Anthropic Restricts Access to Claude Mythos Over Global Cybersecurity Risks

Anthropic has effectively paused the public release of Claude Mythos, acknowledging a simple fact: a model capable of systematically finding and chaining together critical vulnerabilities can be useful to defenders, but in the wrong hands quickly becomes a tool for attacks. The situation was exacerbated by reports of unauthorized access to Mythos by a small group of users. If even a closed system is difficult to keep under control, the question is no longer whether such capabilities will appear on the market, but who will prepare first.

Mythos is Anthropic's new model, presented on April 7, 2026. The company claims it can find and potentially exploit zero-day vulnerabilities in key operating systems and browsers. These are defects that developers don't yet know about and consequently haven't fixed.

According to Anthropic itself, some of the problems discovered remained undetected for ten, twenty, and even twenty-seven years. In its technical report, the company writes that Mythos was able to automatically build complex exploits, including combining multiple vulnerabilities into a single chain. This is precisely why the model was not released for public access: the risk is too high that such capabilities will be used not only for defense but also for hacking.

At the same time, Anthropic did not completely hide Mythos. About 40 companies and organizations from the technology, infrastructure, and financial sectors gained access through Project Glasswing to find weaknesses in critical systems before similar tools become widespread. Major players have already gathered around the project, and authorities and regulators began discussing not an abstract threat but quite practical scenarios: what will happen if such a tool ends up with attackers.

Banks' interest in the topic is understandable. In the worst case, attacks on critical services could lead to outages in online banking, payments, ATMs, and related settlement chains. Even without a catastrophic scenario, the mere fact of such a tool's existence changes the balance between the speed of vulnerability discovery and the speed of its remediation.

Concerns intensified after reports that several people may have gained unauthorized access to Mythos through the closed environment. Anthropic stated it is investigating this incident. For the industry, this is an alarming signal on two levels.

First, even a limited release does not guarantee complete model isolation. Second, the more valuable and dangerous such systems are, the higher the incentive to bypass organizational and technical barriers. Against this backdrop, the key question shifts from "how powerful is the model itself" to "how reliably is the environment around it structured" — from access control and action auditing to rules for disclosing discovered vulnerabilities.

However, there is an important caveat around Mythos. Independent assessments confirm a notable leap in the model's cyber capabilities, but do not provide grounds for unwarranted panic. The British AI Security Institute reported that Mythos was the first model to completely pass their 32-step corporate attack simulation, although in only 3 out of 10 attempts.

On expert-level tasks like capture-the-flag, the model showed a 73% success rate. But the institute itself separately emphasizes: these tests were conducted in vulnerable and poorly protected environments, without active defenders and without a full set of monitoring tools. In other words, it is not about proven ability to breach any well-protected bank or cloud at the push of a button, but that the threshold for complex attacks is rapidly lowering.

Additionally, some researchers believe that Mythos is not a magical break with the previous generation, but an acceleration of an already underway trend: other, cheaper models are also learning to find individual dangerous bugs, albeit less stably and worse at long multi-step scenarios. The main conclusion is simple: Claude Mythos is important not as a singular sensation, but as a signal of a new phase in cybersecurity. If such models truly can find weaknesses faster than people and increasingly turn them into working attack chains, companies will need to accelerate patch management, strengthen access control, logging, and internal response processes.

And for regulators and AI companies themselves, it is also a question of governance: who gets access to systems of this level, under what rules, and what will happen when similar capabilities appear with competitors or in open models.