Anthropic has introduced Claude Mythos, a new AI model that the company says could mark a turning point for IT security. The model is said to be extremely good at finding security vulnerabilities – and that is exactly why Anthropic is not releasing it to the public yet. At the moment, that would simply be too risky.

Anthropic says Mythos has found zero-day vulnerabilities in all major operating systems and browsers, including very old and hard-to-detect flaws. Among the examples cited are a 27-year-old OpenBSD vulnerability, a 16-year-old FFmpeg flaw and a 17-year-old FreeBSD vulnerability that allegedly allowed root access over the network. The real danger is that Mythos may not only be able to identify vulnerabilities, but also create complex exploits.

According to Anthropic, more than 99% of the vulnerabilities found are still unpatched, which is why the company does not yet want to make Mythos public. If a model like this were to end up in the wrong hands without proper controls, attackers could turn vulnerabilities into real attacks more quickly, even before security updates are available. Instead, Anthropic is launching Project Glasswing, a controlled rollout for selected partners aimed at defensively securing critical software before similar capabilities become more widely available.

Anthropic’s Mythos model is already being discussed on Reddit. Many see the announcement primarily as a strong marketing move and doubt the claimed capabilities. At the same time, there is also concern that AI could increasingly help attackers find and exploit security vulnerabilities in the future.