Claude Mythos is the most talked-about AI model in cybersecurity right now. Some of the attention is warranted. A lot of it is noise. This guide cuts through both, explaining what Mythos actually is, what it signals about where AI-assisted security is heading, and what security teams should actually do about it. We'll draw on Cobalt pentest data where the industry conversation is missing it.
TL;DR: Claude Mythos Preview is Anthropic's most advanced AI model, built as a general purpose frontier model. It was briefly made available with strong guardrails, deployed under the name Fable 5. It’s more capable than anything Anthropic has released before, and it accelerates a shift that was already underway: the gap between finding a vulnerability and exploiting it is shrinking fast. But Mythos is not the whole story. Most organizations' biggest security problem is that they're not fixing the ones they already know about.
Claude Mythos Preview is Anthropic's most advanced AI model to date, built primarily around cybersecurity, software coding, and complex reasoning tasks. It is not currently publicly available. Unlike Claude Sonnet or Opus, which anyone can access through Claude.ai or the API — Mythos is a gated, restricted model currently deployed only to a small set of vetted partner organizations through a program called Project Glasswing.
The model's defining capability is its ability to read and reason about large codebases, identify security vulnerabilities, and in some cases develop working exploits — with less human guidance than previous AI models required. On CyberGym, an industry benchmark for vulnerability reproduction, Mythos Preview scores 83%, compared to 67% for Claude Opus 4.6, Anthropic's next-best publicly available model.
That benchmark gap is significant, but worth contextualizing. CyberGym measures a specific, controlled task. Real-world offensive security involves far more ambiguity — unclear scope, messy codebases, defensive controls that benchmarks don't replicate. The gap tells us Mythos is genuinely more capable than what came before it. It does not tell us that human security expertise is now redundant, or that every organization faces imminent catastrophe.
What is clear is that AI-assisted vulnerability discovery has crossed a threshold. Findings that previously required rare expertise and significant time can now be produced faster and at greater scale. The more important question — which we'll get to — is what most security programs can actually do with that.
Anthropic has disclosed specific findings from Mythos's early deployment, and they are worth taking seriously on their own terms rather than as marketing.
Mythos found a 27-year-old vulnerability in OpenBSD — one of the most security-hardened operating systems available — that would allow a remote attacker to crash any machine running it. It identified a 16-year-old flaw in FFmpeg, the widely-used video encoding library, in a line of code that automated tools had run against five million times without ever catching it. It chained together multiple Linux kernel vulnerabilities to achieve privilege escalation from ordinary user access to full machine control. All of these were reported to maintainers and have since been patched.
These are real findings, not demonstrations in a controlled environment. The OpenBSD and Linux kernel cases matter because these codebases have been scrutinized by skilled humans for decades. The fact that Mythos found things they missed is meaningful.
Beyond one-off vulnerability discovery, organizations in the Glasswing program are also using the model for automated patch writing, pre-release security checks integrated into development pipelines, threat detection automation, and rewriting legacy codebases in memory-safe languages. Some of these use cases are more mature than others, and results will vary significantly depending on the quality of an organization's existing security processes.
It is also worth being clear about what Mythos is not. It is not a complete replacement for human security judgment. It does not eliminate false positives. It does not automatically understand business context, risk tolerance, or which vulnerabilities actually matter most for a given organization. Findings still need to be validated, triaged, and acted on by people who understand the environment.
Project Glasswing is Anthropic's controlled deployment program for Claude Mythos Preview. It launched in April 2026 with around 50 founding partners — including AWS, Apple, Cisco, CrowdStrike, Google, Microsoft, and NVIDIA — and has since expanded to over 200 organizations across 15+ countries. Anthropic committed $100 million in usage credits and $4 million in donations to open-source security organizations as part of the initiative.
The program's structure reflects genuine caution: organizations must meet Anthropic's security requirements before gaining access, use is restricted to defensive purposes, and Anthropic is monitoring how partners deploy the model. The early findings — over 10,000 high- and critical-severity vulnerabilities identified across Glasswing partners — suggest the model is producing real value in the hands of organizations with the infrastructure to use it well.
What Glasswing does not do is solve the broader problem it is responding to. Most organizations are not Glasswing partners. Most do not have the scale or infrastructure to integrate a model like Mythos into their security workflows, even if they had access. The program benefits the largest, best-resourced technology companies and critical infrastructure operators first — which makes sense as a starting point, but leaves the vast majority of organizations navigating this shift on their own.
Anthropic has also released Claude Security, a commercial product built on its public frontier models, as a more accessible option. It uses Claude Opus 4.8 rather than Mythos, which means meaningfully lower capability for vulnerability discovery tasks. It is a useful tool, but it is not a substitute for Mythos-class analysis.
The security industry has a habit of swinging between two failure modes when a new capability emerges: either dismissing it as overhyped, or treating it as an unprecedented catastrophe. Claude Mythos warrants neither response. What it does warrant is a clear-eyed look at what actually changes and what the real risks are.
The most important shift Mythos represents is not capability in isolation — it is what happens to timelines. Traditional security programs are built around a set of assumptions: that finding a serious vulnerability requires significant expertise and time, that exploit development introduces further delay, and that defenders have a meaningful window to respond between each stage.
Those assumptions are already being eroded. Mythos accelerates that erosion significantly. When discovery, exploit development, and operationalization can all happen faster and with less human expertise, the window between "vulnerability exists" and "vulnerability is being actively exploited" compresses. Security teams running 30-to-90-day remediation SLAs for critical issues are operating on timelines designed for a different threat environment.
Cobalt CISO Andrew Obadiaru has written directly on this: the conversation around Mythos tends to focus on capability, but the more consequential shift is speed. That distinction changes what security programs actually need to do.
Anthropic's own assessment is that comparable AI capabilities will likely exist at other AI companies within 6 to 12 months. Some of those companies may not apply equivalent restrictions. The defensive head start that Glasswing creates is real — but narrow, and narrowing.
The same model capabilities that make Mythos useful for finding vulnerabilities in critical infrastructure also make it useful for attacking it. The difference is governance and intent, both of which become harder to control as capabilities spread to more actors.
This may be the most underappreciated concern. Most of the Claude Mythos conversation focuses on what the model can do. Less attention has been paid to whether organizations are ready to use AI-driven vulnerability discovery responsibly — and most are not.
Gaining access to a tool that can find thousands of vulnerabilities quickly is not automatically a good outcome. If an organization lacks the processes to validate findings, prioritize what matters, handle responsible disclosure at scale, and fix things fast enough to outpace potential exploitation, then more discovery creates more backlog and more exposure — not less.
The questions every security leader should be asking now — regardless of whether they have access to Mythos — are: who controls access to AI security tools in our organization, how are findings handled, what does our disclosure process look like, and critically, can our remediation function keep pace with what AI-assisted discovery can produce?
AI-generated vulnerability findings are not uniformly high quality. False positives are a real issue, and the sheer volume of output from a model like Mythos can overwhelm security teams that are not equipped to triage it effectively. More findings is not the same as more security. Without a robust validation layer, high-volume AI vulnerability discovery can actually make prioritization harder, not easier.
This is where the Mythos conversation needs grounding. Before asking whether your organization is ready for AI-assisted vulnerability discovery at Mythos scale, it is worth asking whether your organization is effectively handling the vulnerabilities it is already finding.
The Cobalt 2026 State of Pentesting Report, based on data from thousands of real-world penetration tests and a survey of 450 security leaders, paints a specific picture of where the industry actually stands.
The remediation gap is stark. Top-performing organizations — those treating pentesting as a continuous program — achieve a high-risk finding half-life of just 10 days. The bottom tier, those treating security testing primarily as a compliance exercise, languish at 249 days. That is a 25x difference in remediation speed, translating to eight extra months of exposure for organizations on the wrong side of that gap. Across five years of Cobalt's dataset, the overall resolution rate for high-risk findings sits at 52% — meaning roughly half of the serious vulnerabilities organizations find are never actually fixed.
There is also a significant disconnect between how leadership and practitioners perceive this problem. In our research, 57% of C-suite executives believe their organizations consistently meet remediation SLAs. Only 15% of the security practitioners doing the actual work agree. That gap — between how security performance looks from the boardroom and how it looks from the ground — is a structural problem that no AI discovery tool resolves on its own.
The good news: the data also shows what the difference-maker is. For the first time in Cobalt's research history, more than half of organizations (53%) now take a programmatic approach to security testing — continuous, integrated, and risk-driven rather than episodic and compliance-led. Those organizations are 4.5 times more likely to resolve critical findings within three days compared to teams still running ad hoc testing.
This matters enormously in the context of Mythos. The organizations that will benefit from AI-assisted vulnerability discovery — whether from Mythos, Claude Security, or whatever comes next — are precisely the ones that already have the continuous testing infrastructure, the remediation workflows, and the cross-functional alignment to act on findings quickly. For organizations that don't have those foundations, faster discovery without faster remediation just means a bigger, more expensive backlog.
The practical implications of Mythos are less about the model itself and more about what it signals for how security programs need to operate — with or without access to Mythos directly.
The remediation problem matters more than the discovery problem. Our data is clear: most organizations already know about more vulnerabilities than they are fixing. Mythos and AI-assisted discovery tools will increase the volume of findings further. If your remediation function is not working — if findings are languishing, if SLAs are not being met, if engineering handoffs are breaking down — adding more discovery capability makes things worse, not better. Fix the remediation process first.
Continuous security testing is no longer optional. A pentest that runs once a year tells you what your attack surface looked like at a moment that no longer exists. The organizations in Cobalt's data that resolve findings fastest are the ones running continuous, integrated security programs — not annual assessments. Mythos-class AI accelerates the obsolescence of the point-in-time model.
Validation is now a core capability, not a nice-to-have. AI-generated findings still need human judgment to determine what is real, what matters in your specific environment, and what to do about it. The combination of AI breadth with expert human context is where security programs will be differentiated. The volume of findings without quality validation is just noise with extra steps.
Governance needs to keep pace with AI capability. Before your organization adopts any AI-assisted security tooling, the questions about access controls, handling procedures, and disclosure processes need answers. Capability without governance is its own category of risk — one that most organizations are underestimating.
Programmatic beats episodic, every time. This is perhaps the clearest lesson from Cobalt 2026 data, and it applies directly to the Mythos moment. The security teams that will navigate the AI era well are not the ones that buy the most tools. They are the ones that have built programs — continuous, measured, integrated with engineering, and accountable to actual outcomes. That is what separates the organizations with a 10-day remediation half-life from the ones sitting at 249.
Not through Anthropic's public channels. Access is limited to Project Glasswing partners who meet Anthropic's security requirements — currently large technology companies and critical infrastructure operators.
Anthropic attempted to broaden access with the June 9, 2026 release of Claude Fable 5 — a version of Mythos fitted with guardrails blocking responses in high-risk areas like cybersecurity and biology, designed to make Mythos-class capability safe enough for general release. It was available for three days. On June 12, the U.S. government issued an export control directive ordering Anthropic to suspend all access to Fable 5 and the simultaneously released Mythos 5 for any foreign national, citing national security concerns. To ensure compliance, Anthropic disabled both models for all customers worldwide. The directive appears to stem from a claimed jailbreak of Fable 5; Anthropic disputes the severity, describing it as a "narrow, non-universal" bypass that demonstrates capability already available in other public models. As of publication, both models remain offline and litigation between Anthropic and the Trump administration is ongoing.
Anthropic's Claude Security product remains commercially available and uses Claude Opus 4.8, which offers meaningfully lower capability for vulnerability discovery than Mythos-class models. It is currently the most accessible Claude-based option for organizations outside the Glasswing program.
The difference is primarily in depth and autonomy. Earlier AI models could assist security researchers who were guiding the process; Mythos can pursue complex, multi-step vulnerability discovery and exploit development with less human direction. The benchmark data and real-world findings — vulnerabilities that survived decades of prior review — support that claim, within the limits of what controlled demonstrations can tell us.
The capability is real. Whether the threat is overstated depends on which threat you mean. The risk that Mythos itself gets misused is constrained by Glasswing's access controls, for now. The broader risk — that AI-assisted vulnerability discovery and exploitation becomes widely accessible as similar capabilities proliferate — is not overstated. The question for security teams is not whether this shift is happening but whether their programs are built to operate in the environment it creates.
Start with the fundamentals: close the gap between finding vulnerabilities and fixing them. Cobalt's data shows most organizations already have a significant remediation backlog problem that more discovery will only compound. Beyond that: move toward continuous testing, build governance structures for AI security tooling, and invest in the validation and triage capabilities that turn high-volume AI output into actionable signal.
The Cobalt platform combines human-led pentesting with AI-powered tooling, designed to provide a continuous view of your attack surface rather than on a point-in-time basis. The expert human layer — known as the Cobalt Core, a vetted pentester community — handles validation, context, and the judgment calls that determine which findings actually matter and how to fix them. That combination is what our data consistently shows drives the fastest, most complete remediation outcomes.
Want to understand where your security program stands on remediation performance, and what it would take to close the gap? Talk to the Cobalt team.
Further reading from Cobalt