Anthropic Deems Mythos Too Dangerous: Model Can Compromise Core Systems

Anthropic has effectively paused the standard launch scenario for a new AI model: after internal review, the company determined that Mythos is too dangerous for a general release. According to assessments by Anthropic's own specialists, the model is capable not just of helping with code, but of independently discovering and exploiting critical vulnerabilities in the software infrastructure upon which a significant portion of the modern digital economy depends. For this reason, Mythos was not released into public access but was transitioned into a strictly limited-use regime.

An alarming signal emerged even at the stage of internal testing. One of Anthropic's security researchers, Nicholas Carlini, obtained early access to Mythos and began testing how far the model could go in attack scenarios. The results proved so powerful that the company quickly moved from standard model quality assessment to discussions of potential damage in the event of a leak or mass access.

In subsequent technical materials, Anthropic clarified that Mythos is capable of discovering and then exploiting zero-day vulnerabilities in every major operating system and every major web browser, if the user sets such a task. This is not about minor bugs, but about fundamental layers of computational infrastructure. Anthropic asserts that the model has already found thousands of serious vulnerabilities, including issues in the Linux kernel, FFmpeg, OpenBSD, FreeBSD, and other components upon which servers, clouds, enterprise networks, and user devices depend.

Some of the discovered weaknesses have existed for decades: for instance, the company separately mentioned an already-patched 27-year-old error in OpenBSD and an old vulnerability in FFmpeg that automated tools had previously overlooked. Another important point: Mythos is capable not only of identifying a problem but of assembling a functional exploitation chain, combining multiple weaknesses into a complete attack scenario. Anthropic's own specialists emphasize that the model was not specially trained to be a "hacker."

These capabilities, according to the company, emerged as a side effect of the general improvement in programming quality, reasoning, and autonomous work. This is precisely what looks most troubling for the market: dangerous cyber capabilities emerge not in a narrow military-specialized system, but in a universal cutting-edge model. Moreover, Anthropic described cases where employees with no formal experience in offensive security ran Mythos overnight and by morning had a working exploit ready.

This dramatically lowers the bar for entry: what previously required rare expertise now increasingly becomes a matter of the correct prompt and computational resources. Instead of a public launch, the company opened Project Glasswing—a closed program through which access to Mythos was granted to major technology and cybersecurity players, as well as more than 40 organizations supporting critical software. Among the partners named were Amazon, Apple, Google, Microsoft, Cisco, CrowdStrike, Palo Alto Networks, Linux Foundation, and JPMorgan Chase.

Anthropic pledged to allocate up to $100 million in computational credits for this work and an additional $4 million in direct support to open source security organizations. The logic is straightforward: first give defenders time to close as many holes as possible in the general digital foundation, and only then think about broader distribution of such models. This story quickly extended beyond a single company.

On April 7, 2026, U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened a closed meeting with leaders of the largest banks to discuss risks associated with Mythos and models of this class.

The European Central Bank began collecting information on how prepared banks were for this new type of threat, and the Bank of England publicly called for faster clarity on the implications of such systems for financial stability. The reason is clear: banks, government agencies, and critical infrastructure operators continue to depend on complex, often outdated stacks, where one successful vulnerability chain could strike multiple services simultaneously. The key takeaway here is not that Anthropic created a "too smart" model, but that the industry apparently entered a new phase of cyber risk.

Mythos became a rare example of when a developer self-limited a release due to the offensive capabilities of its own product. But even more important is this: even if this particular model remains under control, its class of capabilities will likely soon cease to be unique. This means the debate is no longer about whether to release Mythos into public access, but whether companies, banks, and governments will manage to rebuild their defenses before such tools fall into the wrong hands.