Anthropic Unveils ‘Too Powerful to Release’ Mythos Model; Apple, Microsoft, Google Join Security Alliance

Anthropic officially launched Claude Mythos Preview and announced Project Glasswing, a large‑scale security initiative that brings together twelve technology leaders—including Apple, Microsoft, and Google—to protect the world’s most critical software infrastructure.

Benchmark performance : Compared with the current top model Claude Opus 4.6, Mythos Preview achieves cross‑level gains on several SWE‑bench suites: 77.8% vs 53.4% on SWE‑bench Pro, 82.0% vs 65.4% on Terminal‑Bench 2.0, 59.0% vs 27.1% on SWE‑bench Multimodal, 87.3% vs 77.8% on SWE‑bench Multilingual, and 93.9% vs 80.8% on SWE‑bench Verified.

Security discoveries : Anthropic’s security team used Mythos Preview to scan all major operating systems and browsers, uncovering thousands of high‑severity zero‑day bugs. Notable examples include a 27‑year‑old OpenBSD integer‑overflow flaw affecting firewall infrastructure, a 16‑year‑old FFmpeg H.264 decoder vulnerability missed by 5 million automated tests, multiple Linux‑kernel privilege‑escalation races, a guest‑to‑host memory‑corruption bug in a virtual‑machine monitor, and several cryptographic‑library defects impacting TLS, AES‑GCM, and SSH.

OSS‑Fuzz results : On 7,000 entry points, Mythos triggered 595 crashes, whereas Sonnet 4.6 and Opus 4.6 found only 150‑175. Among those crashes were ten full control‑flow hijack instances, indicating the model can craft complete exploit chains. In Firefox 147’s JavaScript engine, Mythos produced 181 usable exploits compared with Opus’s two, including a JIT heap‑spray attack that chained four vulnerabilities.

Cost and speed : Human security analysts typically need one to two weeks to develop comparable exploits; Mythos generates them in a few hours at an estimated cost of $1,000‑$2,000.

Project Glasswing partners : The alliance’s founding members span cloud (AWS, Google, Microsoft), chips (NVIDIA, Broadcom), security (CrowdStrike, Palo Alto Networks, Cisco), finance (JPMorgan Chase), technology (Apple), and open‑source (Linux Foundation). Over 40 additional organizations that maintain critical software infrastructure also receive access.

Funding commitments : Anthropic allocated a $100 million usage quota for partners, donated $2.5 million to the Linux Foundation’s Alpha‑Omega and OpenSSF projects, and contributed $1.5 million to the Apache Software Foundation.

Release policy and safety : Mythos Preview is not publicly available. Anthropic stated on Twitter that the goal is a safe, large‑scale deployment of Mythos‑level models, which first requires robust guardrails. The company will publish its research findings within 90 days, using a SHA‑3 commitment to prove discovery timestamps and offering a 90‑plus‑45‑day remediation window. Manual review of 198 vulnerability reports showed 89% exact severity agreement and 98% agreement within one level.

Business perspective : Despite holding a model that far outstrips competitors, Anthropic chose to withhold it from commercial release, emphasizing security over immediate revenue. The alliance’s $100 million usage quota and per‑token pricing (≈$25 per million input tokens, $125 per million output tokens) illustrate a model that monetizes security while maintaining strict control.