Anthropic's Mythos AI — built to find zero-day exploits — is coming to the public

Anthropic confirmed this week that its Mythos-class AI models — a tier of capability so powerful that the company initially refused to release them publicly — will reach all customers within the coming weeks. The announcement accompanied the launch of Claude Opus 4.8 and marks a significant escalation in what AI systems are permitted to do autonomously.

What Mythos can do

When Anthropic first unveiled the Mythos Preview in April 2026, it withheld a general release for one explicit reason: the model can autonomously discover and exploit zero-day vulnerabilities across major operating systems, web browsers, and critical software — faster than human security researchers. Mozilla's Firefox alone had already incorporated over 200 fixes identified by Mythos Preview during the restricted access period.

At the time, Anthropic warned that "the advantage will belong to the side that can get the most out of these tools" and that in the short term, careless release could benefit attackers before defenders catch up. The company restricted access to "Project Glasswing" — a curated group of cybersecurity organizations and researchers using the model strictly for defensive purposes: finding and patching vulnerabilities in critical infrastructure before wider release.

Why the rollout is happening now

Anthropic says it has made "swift progress" on safety guardrails sufficient to prevent misuse at scale. The company has not specified what those guardrails are in technical detail, but the public announcement in the Claude Opus 4.8 blog post signals that internal safety evaluations have cleared the threshold required for broader release.

The Mythos model represents a significant capability jump above Opus 4.8 — Anthropic describes it as showing "major improvements in code reasoning and autonomy." It briefly appeared for some users in the Claude Code interface before being pulled offline, suggesting staged testing has been underway.

The security calculus

The broader release of a model capable of autonomous exploit discovery presents a genuine dual-use challenge. On the defensive side, the ability to continuously probe codebases for vulnerabilities before they ship is enormously valuable — the kind of systematic pre-deployment security scanning that most organizations currently cannot afford or staff. On the offensive side, the same capability in the wrong hands could compress the timeline for developing working exploits against unpatched software.

Anthropic's position is that defenders, who can use the model at scale and continuously, will ultimately benefit more than attackers — but the interim window between broad release and universal patching is the period of highest risk. Security teams should treat the coming weeks as a reason to accelerate patch cycles and triage backlogs.

Whether Mythos will ship as a standalone model, a Claude Code capability, or a specialized security product remains unclear from the announcement.

Source: BleepingComputer, Anthropic blog