Frontier Models on Carles Abarca

Claude Mythos: the model Anthropic chose not to release

Thu, 09 Apr 2026 00:00:00 +0000

“Claude Mythos Preview is a general-purpose, unreleased frontier model.”
— Anthropic, Project Glasswing

Anthropic has just made a decision that, until very recently, would have seemed almost unthinkable in the race for frontier models: publicly present a new-generation model while simultaneously deciding not to make it broadly available to the market.

This is not a product delay. Nor is it a conventional beta program. What Anthropic has done with Claude Mythos Preview is something else: publish part of the technical documentation, describe extraordinary capabilities—especially in offensive cybersecurity—and restrict access to a very limited circle of defensive actors under a specific initiative: Project Glasswing.

The important question is not only what Mythos is. The important question is what it means that Anthropic has decided not to launch it like a normal model.

The extraordinary part is not the model. It is the decision.
#

In the AI industry, a fairly clear logic had taken hold: if a lab trains a better model, sooner or later it turns it into a product. It may do so gradually, via APIs, waitlists, enterprise agreements, or usage restrictions. But the overall direction was unmistakable: more capability eventually meant more availability.

With Mythos, Anthropic introduces a break.

On the one hand, it presents the model as a new frontier of capability. On the other, it implicitly admits that this capability crosses a threshold that makes broad deployment irresponsible.

“We formed Project Glasswing because of capabilities we’ve observed in a new frontier model trained by Anthropic that we believe could reshape cybersecurity.”
— Anthropic, Project Glasswing

That is not routine marketing language. It is a governance signal. Anthropic is saying that, in its judgment, the model is not just better: it is dangerously better in one specific dimension.

What Anthropic claims about Claude Mythos Preview
#

The documentation Anthropic has published paints a picture that is difficult to ignore.

In its Frontier Red Team technical post, the company argues that Mythos Preview:

identifies and exploits zero-days in real software,
does so across every major operating system and every major browser,
produces complex exploits, including multi-vulnerability chains,
and represents a radical leap beyond previous Claude generations.

“During our testing, we found that Mythos Preview is capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web browser when directed by a user to do so.”
— Anthropic, Claude Mythos Preview

If this is correct, we are not looking at an incremental improvement. We are looking at a regime change.

Anthropic goes further. It says internal engineers with no formal security training have asked the model to find a remote vulnerability overnight and woken up the next morning to a complete working exploit.

“Engineers at Anthropic with no formal security training have asked Mythos Preview to find remote code execution vulnerabilities overnight, and woken up the following morning to a complete, working exploit.”
— Anthropic, Claude Mythos Preview

That detail matters. It suggests not only that the model amplifies expert capability. It also suggests that it dramatically lowers the barrier to entry for advanced offensive capability.

The leap beyond Opus 4.6
#

One of the most striking elements of the technical documentation is the comparison with earlier generations.

Anthropic notes that, only a month earlier, its read on Opus 4.6 was that the model was much better at finding and fixing vulnerabilities than at exploiting them. In other words, it was still strong in defensive cybersecurity, but not especially effective at autonomous offensive work.

With Mythos, that changes.

“Opus 4.6 generally had a near-0% success rate at autonomous exploit development. But Mythos Preview is in a different league.”
— Anthropic, Claude Mythos Preview

The company cites a benchmark involving Firefox vulnerabilities where Opus 4.6 only managed to convert findings into working exploits a handful of times, while Mythos Preview did so 181 times, with register control in 29 additional cases.

If those numbers hold, we are not talking about “a stronger Claude.” We are talking about a different order of capability.

It was not trained “to hack”
#

This point is critical.

Anthropic says it did not explicitly train Mythos Preview to develop these offensive capabilities. According to the company, what we are seeing is an emergent consequence of broader improvements in:

reasoning,
autonomy,
code work,
and multi-step planning.

“We did not explicitly train Mythos Preview to have these capabilities. Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy.”
— Anthropic, Claude Mythos Preview

That sentence deserves to be read carefully, because it points to something bigger than Mythos. It suggests that as generalist models improve at useful code work and agentic behavior, offensive capability stops being a separate specialty. It appears as a natural side effect of general progress.

That makes governance much harder. It is no longer enough to avoid training “a model for cyberattack.” The real issue is that a sufficiently capable general model can become a first-rate offensive tool even if that was never the explicit objective of training.

So why not release it?
#

Anthropic frames the answer in terms of a dangerous transition window.

Its thesis is that, in the long run, tools like this may benefit defenders more than attackers. But in the short run there is an obvious risk: offensive capability may diffuse faster than defensive capability can absorb it.

“In the short term, this could be attackers, if frontier labs aren’t careful about how they release these models.”
— Anthropic, Claude Mythos Preview

That is why there is no broad release. Instead, Anthropic created Project Glasswing, an initiative involving partners such as AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, along with dozens of additional organizations.

“By releasing this model initially to a limited group of critical industry partners and open source developers with Project Glasswing, we aim to enable defenders to begin securing the most important systems before models with similar capabilities become broadly available.”
— Anthropic, Claude Mythos Preview

In other words: Anthropic is trying to turn a capability advantage into a temporary defensive advantage before the rest of the ecosystem catches up.

What is really changing: publishing no longer means deploying
#

The most interesting thing about Mythos is not only the security argument. It is the precedent it sets.

For years, many of us assumed that the most advanced model in a lab would also, sooner or later, be the one that ended up in the hands of customers, developers, or end users. With Mythos, that equivalence breaks.

From now on, the most advanced model may:

not be the main product,
not be broadly offered via API,
not reach the general market,
and exist for some time in a kind of strategic quarantine.

That changes a great deal.

It changes how we think about competition between labs. It changes how we should read public announcements. And it changes the regulatory and geopolitical frame as well: if the most powerful models are no longer necessarily public, then the true frontier of capability may increasingly sit behind restricted-access programs, private agreements, and asymmetric deployments.

But a critical reading is still necessary
#

That said, it would be a mistake to swallow the narrative whole.

Anthropic is making extraordinary claims:

thousands of high-severity vulnerabilities,
zero-days in critical software,
coverage across every major OS and browser,
sophisticated exploits developed autonomously,
and a security rationale strong enough to justify withholding the model.

The problem is that the public evidence is necessarily limited.

Anthropic itself says that more than 99% of the vulnerabilities it has found are still unpatched and therefore cannot be disclosed. In addition, the risk document is presented in redacted form.

“Over 99% of the vulnerabilities we’ve found have not yet been patched, so it would be irresponsible for us to disclose details about them.”
— Anthropic, Claude Mythos Preview

That is reasonable from the standpoint of responsible disclosure. But it also means that much of this story depends on trusting the lab’s own interpretation and framing.

So yes: Anthropic’s decision may be sensible, even admirable, while still being wrapped in a corporate narrative that deserves methodological skepticism.

My read: Mythos may mark a before and after
#

My impression is that this episode may ultimately be remembered less for the model’s name than for the strategic signal it sends.

Anthropic is not only saying “we trained something very powerful.” It is saying something more uncomfortable:

we have crossed a capability frontier where responsible behavior no longer automatically means publication.

If that thesis holds, Mythos will matter for three reasons.

1. Because it normalizes partial retention of frontier models
#

Not as an anecdotal exception, but as a legitimate governance tool.

2. Because it shifts the debate from “what can the model do?” to “who should be allowed to use it, and when?”
#

That is a fundamental change.

3. Because it suggests that the real frontier of capability may already sit several steps ahead of what we see in product
#

And that has major implications for strategy, technology policy, and security.

The uncomfortable conclusion
#

For years, the dominant AI narrative assumed that technical progress would eventually democratize access to ever more powerful capabilities.

Claude Mythos introduces a different possibility: that some capabilities are so sensitive that technical progress will not lead to openness, but to containment.

Not because the model failed. Precisely because it worked too well.

“Claude Mythos Preview reveals a stark fact: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.”
— Anthropic, Project Glasswing

If Anthropic is right, this is not simply another model launch. It is the moment when a frontier lab explicitly decided that its most advanced system should not behave like a normal product.

And in this industry, that is a much bigger story than any benchmark.

Main sources
#

Anthropic — Project Glasswing
https://www.anthropic.com/glasswing
Anthropic Frontier Red Team — Claude Mythos Preview
https://red.anthropic.com/2026/mythos-preview/
Anthropic — Alignment Risk Update: Claude Mythos Preview (Redacted)
https://www.anthropic.com/claude-mythos-preview-risk-report

Claude Mythos: The Model That Made Cybersecurity Stocks Crash — And What It Tells Us About Where AI Is Heading

Sun, 29 Mar 2026 00:00:00 +0000

Three days ago, a misconfigured CMS at Anthropic left roughly 3,000 internal assets publicly accessible. Among them: a draft blog post announcing their next-generation AI model. The name varies between two leaked drafts — “Mythos” and “Capybara” — but what matters isn’t the name. What matters is what it can do.

And what it can do should make anyone in technology leadership stop and think very carefully.

What Leaked
#

On March 26, security researchers Roy Paz (LayerX Security) and Alexandre Pauwels (University of Cambridge) discovered the exposed documents. Anthropic acknowledged the leak as “human error” and confirmed the model is real.

Here’s what we know:

Claude Mythos is not Claude Opus 4.7. It’s not an incremental update. It’s a new tier above Opus — Anthropic’s own words: “a new name for a new tier of model: larger and more intelligent than our Opus models, which were, until now, our most powerful.” Reports suggest roughly 10 trillion parameters, a 5-10x jump from previous frontier models.

Training is complete. Select customers are already testing it.

Why Cybersecurity Stocks Crashed
#

The morning after the leak, the market’s reaction was swift and brutal:

iShares Cybersecurity ETF: -4.5%
CrowdStrike, Palo Alto Networks, Zscaler, SentinelOne: -6% each
Tenable: -9%
Bitcoin dropped to $66,000

Why? Because the leaked draft describes Mythos as “currently far ahead of any other AI model in cyber capabilities.” It can discover and exploit software vulnerabilities at speeds that — Anthropic’s own assessment — “far outpace human defenders.”

Read that again. The company that built it is telling you that human cybersecurity teams can’t keep up with it.

This isn’t hypothetical. Anthropic already caught a Chinese state-sponsored group using Claude Code to infiltrate approximately 30 organizations — tech companies, financial institutions, government agencies — before detection. Mythos reportedly makes that look like child’s play.

Stifel analyst Adam Borg put it plainly: “Mythos is an order of magnitude more powerful, and compute-intensive, than any other frontier model on the market.”

The Rollout Strategy Tells You Everything
#

Anthropic’s deployment approach is perhaps the most revealing signal:

First access: Not developers. Not enterprises. Cybersecurity organizations — “giving them a head start in improving the robustness of their codebases against the impending wave of AI-driven exploits.”
No public launch date. They’re explicitly delaying broad release.
Cost problem acknowledged. Anthropic says it’s “very expensive to serve” and they need to make it “much more efficient before any general release.”

When a company builds the most powerful AI model in the world and its first instinct is to hand it to defenders before attackers can get it — that’s not a product launch. That’s a controlled disclosure.

What Mythos Means Beyond Cybersecurity
#

Let me be direct about what I think this represents.

Mythos posts “dramatically higher scores” than Opus 4.6 on coding and academic reasoning benchmarks. Opus 4.6 already led SWE-bench Verified at 80.8% and Terminal-Bench 2.0 at 65.4%. Whatever “dramatically higher” means, we’re talking about a model that can code better than most professional developers and reason through complex problems at a level that was science fiction five years ago.

But the cybersecurity capability is the real wake-up call, because vulnerability discovery requires something qualitatively different from text generation or code completion. It requires:

Deep multi-step reasoning — chaining logical inferences across complex systems
Adversarial creativity — finding attack vectors that weren’t designed or anticipated
Autonomous execution — not just identifying a vulnerability but actively exploiting it

When a model can do all three at superhuman speed in a domain as complex as cybersecurity, the implications extend to every field that involves complex reasoning under uncertainty. Law. Medicine. Scientific research. Strategic planning. Finance.

The AGI Question (Which Is the Wrong Question)
#

Is Mythos AGI? No. It doesn’t learn new tasks from minimal examples the way humans can. It has no persistent memory, no self-improvement loop, no autonomous goal-setting.

But here’s what I think matters more: we may be past the point where the AGI label matters practically.

A model that can autonomously find and exploit zero-day vulnerabilities — something that previously required teams of elite human researchers — changes the game regardless of whether we call it “general” intelligence. Narrow superintelligence in high-stakes domains is more immediately consequential than theoretical AGI.

The fact that Anthropic itself is alarmed enough to delay general release and prioritize defensive deployment tells you where we are on the capability curve.

The Competitive Context Makes It Worse
#

Mythos doesn’t exist in isolation:

OpenAI has finished pretraining a new model codenamed “Spud” — expected within weeks.
Google DeepMind just launched Gemini 3.1 for real-time multimodal processing.
Both Anthropic and OpenAI are timing major releases ahead of planned IPOs later in 2026.

This is an arms race with IPO pressure. The incentives to push capability boundaries are enormous and increasing. The incentives for caution are… well, we just saw how Anthropic’s caution played out. A CMS misconfiguration, and the whole world knows.

What This Means for Institutions
#

For universities, for governments, for any organization making decisions about AI strategy:

The planning horizon just compressed. If you were thinking about AI governance frameworks as a 2027-2028 initiative, think again. Models with superhuman capabilities in specific domains are here now, not in a comfortable future.

Cybersecurity is no longer optional. It’s existential. Every institution needs to assume that AI-powered attacks will become the norm, not the exception. The defenders need AI too — and they need it first.

The talent equation is shifting. When a model can outperform human cybersecurity experts, the value isn’t in the technical execution — it’s in the judgment about when and how to deploy these capabilities. We need people who understand both the technology and its implications.

I keep coming back to the same conclusion I wrote in my previous post on AEO: digital transformation in 2026 means preparing institutions for a world where AI systems are colleagues, not tools. Mythos just made that statement feel uncomfortably literal.

Jensen Huang said AGI has arrived. He was wrong about the definition but right about the urgency. Whether we call it AGI or narrow superintelligence or just “really powerful AI” — the systems are here, they’re real, and the time to prepare was yesterday.

Carles Abarca is Vice President of Digital Transformation at Tecnológico de Monterrey.

Frontier Models on Carles Abarca

Claude Mythos: the model Anthropic chose not to release

The extraordinary part is not the model. It is the decision. #

What Anthropic claims about Claude Mythos Preview #

The leap beyond Opus 4.6 #

It was not trained “to hack” #

So why not release it? #

What is really changing: publishing no longer means deploying #

But a critical reading is still necessary #

My read: Mythos may mark a before and after #

1. Because it normalizes partial retention of frontier models #

2. Because it shifts the debate from “what can the model do?” to “who should be allowed to use it, and when?” #

3. Because it suggests that the real frontier of capability may already sit several steps ahead of what we see in product #

The uncomfortable conclusion #

Main sources #