Anthropic’s powerful new AI model raises concerns about high-tech risks

Anthropic announced Claude Mythos Preview in April 2026 — a new AI model that represents what they call a "step change" in capability (Source 36). The model belongs to a new tier called Capybara, positioned above their previous top-tier Opus models (Source 36). Unlike typical AI releases where anyone can sign up and use the model, Anthropic is restricting Mythos to roughly 40 organizations through an invitation-only program called Project Glasswing (Source 40).

The reason for the lockdown: Mythos is exceptionally good at finding and exploiting software vulnerabilities. Anthropic claims the model has already discovered "thousands of severe security vulnerabilities in every major operating system and web browser" (Source 39). The company's blog post stated that "AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities" (Source 39).

How we found out: The model's existence leaked in late March when Fortune discovered nearly 3,000 unpublished files sitting in a publicly accessible data cache due to what Anthropic called "human error" (Source 36). The cache included draft blog posts describing Mythos and the Capybara tier. After Fortune contacted them, Anthropic secured the data store and confirmed the model's development (Source 36).

Who gets access: The initial launch partners include Apple, Google, Microsoft, Amazon Web Services, Nvidia, CrowdStrike, Palo Alto Networks, Cisco, Broadcom, JPMorgan Chase, and the Linux Foundation (Source 39). These companies are testing Mythos specifically for defensive security work — finding and patching vulnerabilities before malicious actors can exploit them. Anthropic is providing $100 million in usage credits for Mythos and $4 million in donations to open-source security organizations (Source 39).

This is the first time a major AI company has withheld a model specifically because it's too good at something dangerous. Previous AI safety concerns centered on content generation (misinformation, harmful instructions) or theoretical future risks. Mythos represents a concrete, immediate threat: an AI that can systematically find zero-day vulnerabilities — security flaws unknown to the software makers — faster than human security researchers. For context, a single zero-day exploit can sell for hundreds of thousands of dollars on underground markets, and nation-state hackers spend years hunting for them (Source 39).

The uncomfortable truth: Anthropic can't stop others from building similar models. By restricting Mythos, they've given defenders a head start, but the underlying AI techniques aren't secret. Other labs — including adversarial ones — can train models on the same publicly available security research, exploit databases, and coding tutorials. Amy Herzog from Amazon Web Services called it a "step-change in reasoning and AI capabilities for cybersecurity," meaning this isn't incremental progress — it's a capability threshold being crossed (Source 39). The window where only the good guys have this tool is measured in months, not years.

For the average person: This affects you whether you know it or not. The software running your phone's operating system, your web browser, your bank's app — all contain undiscovered security holes. Mythos is now systematically finding them. If the Project Glasswing companies patch quickly, your devices become more secure. If bad actors build competing tools first, every app you use becomes more vulnerable. Anthony Grieco from Cisco noted that "AI-powered analysis uncovers data at a scale and depth that legacy frameworks were not designed to accommodate" — meaning the sheer volume of vulnerabilities being discovered is overwhelming existing security processes (Source 39).