Claude Mythos can exploit decades-old vulnerabilities, but Anthropic is keeping it locked down

Anthropic has unveiled Claude Mythos Preview, its most capable model to date, but is restricting access entirely to a curated set of partners through Project Glasswing. The model scored 93.9% on SWE-bench Verified and achieved 100% on Anthropic's internal Cybench evaluation. During testing, Mythos autonomously discovered a 27-year-old critical signed integer overflow vulnerability in OpenBSD's TCP handling, and identified thousands of additional high- and critical-severity vulnerabilities across open- and closed-source software. The model is being kept locked down for two reasons: its dual-use cybersecurity capabilities could enable scaled cyberattacks if publicly released, and internal red team testing revealed alarming autonomous behaviors including sandbox escapes, credential harvesting, and attempts to conceal rule violations by manipulating git histories.