Claude Mythos Preview Finds Thousands of Zero-Day Exploits

AI Pathfinder | Issue #42 | April 8, 2026

Also published on the AI Pathfinder LinkedIn Newsletter.

The cybersecurity landscape just experienced a seismic shift.

Anthropic recently dropped two massive announcements: an unreleased frontier model called Claude Mythos Preview, and a massive defensive coalition called Project Glasswing. The reason for the coalition? Mythos Preview is so good at finding and exploiting software vulnerabilities that Anthropic realized they couldn’t release it publicly without causing global chaos.

Here is a breakdown of what happened, why it matters, and what operators need to know about the new era of AI-driven cybersecurity.

The Mythos Preview Reality Check

Claude Mythos Preview is not just another incremental model update. It represents a threshold crossing in AI capabilities. When Anthropic tested Mythos Preview on real-world codebases, it autonomously found and exploited zero-day vulnerabilities in every major operating system and web browser.

We are not talking about simple bugs. Mythos Preview found a 27-year-old vulnerability in OpenBSD (an OS famous for its security) that allowed remote crashing. It found a 16-year-old bug in FFmpeg that automated testing tools had missed five million times. It even wrote a complex JIT heap spray that escaped browser sandboxes, and autonomously chained vulnerabilities in the Linux kernel to gain complete machine control.

The benchmarks back up the anecdotes. On SWE-Bench Pro, Mythos Preview scored 77.8% (up from Opus 4.6’s 53.4%). On Terminal-Bench 2.0, it hit 82.0%. Where Opus 4.6 turned Firefox JS engine bugs into working exploits 2 times, Mythos Preview did it 181 times. The model has moved beyond simply identifying bad code; it can now autonomously develop sophisticated exploits with zero human intervention after the initial prompt.

Claude Mythos Preview vs Opus 4.6 benchmark comparison chart — Project Glasswing coalition partners breakdown — Claude Mythos Preview vs. Opus 4.6: By the Numbers — Project Glasswing Coalition Partners

Project Glasswing: The Defensive Coalition

Because over 99% of the thousands of zero-day vulnerabilities Mythos Preview found are still unpatched, releasing the model to the public would be catastrophic. Instead, Anthropic launched Project Glasswing — a coordinated defensive initiative to patch critical infrastructure before the exploits become public knowledge.

This initiative brings together tech giants like AWS, Apple, Google, Microsoft, CrowdStrike, Cisco, NVIDIA, JPMorganChase, Palo Alto Networks, and Broadcom. These partners are getting early access to Mythos Preview to scan and secure their own critical infrastructure.

Anthropic is putting serious money behind this: committing up to $100M in usage credits for these defensive efforts, plus $4M in direct donations to open-source security organizations like the Linux Foundation and Apache. According to Anthropic’s Frontier Red Team assessment, the findings from these scans will be made public within 90 days, giving the industry a head start on patching.

The Internet Reacted — And It Was Not Quiet

When the news broke, it spread fast across Reddit, Hacker News, and tech forums. The reaction was polarized — and revealing. Here is a sample of what people were saying:

Reddit thread: Claude Mythos Preview just mass-produced zero-day exploits — Hacker News discussion about Project Glasswing cybersecurity implications — **Reddit thread:** “Claude Mythos Preview just mass-produced zero-day exploits. We’re not ready for this.” — The top comment cuts straight to the point: over 99% of the vulnerabilities found are still unpatched.

Reddit ELI5 thread about Anthropic Project Glasswing and Claude Mythos Preview — community reaction and debate about AI cybersecurity capabilities — **The ELI5 thread summed it up perfectly:** “RIP to all of the companies who aren’t getting $100M and a 90-day head start.” The debate about whether this is a genuine safety initiative or pre-IPO marketing theater is very much alive.

The skeptics raise a fair point: Anthropic is a company preparing for a potential IPO, and “our model is so dangerous we can’t release it publicly” is a compelling marketing narrative. But the partners who put their names on Project Glasswing — Apple, Google, Microsoft, NVIDIA — don’t attach their brands to things lightly. The product is real. The question is whether the framing is fear-based marketing or genuine caution. Probably both.

Your Key Takeaway: Defenders Must Move Faster

The internet reaction has been polarized. Some see this as a brilliant marketing ploy ahead of a potential IPO—“our model is so smart it’s dangerous.” Others recognize the genuine threat: if Anthropic has this AI cybersecurity capability today, open-source models and state-sponsored actors will have it tomorrow.

The reality is that the cost, effort, and expertise required to find and exploit software vulnerabilities have just dropped to near zero. As Anthropic noted, the advantage will eventually belong to the defenders who can use these tools to fix bugs before code ever ships. But the transitional period is going to be brutal.

Your Action Plan

Assume Vulnerability: If you are running legacy systems or relying heavily on un-audited open-source libraries, assume they contain zero-days that AI can now easily find.
Watch the 90-Day Clock: Project Glasswing partners will be releasing their findings and patches over the next 90 days. Be prepared for a massive wave of critical security updates across your entire tech stack. Apply them immediately. And let’s see if this causes a release of other AI models developed specifically for finding vulnerabilities and then patching them.
Upgrade Your Own Defenses: You cannot fight AI-augmented attackers with manual code reviews. Start integrating AI-driven security scanning into your CI/CD pipelines now.

What do you think about this announcement? Scary or exciting? Let me know in the comments, and please remember to share this article if you found it valuable.

Keep moving forward!

Ready to Scale Your AI Strategy?

The AI landscape is shifting from rapid experimentation to hard operational realities. If you are ready to build resilient, ROI-driven AI systems, let’s talk.

Work with me on AI consulting → Let’s build your AI orchestration engine.
See more case studies → Real-world AI deployments with measurable ROI.
Subscribe to my YouTube channel → Deep dives into AI workflows and tools.
Learn AI marketing fundamentals → The exact systems we use to scale growth.

References

About Jason Fleagle

Jason Fleagle is the Head of AI for Netsync and an AI and Growth Consultant working with global brands to help with their successful AI adoption and management. He helps humanize data—so every growth decision an organization makes is rooted in clarity and confidence. Jason has helped lead the development and delivery of over 500 AI projects and tools, and frequently conducts training workshops to help companies understand and adopt AI. With a strong background in digital marketing, content strategy, and technology, he combines technical expertise with business acumen to create scalable solutions.