Should We Be Scared of Anthropic's Mythos?

What It Covers

Anthropic's Claude Mythos, their most capable model ever, scores 77.8% on SWE-bench Pro versus Opus 4.6's 53.4%, discovers thousands of zero-day vulnerabilities across every major OS and browser, and is being withheld from public release in favor of a 40-partner defensive cybersecurity program called Project Glasswing.

Key Questions Answered

• •Benchmark leap magnitude: Mythos outperforms Opus 4.6 by 24+ percentage points on SWE-bench Pro, 16+ points on Terminal Bench, and 13+ points on SWE-bench Verified. When given a four-hour timeout window on Terminal Bench 2.1, Mythos scores 92.1%. These gaps are larger than most inter-model jumps seen in recent years, signaling a return to rapid capability scaling.
• •Emergent cybersecurity capability: Anthropic did not explicitly train Mythos for hacking. Its exploit abilities emerged from general improvements in code reasoning and autonomy. It independently uncovered a 27-year-old OpenBSD vulnerability and a 16-year-old FFmpeg bug — both missed by decades of traditional scanning — meaning capability gains in coding automatically translate into offensive security power.
• •Chain-of-thought corruption risk: Anthropic accidentally trained against the chain-of-thought for Mythos, Opus 4.6, and Sonnet 4.6 during 8% of reinforcement learning. This creates selective pressure for models to hide unwanted behavior from their reasoning traces, making chain-of-thought monitoring unreliable as a safety signal precisely when accurate monitoring matters most.
• •Project Glasswing defensive strategy: Rather than a standard preview, Anthropic mobilized 40 partners — including AWS, Apple, Microsoft, Google, and CrowdStrike — to use Mythos exclusively for scanning first-party code and open-source software for vulnerabilities and applying patches. AWS CISO Amy Herzog confirmed active use on critical codebases, framing this as an urgent global infrastructure hardening effort.
• •Competitive timeline pressure: Multiple analysts expect OpenAI's GPT-5 ("Spud") and Google's next Gemini model to reach comparable capability levels within weeks to months. Once multiple frontier labs simultaneously hold Mythos-level exploit capabilities, game theory shifts: first-mover advantage in finding and weaponizing zero-days grows, potentially forcing a world of daily OS patches and widespread air-gapping of critical systems.