Claude Mythos and the coming vulnerability tsunami: What security leaders should be doing right now

In April 2026, Anthropic released Claude Mythos Preview, a frontier AI model with a striking ability to find and exploit software vulnerabilities. Within weeks of internal testing, Mythos Preview autonomously identified thousands of previously unknown critical flaws across every major operating system and web browser, including bugs that had survived decades of human review and millions of automated tests.

This is a step change in the baseline capability of attackers, and with the right response, defenders. For security leaders, it’s no longer a question of how AI will reshape the threat landscape, but what your organization is doing about it before the rest of the industry catches up.

It is essential to address a misconception that has shaped much of the public conversation about Claude Mythos: The model isn’t creating vulnerabilities, introducing new flaws into software, or weaponizing systems that were previously safe.

The vulnerabilities Mythos Preview identified have been there all along – some for decades. The 27-year-old flaw in OpenBSD existed in production code that ran firewalls and critical infrastructure across the world for a generation before it was found.

The 16-year-old vulnerability in FFmpeg was reached five million times by automated testing tools without anyone noticing. The Linux kernel privilege escalation chain Mythos assembled was made possible by flaws that had been quietly sitting in widely deployed code for years.

Mythos changed the speed and efficiency with which these latent flaws can be discovered, validated, and turned into working exploits. The vulnerability surface of the world’s software has not grown, and the time needed to uncover it has collapsed.

That distinction matters, but it shouldn’t be mistaken for reassurance. In the wrong hands, Mythos can be used as a weapon to uncover and operationalize existing vulnerabilities at a previously unseen pace. The threat is real. It’s here, and it’s accelerating. Not because Mythos is harmless, but because these flaws were never going to stay hidden – the industry has warned for years that once frontier AI matured, the cost of finding and exploiting vulnerabilities would drop sharply, and that moment has arrived.

This reframing has practical consequences. If you respond to Mythos as if it were a discrete threat to be contained, you will spend resources on the wrong problem.

The model itself isn’t the issue – your organization must defend against an environment where the time between a latent flaw and a working exploit, against software you depend on, has shrunk from months or years to hours or days.

That is a different problem with different priorities, and it requires a different operational posture than the one most security programs were built for.

Claude Mythos Preview is a general-purpose frontier AI model developed by Anthropic that wasn’t purpose-built for cybersecurity. Anthropic discovered during training that improving the model’s coding and reasoning ability produced a system with cybersecurity capabilities that are substantially beyond any model they’d previously trained.

Because of this, Anthropic chose not to release Mythos commercially, instead launching Project Glasswing, a restricted research coalition that gives access to the model exclusively for defensive security work.

The launch partner coalition includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic has also extended access to approximately 40 additional organizations that build or maintain critical software infrastructure and has committed up to $100 million USD in model usage credits along with $4 million USD in direct donations to open-source security organizations.

The intent of this controlled release is to give defenders an opportunity to use Mythos-class capabilities to identify and fix flaws in foundational software before equivalent capabilities become broadly available.

Some notable capabilities Anthropic has demonstrated are:

• Vulnerability reproduction: Mythos Preview developed working exploits autonomously on the first attempt in over 83 percent of cases
• Benchmark dominance: On the CyberGym vulnerability reproduction benchmark, Mythos scored 83.1 percent compared to 66.6 percent for the next-best model (Claude Opus 4.6)
• Coding capability: Mythos achieved 93.9 percent on the SWE-bench coding benchmark
• Real-world impact: Thousands of zero-day vulnerabilities discovered across every major operating system and web browser, with many critical-severity findings now in responsible disclosure with vendors
• Autonomy: No human steering was required to find and exploit the majority of vulnerabilities reported

The Glasswing program has already provided defenders with an unintended case study. Within roughly two weeks of Mythos Preview’s announcement, Anthropic confirmed it was investigating unauthorized access to the model through a third-party vendor environment.

Public reporting indicates that a small group operating through a private Discord channel accessed Mythos by guessing the model’s hosted URL based on Anthropic’s known naming conventions for prior models. The access was facilitated, at least in part, by an individual employed at one of Anthropic’s third-party contractors. According to public statements, the group had not been using the model for cyberattacks, but retained access for some time after the breach was identified.

The investigation is ongoing and details may evolve, but what is already clear is the operational lesson. As Acalvio CEO Ram Varadarajan said:

The breach itself was unrelated to the offensive cyber capabilities of the model. It was a more familiar category of incident: a controlled-release asset accessed through a third-party environment by a group focused on intelligence-gathering rather than attack. The model itself was not the attack surface; the controls around it were.

What the breach illustrates is the broader operational reality security leaders are now living with. Even tightly scoped, high-value assets attract immediate adversarial attention, and even well-resourced organizations face friction maintaining controlled access.

None of this is unique to AI, nor does it change the central question around what happens when a model with Mythos-class capabilities reaches a wider population.

• Cyber security 101: Vendor and third-party security
• Cyber security 101: The rising risk of AI and social engineering in Canada
• Internal audit and cyber security: Guidelines and a checklist

Project Glasswing currently limits access to Mythos Preview, and the recent breach illustrates that even controlled access is difficult to maintain. The restriction is also temporary, with Anthropic estimating that comparable capabilities will emerge from other AI labs within six to eight months.

This creates a brief and consequential asymmetry. Right now, the formal Glasswing partners and a defender community with access to AI-augmented tooling have a temporary advantage. Within two years, the same class of capability will likely be much more widely available.

The shift Mythos represents lands on top of a vulnerability disclosure ecosystem that is already strained. NIST announced in April 2026 that it’s moving the National Vulnerability Database to a risk-based enrichment model, citing a 263 percent increase in CVE submissions between 2020 and 2025.

Microsoft, in its Project Glasswing launch statement, captured the operational shift directly:

For most organizations, the operational response to a critical vulnerability still involves a ticket, a change approval, a maintenance window, and an interval where exposure is unmitigated. That rhythm was already under pressure before Mythos. It will not survive contact with AI-assisted adversaries operating at scale.

The implications fall into four categories that every security leader should be working through.

1. Vulnerability volume will grow by orders of magnitude: When Mythos-class tools are broadly available, the number of discovered vulnerabilities will increase dramatically. Security teams already overwhelmed by scanner output will face a qualitatively different problem. Prioritization frameworks and risk-tiered remediation workflows are not a future-state investment but rather an immediate operational requirement.
2. Attack sophistication will increase: Mythos Preview reproduced exploits autonomously on the first attempt in more than 83 percent of cases. As equivalent capabilities proliferate, the attacks that reach your environment will be more precise, more automated, and more difficult to attribute. Detection and response capability matters more now, not less.
3. Supply chain and dependency risk becomes a primary concern: The vulnerabilities Mythos identified were in the operating systems, browsers, and foundational libraries that every organization depends on, not obscure, unmaintained software. Your attack surface includes every dependency in your stack, every vendor product running in your environment, and every piece of open-source software in your supply chain. When AI-powered discovery is applied to that broader surface, the volume and severity of findings reaching you through your supply chain will increase.
4. AI is simultaneously the threat and the response: The same AI capabilities that strengthen attackers are available to defenders. Vulnerability scanning, code review, threat hunting, and alert triage will all be transformed by this generation of models. Security leaders who build familiarity with AI-assisted tooling now, including where it helps and where it is unreliable, will be better positioned than those who evaluate it reactively after an incident.

The following priorities reflect the operational realities of defending in a threat environment that is about to get harder. They are sequenced for organizations operating with finite security budgets and lean teams, but the principles apply regardless of organizational size.

1. Replace your vulnerability queue with a risk portfolio

   Start treating vulnerability management as a risk portfolio to be managed, rather than a backlog to be processed. Define explicit, board-approved criteria for remediation timelines tied to asset criticality, exploitability, and business impact. When AI-powered discovery tools dramatically increase the number of findings in your environment, a queue collapses, but a framework holds strong.

2. Pressure-test your detection and response capability

   Prevention controls will fail more frequently as attack sophistication increases. Your containment and recovery capacity determines the impact of those failures. Assess your current mean time to detect and mean time to respond against adversary scenarios. If you are operating with a SOC, either internal or through an MSSP, evaluate honestly whether that is sustainable given the coming shift in threat capacity.

3. Establish a vulnerability intelligence pipeline

   NIST’s announcement to move to a risk-based approach for managing the National Vulnerability Database – and Q1 2026 CVE submissions already running one-third higher than the same period last year – illustrates the volume increase is here and that even at record enrichment productivity, NIST can’t keep up. Going forward, only CVEs in CISA’s Known Exploited Vulnerabilities catalog, those affecting federal software, or those affecting designated critical software will be automatically enriched and everything else will be marked as “Not Scheduled.”

   The practical consequence for security leaders is significant. Many vulnerability management programs operate on an implicit contract: NVD will provide enriched, scored, product-mapped data for any CVE you encounter, but that contract no longer holds. Set up the people, processes, and tooling to consume, validate, and act on the surge in vulnerability disclosures coming from Project Glasswing and the broader research community.

   Track which of your vendors are Glasswing partners and what their disclosure cadence looks like. Establish internal ownership for monitoring CVE feeds, the KEV catalog, vendor security advisories, and open-source security disclosures relevant to your environment. Build or buy the capability to assess unenriched CVEs in your own context. The volume is going to grow, and the organizations that build the intake muscle now will be able to absorb it while those that don’t will be buried by it.

4. Build supply chain visibility

   Map the foundational software in your environment: operating systems, browsers, libraries, and vendor platforms. Establish patching SLAs for each tier and assign ownership. Software bills of materials (SBOMs) are becoming a contractual expectation in enterprise and government procurement. Adopting them now is a head start, not a compliance cost.

5. Evaluate AI-assisted defensive tooling deliberately

   Treat AI-augmented security tooling with the same rigour you applied to EDR five years ago. Pilot it, measure it against your existing controls, understand where it adds value versus where it produces noise, and build internal expertise before market pressure forces a rushed decision.

6. Reset the conversation with your executive team

   You have a concrete, headline-grade hook to reopen the security investment conversation. The cost and effort required to find and exploit vulnerabilities just dropped dramatically and current security budgets are sized for old baselines. Bring this to your board and frame it as a realignment of risk tolerance to the new reality.

The Glasswing coalition gives the defender community a temporary head start. The Glasswing breach reminds us that even well-intentioned controlled releases face real-world operational stress immediately.

Both observations point to the fact that the time available to prepare is shorter than it appears, and the discipline required to use it well is operational, not theoretical.

Mythos has not introduced new vulnerabilities into the world; it has compressed the timeline between dormant flaws and working exploit to a degree that fundamentally changes what defensive readiness looks like.

For organizations willing to act now, the path forward is clear: strengthen your vulnerability management discipline, pressure-test your detection and response, take third-party access seriously, and build operational muscle to absorb a surge in discovery.

The organizations that begin this work today will define the standard of care for cyber defence over the next decade, and the ones who treat this as a moment for renewal rather than alarm will find themselves better positioned than they were before Mythos arrived.

Ricardo is a member of MNP’s Digital Services practice in Fredericton, NB, specializing in IT and cybersecurity managed services. With over 25 years of experience in IT and security, Ricardo leads MNP Digital’s Managed Security Services practice, building services around the Microsoft Security stack. Prior to MNP, he served as CTO at Bulletproof, where he led the design of a Microsoft Sentinel-based security monitoring service that received Microsoft’s 2021 Global Security Partner of the Year award.