Anthropic Built Its Most Capable AI Model Ever — Then Locked It Away

By Hector Herrera | April 14, 2026 | Security

Anthropic has unveiled Claude Mythos Preview, its most capable model to date — and immediately withheld it from the public after the model autonomously discovered tens of thousands of zero-day vulnerabilities across every major operating system and browser. The decision marks the first time a leading AI lab has voluntarily restricted a flagship model on safety grounds before public release.

What Happened

According to TechCrunch, Anthropic introduced Claude Mythos Preview with benchmark scores that outpace any previously released model: 93.9% on SWE-bench Verified (a software engineering benchmark measuring real-world coding ability) and 97.6% on USAMO 2026 (the USA Mathematical Olympiad, a competition-level math test). Both scores represent meaningful jumps over Claude's previous generation and the published results of competing models.

During internal testing and early preview work, Mythos discovered tens of thousands of previously unknown zero-day vulnerabilities — security flaws with no existing patch — spanning every major operating system and browser. Among them: a 27-year-old flaw in OpenBSD, an open-source operating system used widely in security-critical infrastructure.

Anthropic has not published the vulnerability list publicly, which is consistent with responsible disclosure practices. The sheer volume — described as "tens of thousands" — is what makes this categorically different from prior AI security research.

Context

Zero-day vulnerabilities (called "zero-days" because there are zero days between discovery and potential exploitation) are the most valuable and dangerous class of security flaw. Before this disclosure, AI-assisted vulnerability discovery was known to be effective at finding individual flaws. Finding tens of thousands — across multiple operating systems and browsers simultaneously — suggests Mythos is operating at a different scale than prior security-focused AI tools.

The 27-year-old OpenBSD flaw is a particularly striking data point. OpenBSD has a long-standing reputation for aggressive security auditing. Its codebase has been reviewed by human security researchers for nearly three decades. A model finding a flaw that survived that scrutiny signals that AI vulnerability discovery is reaching qualitatively new territory.

The Glasswing Response

Rather than delaying release or quietly shelving the model, Anthropic launched Project Glasswing — a controlled access program limiting Mythos to 50 organizations for defensive security work only. Confirmed participants include Amazon, Apple, Microsoft, and CrowdStrike, among others not yet disclosed.

The program is explicitly framed as defensive: participants are given access to help patch and remediate the discovered vulnerabilities, not to exploit them. Anthropic is, in effect, deploying the model as a defensive tool before its vulnerabilities can be weaponized by bad actors who might independently discover the same flaws.

This is a significant operational choice. The standard playbook for AI labs is to release capable models publicly or via API and rely on usage policies and monitoring to prevent misuse. Anthropic is doing neither here — it is actively controlling access at the organization level and vetting use cases before granting it.

Why This Is Different

Most AI safety restrictions to date have been about content: preventing models from generating harmful text, instructions for weapons, or CSAM (child sexual abuse material). Those restrictions apply to what a model says.

The Mythos restriction is about what a model can do. A model that can autonomously identify tens of thousands of exploitable vulnerabilities across major software platforms is a dual-use system in the most literal sense: the same capability that finds vulnerabilities defensively can be used offensively. Anthropic is treating that dual-use risk as a reason to restrict access rather than add a warning label.

This is also the first time a frontier lab has restricted a flagship model — not a research prototype, not an experiment — on safety grounds. Every previous frontier model from Anthropic, OpenAI, Google, and Meta has been released publicly or via API. Mythos Preview has not.

Impact

For enterprise security teams: The 50 organizations in Project Glasswing are getting early access to the most capable vulnerability discovery tool ever built. Organizations outside that group should expect that some of the discovered vulnerabilities will affect their infrastructure and watch for patches from OS and browser vendors over the coming months.

For software vendors: If Mythos discovered tens of thousands of zero-days across major platforms, coordinated disclosure and patching is now underway. Security teams at Microsoft, Apple, Google, and major Linux distributions should anticipate a higher-than-normal patch volume in the coming quarter.

For AI competitors: The benchmark scores — 93.9% on SWE-bench, 97.6% on USAMO — set a new public performance ceiling. Competing labs will now work toward those numbers. Whether they match Anthropic's approach of restricting a model with dangerous dual-use potential remains to be seen.

For AI governance: Voluntary restriction of a flagship model is the kind of precedent that AI governance frameworks have been trying to establish through policy. Anthropic doing it unilaterally — and publicly — creates a reference point for what responsible frontier AI deployment looks like when a model's capabilities exceed what's safe to release broadly.

What to Watch

The critical question is how long the Glasswing restriction holds. Patching tens of thousands of zero-days is a months-long process across dozens of vendors. Anthropic will face commercial pressure to release Mythos broadly — a model scoring this high on benchmarks would generate significant API revenue. Watch for signals about a public release timeline once the remediation window closes.

Also watch for the response from other frontier labs. If Mythos's capabilities represent the current frontier, models with similar capabilities are likely in development elsewhere. Whether those labs adopt similar voluntary restrictions — or release without them — will shape the next phase of AI security policy.

Hector Herrera covers AI security and frontier model development for NexChron.