The AI Model that Can Hack Anything, and Why You Can't Use It

The debut of Claude Mythos Preview marks a watershed moment in generative AI, shifting the technology from code assistance to autonomous vulnerability research. Anthropic’s internal benchmarks show Mythos achieving a 93.9% pass rate on SWE‑bench Verified and an 84% overall success rate in Firefox exploit trials—numbers that eclipse Opus 4.6 by more than double digits. Remarkably, the model uncovered a 27‑year‑old OpenBSD flaw and thousands of zero‑day bugs while consuming roughly $50 of compute, underscoring how inexpensive high‑impact exploits have become.

The security implications are immediate and profound. By automating the discovery of complex bugs, Mythos lowers the expertise threshold required to weaponize software flaws, potentially accelerating the pace of cyber‑attacks. Anthropic’s response, Project Glasswing, pools $100 million in credits and donations from AWS, Apple, Google, Microsoft, NVIDIA, and leading security firms to give a select group of partners controlled access to the model. This collaborative patch‑first strategy aims to harden critical infrastructure before malicious actors can replicate the technique, signaling a new model of industry‑wide cyber defense.

Beyond the immediate threat, Mythos reshapes the competitive landscape for AI developers. Companies that can harness such capability responsibly may dominate vulnerability‑management markets, while regulators will likely scrutinize the dual‑use nature of powerful language models. For CTOs, the message is clear: invest in AI‑augmented security tooling, participate in trusted coalitions like Glasswing, and develop governance frameworks that balance innovation with risk. As AI continues to blur the line between research and exploitation, proactive collaboration will be the key to safeguarding the digital ecosystem.