Anthropic has revealed plans to eventually release its powerful Mythos-class AI models to the public once stronger safety protections are in place, marking a major development in the growing intersection between artificial intelligence and cybersecurity.
The announcement came as part of an update on Project Glasswing, Anthropic’s restricted-access initiative that currently gives only select partners access to the advanced AI system.
For now, the company says safeguards capable of preventing large-scale misuse still do not exist not at Anthropic or elsewhere in the industry.
What Anthropic Mythos Actually Does
Anthropic Mythos is designed to identify security vulnerabilities in software code at massive scale. The company first introduced the model in April 2026 but chose not to release it publicly due to fears that cybercriminals could weaponize the technology to rapidly discover and exploit flaws before developers could issue patches.
Instead, access has been limited through Project Glasswing to vetted organizations and trusted partners.
According to Anthropic, Mythos has already scanned more than 1,000 open-source software projects that support both major internet infrastructure and Anthropic’s own systems.
The results have been significant.
The company says the model identified:
- 23,019 total vulnerabilities
- 6,202 estimated high or critical flaws
- 1,752 verified high or critical vulnerabilities
- 1,587 confirmed valid flaws
- 1,094 confirmed high or critical severity issues
Anthropic says the findings demonstrate both the promise and danger of highly capable AI-driven cybersecurity systems.
Critical wolfSSL Vulnerability Discovered
One of the most serious discoveries made by Anthropic Mythos involved the widely used wolfSSL cryptography library.
The flaw, tracked as CVE-2026-5194, reportedly could have allowed attackers to forge digital certificates and impersonate trusted online services such as banks or email providers.
Anthropic says Mythos successfully constructed a working exploit demonstrating how attackers could abuse the vulnerability.
Because wolfSSL is embedded in billions of devices worldwide, the potential impact was severe.
The vulnerability has since been patched, and Anthropic says it plans to publish a deeper technical analysis in the coming weeks.
Why Anthropic Restricted Access
Anthropic’s cautious approach reflects growing concern inside the AI industry that advanced models could dramatically accelerate cyberattacks if released irresponsibly.
The company acknowledged that even less powerful AI systems are already capable of helping attackers identify software weaknesses more quickly than before.
With Mythos, the scale increases dramatically.
Anthropic says some organizations participating in Project Glasswing have struggled to keep up with the sheer number of vulnerabilities the model surfaces.
In some cases, maintainers reportedly asked Anthropic to slow disclosure rates because patching teams became overwhelmed.
The issue comes at a time when many open-source maintainers are already dealing with a flood of AI-generated bug reports — some useful, many low quality.
The Growing AI Security Arms Race
Anthropic says it carefully verifies vulnerabilities with the security community before reporting them to maintainers.
So far:
- 530 high or critical flaws have been disclosed
- 75 vulnerabilities have been patched
- 65 public advisories have been released
The relatively low patch count does not necessarily indicate failure. Anthropic notes that many disclosures are still within the standard 90-day Coordinated Vulnerability Disclosure window.
The broader implication is more significant.
AI systems are rapidly changing the economics of cybersecurity. Defensive teams may soon face an environment where attackers can discover exploitable flaws faster than organizations can fix them.
Several governments have already reacted to the emergence of Mythos-class systems.
According to Anthropic:
- Japan ordered large-scale security reviews
- India pushed financial institutions to accelerate patching efforts
These responses suggest policymakers increasingly view advanced AI cybersecurity tools as both strategic assets and emerging risks.
Anthropic Plans Wider Access Later
Anthropic says it plans to expand Project Glasswing access to additional partners, including governments in the United States and allied countries, before eventually making Mythos-class systems more broadly available.
However, the company has not provided a release timeline.
Anthropic also admits that no existing safeguard system is currently strong enough to fully prevent misuse.
That acknowledgment highlights a difficult challenge facing AI companies: balancing the defensive value of advanced security models against the risk that attackers could use the same systems offensively.
What This Means for Developers and Security Teams
Even without a public release of Mythos, cybersecurity experts increasingly expect AI-assisted vulnerability discovery to become standard across both defensive and offensive operations.
Organizations may need to adapt by:
- Accelerating patch management
- Increasing automated security testing
- Using AI-assisted defensive tooling
- Improving coordinated disclosure processes
- Expanding software auditing efforts
Anthropic itself recommends that overwhelmed defenders consider AI-powered development and patching tools, including capabilities available through its Claude platform.
The rise of models like Mythos suggests the software security landscape may be entering a new phase — one where AI systems dramatically increase both the speed of discovering vulnerabilities and the pressure on organizations to respond before attackers do.
