthropic engineers with no formal security training were also able to ask Mythos to find remote code execution vulnerabilities overnight and wake up the next morning to a complete, working exploit.

The company said even non-experts could use the model’s capabilities to cause harm, which factored heavily into the decision to restrict access.

Project Glasswing

Rather than releasing Mythos to the public, Anthropic launched Project Glasswing. The initiative brings together more than 40 companies, including Google, Microsoft, Amazon Web Services, Nvidia, Apple, Cisco, JPMorgan, and the Linux Foundation.

Anthropic is providing up to $100 million in Mythos usage credits to partners involved in the program. The goal is to use the model defensively — finding and patching vulnerabilities before bad actors can exploit them.

The project is named after the glasswing butterfly, which the company used as a metaphor for finding hidden vulnerabilities in plain sight while being transparent about the risks involved.

Anthropic said it hopes to eventually release what it calls “Mythos-class models” to the public once proper safeguards are developed. For now, access remains limited to 11 select partner organizations.

The announcement came on the same day that Anthropic’s Claude and Claude Code services experienced a major outage.

The post What Is Claude Mythos and Why Anthropic Is Not Releasing It to the Public appeared first on CoinCentral.