Claude Mythos Preview: The New Cybersecurity Arms Race

Anthropic's April 2026 Claude Mythos Preview is the clearest sign yet that frontier models are moving from productivity tools into security infrastructure. The model is sitting in a gated research preview, but Anthropic says it is its most capable release yet for coding and agentic tasks, and cybersecurity is where that jump becomes impossible to ignore.

The company says Mythos Preview has already identified thousands of zero-day vulnerabilities across critical infrastructure. Project Glasswing is the commercialization of that thesis: give defenders early access, coordinate with major platforms and security vendors, and use the model to harden systems before attackers can weaponize the same capabilities.

The offensive risk is speed. Anthropic's Frontier Red Team says Mythos Preview can find and exploit zero-days in major operating systems and browsers when directed to do so, and in some cases generate working exploits overnight. That matters because exploit development has historically been gated by time, specialized knowledge, and repeated manual iteration. Mythos Preview compresses all three.

Red-team analysts use Claude-class models to map vulnerabilities, track exploit paths, and review telemetry.

Why the bar moved: Anthropic's own framing makes the dual-use problem explicit. The same traits that make the model strong at code understanding, agentic workflows, and debugging also make it capable of traversing large codebases, reasoning about bug chains, and turning a subtle flaw into a live exploit. The result is not just more vulnerability discovery; it is a collapse in the gap between finding a bug and operationalizing it.

For defenders, the upside is real. Anthropic's Building AI for Cyber Defenders work shows Claude being tuned to detect, analyze, and remediate vulnerabilities in code and deployed systems. Project Glasswing extends that posture to launch partners, open-source maintainers, and critical infrastructure operators. In other words, the model can be pointed at patch triage, code review, and incident response as easily as it can be aimed at exploitation.

The warning sign is the 2025 AI-orchestrated espionage campaign Anthropic disclosed last year. The attackers used agentic capabilities to execute parts of the intrusion themselves, with limited human direction. Mythos Preview pushes that threat model further: more autonomy, more scale, and less time for defenders to react.

Claude-style agentic workflows create both defensive leverage and new security concerns.

What changes now: Security teams should treat frontier models as force multipliers on both sides. That means tighter access controls, sandboxed tool use, mandatory human review for high-risk actions, logging and auditability, and a faster patch pipeline for systems likely to be targeted by model-assisted attackers. The winners will be the teams that use Claude-class systems to shrink their exposure window before adversaries do.