On April 7th, 2026, Anthropic announced a new AI model and simultaneously told the world it was too dangerous to release. 

Claude Mythos Preview is, by the company's own account, the most capable model it has ever built. Testing found thousands of zero-day vulnerabilities, many of them critical, across every major operating system and every major web browser. What makes a sophisticated cyberattack actually succeed is brute force and labor, never due to an excess of knowledge. Unfortunately, skilled security researchers are scarce, expensive, and running out. Estimates put the global shortage of cybersecurity professionals somewhere between 5 million today and 85 million by 2030. What makes Mythos so revolutionary is that it solves this dilemma and does in hours what those missing professionals would have spent weeks on. 

The fact is, the two have never been this difficult to separate. Mythos breaks the assumption of expertise, and as the model structurally improves to its full extent, it mostly saturates existing security benchmarks. Anthropic shifted its evaluation to novel real-world tasks instead. What that means in practice is that the tools used to measure AI security capability no longer capture what the model can actually do. 

The innovative potential on the defensive side is the most concerning aspect however. Anthropic launched Project Glasswing, committing up to $100 million in usage credits for Mythos and $4 million in direct donations to open-source security organizations, with access extended to over 40 organizations that build or maintain critical software infrastructure. The premise is that a model capable of scanning the entire surface area of the internet's underlying software, operating systems, browsers, shared open-source libraries, can find and close any vulnerabilities faster than any human. Mythos, used defensively of course, makes it possible to be structurally proactive at a scale that simply did not exist before – but also grants governments an extraordinary amount of power, making entire democracies uncomfortable.

And even worse, the threat of hackers presents the possibility of an entire national security meltdown. Ransomware alone cost the global economy an estimated $42 billion in 2024. If models like Mythos lower the skill floor for executing attacks, the downstream damage to institutions, insurers, and public infrastructure compounds quickly. AI-enabled cyberattacks already surged 89 percent in 2025 from the year before, according to CrowdStrike, and that number predates Mythos. 

Interestingly however, researchers at multiple cybersecurity firms found that many of Mythos's headline results can be reproduced using older, cheaper models working in parallel, suggesting scale and coordination matter more than having the newest model. The breakthrough may not be Mythos specifically, as it may be the broader shift toward AI-powered security work. The advantage goes to whoever builds the best strategic operation around capable models, not just whoever has the most powerful one. That opens the door for a new generation of security tooling companies, and it changes what enterprise security teams actually need to hire for. 

One of the less obvious economic implications is a new capacity bottleneck. AI that enables rapid and large-scale discovery of software vulnerabilities can overwhelm organizations which rely on these security features. If thousands of vulnerabilities can be identified quickly, most organizations do not have the engineering bandwidth to patch them all. The gap between finding a problem and fixing it is where billions can be lost. 

Initial access to Mythos was restricted to a short list including Apple, Amazon, JPMorgan Chase, Google, Microsoft, and Palo Alto Networks. The European Commission confirmed it has not yet secured access to Mythos, putting European institutions at a disadvantage relative to the American companies already using it for defensive work. Access to this technology is already functioning as economic and strategic asymmetry, and the institutions on the wrong side of that gap are the ones with the least resources to absorb a major breach. 

What Mythos actually represents, without all of the launch drama, is a pricing and human shock to the entire security industry. The organizations that treat this moment as a reason to rethink their security infrastructure from the ground up, rather than a headline to monitor from a distance, are the ones that will be positioned for what comes next.

References:

[1] Nicholas Carlini, Newton Cheng, Keane Lucas, Michael Moore, Milad Nasr, Vinay Prabhushankar, Winnie Xiao. April 7, 2026. “Assessing Claude Mythos Preview’s cybersecurity capabilities” Anthropic Red, https://red.anthropic.com/2026/mythos-preview/#ftnt1