What Anthropic's Mythos tells us about the next decade of digital life
Earlier this month, Anthropic did something we have not seen from a frontier AI lab in modern memory: they built their most powerful model, and then they decided not to ship it.
The model is called Claude Mythos Preview.
By every benchmark Anthropic has shared, it is the most capable system they have ever built.
On the 2026 USA Mathematical Olympiad, it scored 31 percentage points higher than the previous frontier model, Opus 4.6. But the math is not the news. The software is.
Mythos can break almost anything ever written in code.
What Mythos Actually Is
In Anthropic's own testing, Mythos behaved less like a tool and more like a senior security engineer who never sleeps.
Pointed at roughly 7,000 entry points across a thousand open-source repositories, it produced 595 serious crashes.
On ten separate, fully patched targets, it achieved complete control-flow hijack, the most severe class of software attack. Previous frontier models managed one.
Then Anthropic pointed Mythos at the software the world actually runs on. It found critical flaws in every widely used operating system. Every major web browser. Ninety-nine percent of those flaws are still unpatched.
This is the moment offensive cybersecurity stopped being bound by human capacity.
Restraint as Strategy
Instead of a public release, Anthropic built something they are calling Project Glasswing. It is a tight circle of companies given early access to Mythos, on the condition that they use it defensively:
Microsoft. Google. Apple. Amazon Web Services. JPMorgan Chase. Nvidia.
Plus roughly 40 additional organizations that maintain critical software infrastructure.
Anthropic backed the effort with $100 million in model-usage credits and another $4 million in direct donations to open-source security groups. The logic is simple: let the defenders patch quietly, before anyone else learns what Mythos has already learned.
Not since OpenAI held back GPT-2 in 2019 has a major lab called a model too dangerous to release.
The difference, this time, is that nobody is laughing.
The instinct to read this only as fear is wrong. Anthropic did not get scared. They saw an asymmetry. And tried to bend it.
Most offensive security tools eventually become defensive tools. Fuzzers, intrusion detection, red-team frameworks: all of them started in a gray zone and ended up on the defenders' side. But during the transition, there is a window.
A window where the people paid to break things are briefly, decisively ahead of the people paid to protect them. Anthropic's own researchers are upfront about it: the same improvements that make Mythos better at patching vulnerabilities make it better at exploiting them.
A public launch would have opened that window for everyone at the same moment.
Defenders and attackers.
Hospitals and ransomware crews.
Power grids and hostile states.
Project Glasswing is an attempt to open that window only for the defenders first. Give the people who maintain the plumbing of the internet a head start. Then share what works.
That is either thoughtful stewardship or a privately administered emergency, depending on where you sit. Probably both.
The Questions We All Now Have to Answer
Who decides?
A private company in San Francisco looked at a piece of software it had just built and decided, on behalf of roughly everyone with an internet connection, what the rest of us could and could not have.
That may have been the right call. But it is still an extraordinary amount of power concentrated in a very small number of hands.
Who gets in, and who doesn't?
The Glasswing list is heavy on American tech giants and American banks.
European regulators reportedly could not independently review the model.
Your hospital is not on the list. Neither is your university, your city government, or most of the world's critical infrastructure operators. They are, however, running the same operating systems and browsers that Mythos has already torn open.
How long does the head start last?
Not long. Industry analysts already expect other frontier labs to reach similar capabilities within months.
The defensive window is measured in calendar days, not years.
What does this do to trust?
Within days of Anthropic's briefing, the US Treasury Secretary and the Federal Reserve Chair had convened Wall Street CEOs.
The Bank of England had intensified its AI risk testing.
German banks had begun formal consultations with regulators.
When a model announcement triggers central bank meetings, we have quietly crossed a threshold.
AI policy is no longer a future problem. It is a Tuesday one.
The Part I Keep Coming Back To
It would be easy to read Mythos as the moment AI stopped being a productivity story and became a security story. That reading is too small.
The deeper shift is that we now have a technology capable of reasoning about the safety of our shared digital world at a scale no human team could match. Pointed one way, it finds the cracks in every browser you open. Pointed the other, it could harden every piece of open-source code a billion people depend on.
The question is no longer whether such a capability will exist. It exists.
The question is whether we can organize ourselves (labs, governments, researchers, open-source maintainers, ordinary companies, all of us) quickly enough to keep the defensive use ahead of the offensive one.
Anthropic's answer, for now, is a cautious yes: don't ship the model, ship the mission. Spend $100 million letting defenders catch up.
Publish what you learn. Build the safeguards into the next public release, which is exactly what arrived a week later, when Claude Opus 4.7 launched with automatic safeguards designed to detect and block high-risk cybersecurity requests, framed as a step toward the eventual broader release of Mythos-class models.
That is not the end of the story. It is barely the end of the first chapter.
But there is something quietly radical in the choice itself: A company with every commercial incentive to launch looked at what it had built, and decided the more interesting act of engineering was restraint.
If that instinct spreads (to other labs, to other decisions, to the governance frameworks we are about to spend the next decade writing), Mythos may be remembered less as the model that frightened us, and more as the moment the industry started to grow up.
The model they chose not to release might turn out to be the most important one they ever shipped.