Anthropic’s new Claude Mythos Preview announcement landed with exactly the kind of language that makes people stop scrolling. The company says the model has reached a level of cyber capability where it can find and exploit serious software vulnerabilities, and it is wrapping that claim inside a new initiative called Project Glasswing with partners like Amazon Web Services, Apple, Cisco, Google, Microsoft, NVIDIA, and Palo Alto Networks. That is why everyone is freaking out. The realistic read, though, is a little more complicated: the capabilities look meaningful, but the public story is also doing a lot of strategic work for Anthropic. (Anthropic Glasswing, Anthropic Red Team, The Verge)

What Anthropic actually announced

At the center of the announcement is Project Glasswing, which Anthropic describes as an effort to secure critical software before models with Mythos-class capabilities become more widely available.

The company says Claude Mythos Preview is its strongest model yet for coding and agentic tasks, and that those broader improvements are what make it unusually capable in cybersecurity work. Anthropic has committed up to $100 million in usage credits for Project Glasswing participants and says the model will be made available to approved partners through the Claude API, Bedrock, Vertex AI, and Microsoft Foundry. The partner list is part of the message here: this is meant to sound like an industry coordination effort, not a normal product release. (Anthropic Glasswing)

The practical implication is that Anthropic is not positioning Mythos as a consumer feature. It is presenting Mythos as a frontier system that belongs inside a controlled defensive program for major institutions and infrastructure owners. That distinction is a big part of why the announcement has been received as a security story rather than just another model launch. (Anthropic Glasswing, The Verge)

Why people are reacting so strongly

There are a few reasons this particular model announcement is hitting differently.

The first is the claim itself. Anthropic is not saying Mythos is merely better at coding benchmarks. It is saying the model can identify and exploit zero-day vulnerabilities in every major operating system and every major web browser, and that it can do meaningful parts of that work autonomously. That is the kind of statement that naturally triggers reactions from security people, policymakers, and anyone already uneasy about frontier-model deployment. (Anthropic Red Team)

The second is access control. Anthropic is not releasing Mythos generally right now, and The Verge reported that the company explicitly framed that decision around security risk while briefing senior US government officials on the model’s offensive and defensive cyber capabilities. That is the kind of move that instantly changes the tone from “new model release” to “possible strategic technology.” (The Verge)

The third is timing. AI labs have spent the last two years teaching everyone to think in terms of rapid capability jumps, geopolitical stakes, and narrow windows for responsible deployment. Once that narrative is in place, a model framed as too dangerous for broad release is almost guaranteed to attract outsized attention.

What the evidence actually supports

This is the part of the story where some caution is useful, but not cynicism.

Anthropic’s public technical writeup from its Frontier Red Team does contain genuinely striking examples. The company says Mythos Preview identified and exploited zero-day vulnerabilities across major browsers and operating systems, wrote browser exploit chains that escaped both renderer and OS sandboxes, produced Linux local privilege escalation exploits by chaining multiple bugs, and wrote a remote code execution exploit against FreeBSD’s NFS server. The post also says Mythos found 595 crashes at tiers 1 and 2, several tier 3 and 4 results, and 10 full control-flow hijacks on fully patched OSS-Fuzz-style targets. (Anthropic Red Team)

That is not nothing. Even if you aggressively discount the headline language, Anthropic is still claiming a model-level jump over earlier Claude systems in exploit development, reverse engineering, and vulnerability chaining. The same writeup says Opus 4.6 had close to a near-zero autonomous exploit success rate on some of these tasks, while Mythos performed much better. (Anthropic Red Team)

There is also at least one useful brake built into Anthropic’s own reporting. The company says over 99% of the vulnerabilities it found have not been patched, so most details cannot yet be shared publicly, and the “thousands” figure is partly extrapolated from a smaller set of manually reviewed reports. Specifically, Anthropic says expert contractors reviewed 198 vulnerability reports, agreed exactly with Claude’s severity assessment in 89% of those cases, and were within one severity level 98% of the time. That does not make the broader claim false, but it does mean outside observers are still being asked to trust Anthropic’s process more than they can independently verify. (Anthropic Red Team)

Why some skepticism is healthy

None of this requires assuming Anthropic is lying.

It only requires recognizing that frontier AI companies benefit when their newest systems are seen as both highly capable and unusually sensitive. A model that looks too dangerous for ordinary release can also look more valuable to governments, critical-infrastructure operators, major enterprises, and investors. It helps position the lab as a necessary partner in a new strategic domain.

That is one reason the Mythos announcement deserves to be read on two levels at once. One level is straightforward capability reporting. The other is strategic framing. Project Glasswing is obviously about defensive security, but it is also a way to tell the market that Anthropic has something special enough to require gated access, institutional partners, and national-security-adjacent conversations. (Anthropic Glasswing, The Verge)

Tom’s Hardware made this point more bluntly, arguing that some of the “thousands of severe zero-days” language reads more like a sales pitch than a fully auditable public case. I would not go quite that far, but I do think the underlying instinct is healthy. When a company controls the model, the benchmark framing, the release channel, and most of the evidence, skepticism is not anti-technology. It is just normal reading comprehension. (Tom’s Hardware)

What history suggests

This is not the first time a frontier AI company has packaged capability, danger, and historical significance together.

We have already lived through multiple cycles where labs framed a new system as too powerful, too risky, or too socially disruptive for ordinary release, only for the public understanding of what the system could actually do to lag badly behind the narrative. Sometimes the technology really was a step forward. Sometimes the breathless framing aged poorly. Often both things were true at once.

That is one reason I keep coming back to What Are 5th Generation Programming Languages?. Every major jump in abstraction tends to produce a wave of overconfident forecasting, followed by a slower and messier reality. Real capability growth does not automatically make the first round of strategic storytelling reliable.

Mythos may turn out to be a serious milestone in AI-assisted cyber operations. But history says we should expect the first public version of that story to be optimized for positioning as much as for clarity.

What this could really mean

The broader implications here are less cinematic than the online reaction suggests, but they are still important.

The most plausible near-term outcome is not “AI ends cybersecurity” or “everyone gets hacked tomorrow.” It is that top-tier security teams get much better tooling for vulnerability discovery, patch generation, exploit reproduction, and codebase triage, while everyone else scrambles to catch up. If Mythos-class capabilities spread, defenders will likely need more automation, more verification infrastructure, and tighter operational controls around how code is scanned and shipped. (Anthropic Glasswing, Anthropic Red Team)

There is also a policy implication. Announcements like this create pressure for more restricted access, more government engagement, and more claims that only a handful of labs can safely steward the most capable systems. Some of that may be justified. Some of it will also reflect the incentives of the companies making the argument.

And there is an industry implication. Even if Anthropic’s framing is partly strategic, every major lab and every serious security vendor is now on notice that “AI for cyber” is becoming its own product and policy category. That alone will shape investment, partnerships, access rules, and enterprise buying behavior over the next year.

My take right now

I think the right reaction is neither panic nor dismissal.

Anthropic has probably shown something real. The Red Team writeup is detailed enough, and the partner structure is serious enough, that it would be a mistake to wave the whole thing away as pure theater. At the same time, Mythos is also a story about how AI companies build legitimacy by presenting themselves as both uniquely capable and uniquely responsible.

So yes, Mythos may be an important step in AI-assisted cybersecurity.

But the public narrative around Mythos is doing more than describing a model. It is also telling us how Anthropic wants regulators, enterprises, and the broader market to think about Anthropic itself.

That is why everyone is freaking out about Project Glasswing. The technology matters. The framing matters too.