Anthropic announced Claude Mythos Preview on April 7, 2026, describing it as an AI model "too dangerous to release publicly." The model can discover zero-day vulnerabilities across major operating systems and web browsers, and chain software bugs into multi-step exploits—capabilities previously achievable only by the most skilled human hackers. On the same day as the announcement, a small group of unauthorized users gained access to Mythos through a third-party vendor environment.
Access Limited to Vetted Partners Under Project Glasswing
Anthropic restricted Mythos access to vetted partners under Project Glasswing, limiting use to certain employees of Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and other approved companies. The company stated the model is "far ahead" of other models in cybersecurity capabilities.
The restrictions sparked concerns among governments, banks, and utility companies excluded from access. Operational technology providers expressed annoyance at their exclusion from the Mythos rollout. After criticism of Anthropic's restrictions, OpenAI subsequently restricted access to its own Cyber model as well.
Security Breach Raises Questions About Restriction Effectiveness
The unauthorized access on April 7 raised questions about the effectiveness of Anthropic's security measures. The breach occurred through a third-party vendor environment, highlighting vulnerabilities in the distribution chain even for highly restricted AI systems.
The Pentagon had previously labeled Anthropic after the company declined to ease restrictions on its products being used in domestic surveillance and fully autonomous weapons. As of early May 2026, OpenAI announced it will give EU access to its cyber model, but Anthropic continues withholding Mythos from the EU market.
Global Cybersecurity Implications
Experts describe Mythos as a wake-up call that the era of AI-driven hacking is already here. Rest of World reported on the global cybersecurity implications of Anthropic's Mythos, noting the growing cybersecurity gap between organizations with access to advanced AI security tools and those without.
Key Takeaways
- Anthropic announced Claude Mythos Preview on April 7, 2026, capable of discovering zero-day vulnerabilities and chaining exploits
- Access is restricted to vetted partners at select companies including Amazon, Apple, Google, Microsoft, and others under Project Glasswing
- Unauthorized users gained access through a third-party vendor on the same day as the announcement
- Operational technology providers and governments criticized exclusion from the program
- As of May 2026, Anthropic continues withholding Mythos from the EU market despite OpenAI opening cyber model access