The most dangerous AI ever built is already in the wild — just not for you

Anthropic built an AI that can hack anything. Then they decided not to release it.

Apr 16, 2026

Claude Mythos hero image — Anthropic's restricted AI model for cybersecurity and zero-day vulnerability discovery — Claude Mythos: Anthropic’s most capable model ever built — and the one they decided the world isn’t ready for.

Anthropic just unveiled the most capable AI model they’ve ever built. They also announced — in the same breath — that you can’t have it.

That’s not a PR stunt. It’s a calculated decision rooted in a pretty uncomfortable fact: Claude Mythos is too good at breaking things.

Here’s what it actually is, what it can do, and why this moment matters more than most AI announcements.

What Is Claude Mythos?

Claude Mythos is Anthropic’s newest flagship model — a tier above Opus, built for general intelligence but startlingly capable at one specific domain: cybersecurity.

Announced on April 7, 2026, Mythos Preview isn’t available on Claude.ai. It’s not available in the API. It was quietly handed to roughly 50 organizations operating critical infrastructure, with $100M in model usage credits attached.

The organizations on that list: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.

Anthropic called the initiative Project Glasswing.

The framing: give defenders access before attackers figure out how to build something similar. Use the most powerful offensive tool to shore up defenses before the window closes.

Project Glasswing — Anthropic restricts Claude Mythos AI access to AWS, Apple, Microsoft, NVIDIA, and critical infrastructure partners for cybersecurity defense — Project Glasswing: ~50 organizations — including AWS, Apple, Microsoft, and NVIDIA — received exclusive access to Claude Mythos Preview for defensive cybersecurity research.

What Can It Actually Do?

This is where it gets serious.

Claude Mythos can autonomously find and exploit zero-day vulnerabilities — previously unknown security flaws — in real production code. Not CTF puzzles. Not sandboxed test environments. Real software running on real systems.

It found critical vulnerabilities in every major operating system and every major web browser.

The headline find: a 17-year-old remote code execution bug in FreeBSD (CVE-2026-4747). The flaw lived in FreeBSD’s NFS server. Mythos didn’t just find it — it wrote a working exploit: a 20-gadget ROP chain split across multiple packets that gives an unauthenticated attacker complete root access to the server.

That bug sat undetected in production code for 17 years. Mythos found it and weaponized it, autonomously, in a research setting. It found a needle in a haystack, then turned that needle into a sword.

The UK’s AI Safety Institute evaluated Mythos Preview separately and confirmed the capabilities. The U.S. Federal Reserve and Treasury held an emergency meeting to assess the implications for critical infrastructure.

On April 12, Anthropic delayed the restricted preview indefinitely.

Claude Mythos autonomously discovers zero-day exploits — CVE-2026-4747 FreeBSD remote code execution vulnerability found by Anthropic AI — Claude Mythos autonomously identified CVE-2026-4747 — a 17-year-old FreeBSD remote code execution vulnerability — and wrote a working exploit without human assistance.

Why Won’t They Release It?

Because the offense/defense math doesn’t work in their favor.

The defenders on the Project Glasswing list are big, well-resourced, and already thinking about these threats. But the list of potential attackers — nation-states, criminal organizations, anyone with API access — is effectively unlimited.

Releasing a model that can autonomously find exploitable zero-days in any piece of software running anywhere in the world isn’t a product decision. It’s a geopolitical one.

Anthropic’s position: restrict access to the organizations responsible for securing the most critical systems, use that access to patch the worst vulnerabilities before the window closes, and keep Mythos out of general circulation indefinitely.

There’s no public release roadmap. No API access date. The model exists. It works. And Anthropic has decided that’s where it stays.

Claude Mythos access gap — Big Tech AI advantage vs solopreneurs and small businesses using last year's models — The Mythos access gap: a small cohort of the world’s largest companies now operates with a categorically different tier of AI intelligence — while everyone else waits.

Why This Matters Beyond Cybersecurity

Mythos isn’t primarily a security tool. It’s Anthropic’s most capable general-purpose model.

The cybersecurity capabilities are the headline because they’re the reason for the restricted access. But Mythos is described as a “generational leap” in reasoning and coding — the same underlying capabilities that make it dangerous in offensive security contexts make it extraordinarily powerful everywhere else.

That gap — between what’s possible and what’s accessible — is the real story here. A small cohort of the world’s largest companies just got exclusive access to the most powerful AI model ever built. The rest of the market is working with last year’s models while that cohort uses something categorically different.

That’s the access gap. And it’s already open.

For the full breakdown of what the Mythos access gap means for founders and solopreneurs — and what you can actually do about it — read the companion piece: Claude Mythos and the Solopreneur Access Gap.

Sources: Anthropic red.anthropic.com · Project Glasswing · The Hacker News · VentureBeat · AISI Evaluation

Artificially Intimidating

Discussion about this post

Ready for more?