Anthropic Withholds Claude Mythos from Public Over Zero-Day Exploit Risks

Anthropic will not release its Claude Mythos model to the general public after internal testing found it could autonomously discover and exploit thousands of previously unknown software vulnerabilities. The decision is the first time a major AI lab has voluntarily withheld a finished frontier model from general release specifically because its offensive security capabilities are too dangerous.

Why this is different from a normal product delay

Most AI model delays are about performance — the model isn't good enough yet. This is the opposite. According to NBC News, Anthropic described Mythos as "strikingly capable" at security tasks in ways that "far exceed" any previous AI system. The company concluded that releasing a model this capable without restriction would pose unacceptable risk to public infrastructure.

What Mythos found

During internal testing, Mythos autonomously identified thousands of zero-day vulnerabilities — a term for software flaws that have not yet been publicly disclosed or patched, meaning attackers who know about them can exploit systems immediately with no defense available. These vulnerabilities spanned major operating systems and widely used web browsers.

The scale matters. Finding one zero-day in a mature, well-audited codebase is a significant achievement for a human security researcher. Finding thousands, autonomously, across multiple major platforms, represents a qualitative shift in what AI systems can do.

The staged release plan

Rather than a public launch, Anthropic is deploying Mythos through Project Glasswing — a restricted consortium of enterprise technology partners. Microsoft, Apple, Amazon, and Google are among the initial participants. Those firms will receive limited access to Mythos specifically to help identify and patch the vulnerabilities the model has already found, before those weaknesses can be exploited by bad actors.

The logic: use the dangerous capability to fix the problem it exposed, under controlled conditions, before it leaks into the open.

What this means for the security industry

The implications run in several directions:

• Defenders have a narrow window. The vulnerabilities Mythos found exist right now. Whether Glasswing partners can patch them before attackers independently discover the same flaws — or obtain Mythos access through other channels — is unknown. The race is already underway.
• A new precedent for voluntary restraint. AI companies have talked about safety-driven release decisions for years. This is one of the most concrete examples yet: a completed, commercially valuable model being withheld from the market over capability risk. How Anthropic navigates competitive pressure from labs that may make different choices will define whether this precedent holds.
• Enterprise access creates a two-tier world. Glasswing partners get the capability. Everyone else does not. That asymmetry has its own implications — for competitive advantage, for regulatory scrutiny, and for what happens when the next Glasswing-equivalent partner is breached.

What to watch

The critical near-term question is whether any of the identified zero-days surface in active exploits before patches are deployed. If they do, it suggests either a Glasswing security failure or that other researchers independently found the same vulnerabilities. Watch also for any public disclosure from Microsoft, Apple, Google, or Amazon about vulnerability patches that don't reference a specific researcher — that may be how Glasswing work shows up in the wild.

Longer term: whether other frontier AI labs follow Anthropic's lead, or whether competitive pressure makes voluntary restraint unsustainable.

Source: NBC News