What Anthropic Actually Built, and Why They Won’t Release It

Here’s the short version of what happened. Anthropic trained a new frontier model called Claude Mythos Preview. It’s a general-purpose model, not built specifically for cybersecurity. But during internal testing, they discovered something that changed their release plans: Mythos could find software vulnerabilities in seconds and write working exploits autonomously, without any human guidance. [1]

The scale of what it found was striking. A 27-year-old vulnerability in OpenBSD, an operating system famous for its security. A 16-year-old bug in FFmpeg’s video codec that automated testing tools had hit five million times without catching. A 17-year-old flaw in FreeBSD’s file-sharing service that allowed anyone on the internet to gain full root access to a server. Thousands of high-severity vulnerabilities of the vast majority were still unpatched as of today. [1][2]

The capability jump was dramatic. The previous best model, Claude Opus 4.6, had essentially a zero percent success rate at autonomous exploit development. Mythos generated 181 working exploits on Firefox where Opus 4.6 produced two. Anthropic engineers with no formal security training asked Mythos to find remote code execution vulnerabilities overnight. They woke up the next morning to a complete, working exploit ready for review. [1]

Anthropic made a decision that was unusual for the industry: they would not release Mythos to the public. Instead, they launched Project Glasswing, a controlled rollout restricted to 12 major partners including AWS, Apple, Google, Microsoft, CrowdStrike, JPMorgan Chase, and the Linux Foundation, plus about 40 additional organizations that maintain critical software infrastructure. Anthropic committed $100 million in usage credits and $4 million in donations to open-source security. [2][3]

The disclosure framework is structured and deliberate. Anthropic gives software maintainers 90 days to patch a vulnerability after notification. Once the patch is available, there’s an additional 45-day window before Anthropic publishes full technical details, giving enterprises time to deploy. For vulnerabilities already being exploited in the wild, the window shrinks to 7 days. They publish cryptographic hash commitments for undisclosed vulnerabilities so they can later prove what they knew and when. The approach is modeled on Google Project Zero’s 90-day disclosure policy, which has been the industry standard since 2014. [4]

Dario Amodei, Anthropic’s CEO, framed it directly: “More powerful models are going to come from us and from others, and so we do need a plan to respond to this.” Logan Graham, who leads Anthropic’s frontier red team, estimated that competing models will reach similar capability within six to eighteen months. [5]

What Happened in the Last Ten Days

A lot happened fast. Jamie Dimon told analysts on JPMorgan’s earnings call that “AI’s made it worse, it’s made it harder.” Treasury Secretary Bessent and Fed Chair Powell pulled the CEOs of Citi, Goldman, Bank of America, Morgan Stanley, and Wells Fargo into an emergency meeting at Treasury. Goldman’s David Solomon confirmed his bank is testing Mythos. [1][2]

The Cloud Security Alliance assembled 60 contributors and 250 CISOs over a single weekend to publish an emergency strategy briefing. Adam Meyers at CrowdStrike flagged “a massive influx of new vulnerabilities found by AI.” Wendy Whitmore at Palo Alto Networks expects a major AI-connected attack this year. [3][4]

Two Sides of the Industry Debate

The skeptics make serious arguments. Bruce Schneier, probably the most respected independent voice in security, called the announcement “very much a PR play” while acknowledging that the underlying concern about AI-powered attacks is real. His point is that Anthropic controls the narrative when it controls the model, and a company positioning itself for a potential IPO has obvious incentives to generate attention. [9]

AISLE, a cybersecurity research group, went further by replicating parts of Anthropic’s analysis using a model 250 times smaller that costs eleven cents per million tokens. Eight out of eight models they tested detected the FreeBSD vulnerability. Their conclusion: the moat in AI cybersecurity is the system around the model, not the model itself. Tom’s Hardware dug into the methodology and found that “thousands of zero-days” rests on 198 manual reviews, with the rest extrapolated. These are legitimate scrutiny points. [10][11]

The skeptics also question whether the 90-day disclosure window is practical. If the average enterprise takes 252 days to fix a known security flaw, giving them 90 days and calling it responsible disclosure is generous on paper and unrealistic in practice. The vulnerability gets flagged. The clock starts. And for many organizations, the architecture of their legacy systems makes meeting that deadline structurally impossible.

The believers make equally serious arguments. The UK AI Security Institute tested Mythos independently and confirmed it as “a step up over previous frontier models,” succeeding on expert-level capture-the-flag challenges 73% of the time where no prior model could complete them at all. This is not Anthropic grading its own homework. [7]

The Cloud Security Alliance assembled 60 named contributors, including former CISA director Jen Easterly, former National Cyber Director Chris Inglis, and Google’s CISO Heather Adkins, to produce an emergency strategy briefing reviewed by 250 CISOs. Their assessment: “In the near term, security organizations will likely be overwhelmed by the need to apply patches and respond to AI-discovered vulnerabilities.” The mean time from disclosure to exploitation has collapsed to less than one day in 2026, down from 2.3 years in 2019. [12]

Jamie Dimon said it plainly on JPMorgan’s earnings call: “AI’s made it worse, it’s made it harder. It does create additional vulnerabilities.” When the CEO of the world’s largest bank by market cap recalibrates his security posture in public, that’s signal worth reading. [13]

Larry Dignan at Constellation Research probably had the most balanced take: Project Glasswing is “both genuinely useful for the industry and very good marketing for Claude.” Both things can be true simultaneously. In my experience, they usually are.

The Missing Conversation

I’ve spent 16 years building engineering teams that modernize legacy software. We work across healthcare, financial services, insurance, and private equity portfolio companies. I’ve watched the Mythos debate unfold with a very specific filter: what does this mean for the actual codebases we work inside every day?

The cybersecurity community is having a cybersecurity conversation. Should Anthropic have released the model? Is the disclosure timeline adequate? Are the claims exaggerated? These are valid questions. But they’re questions about the tool. Nobody is asking the question about the material the tool operates on.

The material is the legacy stack. And the legacy stack was already in trouble before Mythos existed.

David Lindner, who has spent 25 years in cybersecurity and runs security at Contrast, captured the core issue: “We’ve never had a problem finding vulnerabilities. We actually have a pile of them that we just don’t fix.” That pile is security debt. Veracode puts the average fix time at 252 days. Half of all organizations carry what Veracode classifies as critical security debt. Seventy percent traces to third-party code the team didn’t write. [14][15]

The reason that pile doesn’t shrink isn’t negligence. It’s architecture. I see this in nearly every engagement we run. End-of-life components that will never receive another patch because the vendor stopped supporting them. Monolithic codebases where fixing one module means regression-testing seven others. Frameworks three major versions behind where the upgrade itself becomes a multi-month initiative. The security team knows what’s broken. The engineering team knows fixing it means touching things that are load-bearing. So the ticket stays open.

SQL Server 2016 loses support on July 14. Windows Server 2012 R2 extended security updates expire October 13. Exchange Server 2016 and 2019 already went out of support last October. After those dates, every new CVE against those systems is permanent. No patch is coming. Sixty-two percent of organizations still run legacy systems. [16][17]

Now add the Mythos variable. Control Risks, the global advisory firm, published the line that should matter most to enterprise leaders: “Legacy technology, industrial control systems, firmware, and other frequent items in the technical debt register will be left behind. This likely will change the immediacy of buying down that debt.” Glasswing protects the 40 organizations inside the program. [18]

Bradley Smith at BeyondTrust articulated the downstream effect: when AI automates vulnerability discovery at low cost, “targets that were never worth the effort for elite attackers become viable for commodity ransomware operators overnight.” He named the targets specifically: mid-market companies, regional health systems, critical infrastructure supply chains. [19]

This is the part that connects the Mythos debate to the real decision on every CTO’s desk. Whether Anthropic’s motives are altruistic, commercial, or both doesn’t change the underlying math. AI is discovering flaws in hours. Enterprises are fixing them in months. And the systems generating the most debt are the ones that structurally cannot speed up without changing the stack.

Running SQL Server 2016, .NET Framework, or Windows Server 2012 in production?

Ideas2IT’s $0 Legacy Exposure Assessment maps your vulnerability surface in one week.Book the assessment →

The Problem Mythos Made Visible

At Ideas2IT, we’ve been working at the intersection of AI and legacy modernization since well before Mythos made it a headline. LegacyLeap, our agentic application modernization platform, was built to solve the exact problem the Mythos discourse is now surfacing: legacy systems generate security debt faster than engineering teams can service it manually. The only way to change the economics is to automate the discovery and accelerate the remediation.

We built LegacyLeap, our agentic application modernization platform, because we kept seeing the same pattern. A client calls after a security audit or a compliance review flags something they can’t remediate on the current stack. The team knows the vulnerability exists. The architecture makes fixing it expensive and risky. The real question is always the same: do we upgrade the component, or do we rebuild?

Security has been the number one entry point for LegacyLeap engagements. Before Mythos, before Glasswing, before the Treasury meeting, the CTOs we work with were already telling us: we know the stack is a liability, we need a way to quantify the exposure so the board will fund the work. Mythos didn’t teach us this. It confirmed what we’ve been seeing for years.

In practice, two patterns work. The right choice depends on how critical the system is, what regulatory pressure looks like, and how much runway the EOL calendar leaves.

Full-stack modernization retires the legacy architecture entirely. Supported frameworks. Cloud-native security. Zero-trust identity. This eliminates the debt at the source. It takes six to eighteen months and real investment. But the comparison has changed. IBM’s 2025 breach report puts the average U.S. breach at a record $10.22 million. When you set a $3M modernization next to a single incident on the old stack, the conversation shifts. [16]

Targeted version upgrade with AI-powered security hardening is the surgical option. You take every component to the latest supported version, which closes the end-of-life window and restores patch eligibility. Then you run an AI-powered security assessment against the upgraded codebase to find and fix what’s exploitable. This makes the debt serviceable while the organization plans the larger modernization.

Both paths start with the same week of work: mapping the full legacy estate, cataloging component versions against EOL databases, surfacing known CVEs by severity, and building a prioritized remediation roadmap. LegacyLeap compresses that discovery from the traditional six to eight weeks into one. The engineering team that executes on the roadmap consists of Forward Deployed Engineers who join the client’s environment on day one. Their codebase. Their standups. Their OKRs. The deliverable is working, secure software.

We built this capability because we saw this inflection coming. Security has been the number one entry point for LegacyLeap engagements. Before Mythos, before Glasswing, before the Treasury meeting, the CTOs we work with were already telling us the same thing: we know the stack is a liability, we just need a way to quantify it that gets the board to move.

The team that executes on the roadmap is a Forward Deployed Engineering team. They join the client’s environment on day one. Their codebase. Their standups. Their OKRs. The output is working, secure software.

Anthropic set a 90-plus-45-day disclosure timeline. OpenAI is racing to broaden access to comparable tools. Alex Stamos estimates six months before open-weight models reach similar capability. The CSA/SANS paper gives CISOs a 90-day action window. Every one of these timelines says the same thing: the cost of waiting is going up faster than the cost of moving. [8][21]

History is specific about what happens when security debt compounds unchecked. Equifax lost $750 million over an unpatched Apache Struts vulnerability. The NHS lost £92 million and cancelled 19,000 appointments when WannaCry hit systems still running Windows XP. In both cases, the vulnerability was known and the patch existed but the architecture made deploying it impractical in time. [22][23]

The organizations that use this window to quantify their exposure, make the business case, and start the work will be in a fundamentally different position by Q4 and gain the ability to respond to the next wave of AI-discovered CVEs in days. That’s the opportunity Mythos created.

The debate over Anthropic’s motives will continue. The security community will keep pressure-testing the claims. That’s healthy. But while that conversation plays out, your Microsoft support dates don’t move and your security debt doesn’t pause. Now the AI capability powering vulnerability discovery is getting cheaper and more available every month.

‍If you want to know exactly where your stack stands, we can show you in a week.
$0 Legacy Exposure Assessment‍

What you get:

• component-level inventory mapped against EOL dates and known CVEs.
• Severity-ranked remediation roadmap with full-modernization and version-upgrade paths costed.
• Cost-of-inaction estimate calibrated to your stack.

Book the assessment →

‍

References

[1] CNBC, "Jamie Dimon says Anthropic's Mythos reveals 'a lot more vulnerabilities' for cyberattacks" cnbc.com/2026/04/14/jamie-dimon-anthropic-mythos-vulnerabilities-cyber-attacks.html

[2] CNBC, "Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks" cnbc.com/2026/04/10/powell-bessent-us-bank-ceos-anthropic-mythos-ai-cyber.html

[3] Yahoo Finance / AFP, "Mythos AI alarm bells: Fair warning or marketing hype?" uk.finance.yahoo.com/news/mythos-ai-alarm-bells-fair-221054122.html

[4] Cloud Security Alliance / SANS, "The AI Vulnerability Storm: Building a Mythos-Ready Security Program" cloudsecurityalliance.org/press-releases/2026/04/14/

[5] Schneier on Security, "On Anthropic's Mythos Preview and Project Glasswing" schneier.com/blog/archives/2026/04/on-anthropics-mythos-preview-and-project-glasswing.html

[6] AISLE, "AI Cybersecurity After Mythos: The Jagged Frontier" aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-frontier

[7] The Hacker News, "OpenAI Launches GPT-5.4-Cyber with Expanded Access" thehackernews.com/2026/04/openai-launches-gpt-54-cyber-with.html

[8] Fortune, "Anthropic caused panic that Mythos will expose cybersecurity weak spots" fortune.com/2026/04/13/cybersecurity-anthropic-claude-mythos-dario-amodei-tech-ceo/

[9] Veracode, "Breaking Free from Security Debt: 2025 State of Software Security" veracode.com/blog/breaking-free-from-security-debt/

[10] Anthropic Red Team, "Assessing Claude Mythos Preview’s cybersecurity capabilities" red.anthropic.com/2026/mythos-preview/

[11] CyberScoop, "Here’s how cyber heavyweights are dealing with Claude Mythos" cyberscoop.com/claude-mythos-ai-cybersecurity-threat-report/

[12] Control Risks, "What does the Anthropic Mythos Disclosure Mean for Cyber Risk Governance?" controlrisks.com/our-thinking/insights/what-the-anthropic-mythos-disclosure-means-for-cyber-risk-governance

[13] Saritasa, "Legacy Software Modernization in 2025: Survey of 500+ U.S. IT Pros" saritasa.com/insights/legacy-software-modernization-in-2025-survey-of-500-u-s-it-pros

[14] SC Media, "CISOs: Revamp security programs in the wake of Claude Mythos" scworld.com/news/cisos-revamp-security-programs-in-the-wake-of-claude-mythos

[15] Microsoft Learn, "SQL Server 2016 / Windows Server 2012 Lifecycle" learn.microsoft.com/en-us/lifecycle/products/windows-10-home-and-pro

[16] IBM, "2025 Cost of a Data Breach Report / 2026 X-Force Threat Index" newsroom.ibm.com/2026-02-25-ibm-2026-x-force-threat-index

[17] Platformer, "Why Anthropic’s new model has cybersecurity experts rattled" platformer.news/anthropic-mythos-cybersecurity-risk-experts/

[18] Wikipedia / U.S. House Oversight, "2017 Equifax data breach" en.wikipedia.org/wiki/2017_Equifax_data_breach

[19] Kaspersky, "Ransomware WannaCry: All you need to know" kaspersky.com/resource-center/threats/ransomware-wannacry

‍