Anthropic Confirms Claude Mythos AI Models Coming to Public

by

Anthropic Confirms Claude Mythos AI Models Are Coming to the General Public

Anthropic has confirmed that it will bring Claude Mythos-class models to general public availability, ending one of the most tightly controlled AI model restrictions in the industry. The company withheld the model from public release since April 2026, citing the risk that a tool capable of autonomously discovering and exploiting zero-day vulnerabilities could cause catastrophic harm if deployed without the necessary safeguards. With those safeguards now in development, a broader rollout is coming, and Canadian organizations need to understand exactly what that means.

From Restricted Preview to General Release: The Mythos Timeline

Anthropic introduced Claude Mythos Preview in April 2026, but unlike every prior model launch, it did not offer it through a standard API or subscription tier. Instead, the company launched Project Glasswing, a controlled-access program that gave roughly 50 vetted organizations exclusive early use of the model. Those partners included Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.

Anthropic backed the initiative with up to $100 million in Mythos Preview usage credits for consortium partners and $4 million in direct donations to open-source security organizations. The logic was deliberate. As Anthropic stated at launch: “The advantage will belong to the side that can get the most out of these tools. In the short term, this could be an issue if frontier labs aren’t careful about how they release these models. In the long term, we expect it will be defenders.”

The first signal that a broader rollout was coming appeared in late May 2026, when users spotted a reference to the model identifier claude-mythos-1-preview inside the public version of Claude Code, the company’s agentic coding tool, before Anthropic quietly pulled the toggle offline. The same identifier surfaced briefly in Claude Security, Anthropic’s enterprise-focused security product. These are not accidents, and security researchers widely interpreted them as active release pipeline preparation.

What Mythos Found: 10,000+ Critical Vulnerabilities in One Month

The results from the Project Glasswing preview period offer the clearest picture of what this model can do and why its unrestricted availability has raised serious flags within the security community.

Within the first month of controlled deployment, Claude Mythos Preview uncovered more than 10,000 high- or critical-severity software vulnerabilities across widely deployed systems. In total, the model generated 23,019 candidate findings, and when 1,752 of those were independently reviewed by external security firms, 90.6% were confirmed as genuine vulnerabilities. Cloudflare alone reported discovering 2,000 bugs, including 400 rated high or critical severity, and the company noted Mythos produced a lower false-positive rate than human penetration testers.

Among the most consequential specific discoveries:

  • CVE-2026-5194, a critical flaw in the wolfSSL open-source cryptography library carrying a CVSS score of 9.3. Mythos autonomously built a working exploit that allowed for forging TLS certificates, enabling the creation of fake banking or email websites indistinguishable from legitimate ones to end users. wolfSSL is embedded in an estimated five billion IoT, automotive, and industrial control devices worldwide. The vulnerability has since been patched.
  • CVE-2026-4747, a 17-year-old remote code execution flaw in FreeBSD’s RPCSEC_GSS module. Mythos fully autonomously identified and exploited this vulnerability, producing a working exploit chain that granted root access from an unauthenticated position anywhere on the internet. No human was involved in either the discovery or exploitation after the initial tasking.
  • A 27-year-old remote denial-of-service vulnerability in OpenBSD was flagged during scanning of over 1,000 widely used open-source projects.

Mythos did not simply flag individual bugs. In documented cases, it combined multiple lower-severity weaknesses into multi-stage exploit chains capable of defeating browser rendering sandboxes and operating system isolation. Mozilla responded to Glasswing findings by patching 271 vulnerabilities in a single Firefox release.

The Patch Bottleneck: AI Finds Faster Than Humans Can Fix

The headline discovery count obscures a deeper, more urgent problem. As of late May 2026, Anthropic had disclosed 1,596 vulnerabilities across 281 open-source projects through its coordinated disclosure dashboard. Of those, only 97 had been patched upstream, generating 88 public advisories.

That ratio represents a structural failure in how the software industry handles vulnerability disclosure. Human capacity to triage, assess, and implement patches cannot match the pace at which an AI model like Mythos generates valid findings. Anthropic has acknowledged this gap directly and partnered with the Open Source Security Foundation’s Alpha-Omega project to help overloaded maintainers process incoming reports.

The company’s operational advice to security teams reflects the severity of that gap: shorten patch testing and deployment timelines, enforce multi-factor authentication across all external-facing systems, harden default network configurations, and maintain comprehensive logs to support detection and response. The underlying message is that the remediation window for known vulnerabilities is shrinking, and organizations that hold off on patching are taking on measurable risk.

Cyber Verification Program: Controlled Access for Security Professionals

Alongside the Project Glasswing updates, Anthropic launched a Cyber Verification Program that allows credentialed security professionals, including penetration testers, red teamers, and vulnerability researchers, to use Anthropic models without standard guardrails for legitimate defensive work. This is structurally similar to OpenAI’s Daybreak program, which provides vetted access to GPT-5.5-Cyber for specialized security workflows.

The public rollout of Mythos-class models, when it arrives, is expected to come with guardrails that are significantly stronger than those applied to current Claude models. Anthropic has not confirmed a release date or specified which subscription tiers will receive access.

Canadian Impact: Critical Infrastructure, Disclosure Gaps, and PIPEDA Exposure

The software systems Mythos targeted during Project Glasswing, including wolfSSL, FreeBSD, OpenBSD, the Linux kernel, and a broad range of open-source libraries, are deeply embedded in Canadian infrastructure. Banking networks, hospital systems, energy grid control systems, and federal government platforms all depend on components from these same codebases.

The Canadian Centre for Cyber Security (CCCS) flagged this category of risk explicitly in its National Cyber Threat Assessment 2025-2026, warning that AI technologies are actively enhancing the quality, scale, and precision of malicious cyber activity and that AI labs have themselves become high-priority targets. The report identifies AI-driven capability amplification and supply chain compromise as two of the five defining trends shaping Canada’s threat landscape through 2026.

There is also a regulatory dimension unique to Canada. Unlike the United States, Canada does not currently have Safe Harbour protections for vulnerability disclosure. Security researchers operating in Canada who test for and report flaws lack the legal protections that American researchers rely on, creating friction in coordinated disclosure and reducing the speed at which Canadian organizations can receive and act on reports.

Under PIPEDA and its successor framework, organizations holding personal information are required to report breaches that create a real risk of significant harm. If a critical vulnerability in a widely deployed library, such as CVE-2026-5194 in wolfSSL, is exploited against a Canadian organization before a patch is applied, that event could trigger mandatory breach notification to the Office of the Privacy Commissioner. Organizations that cannot demonstrate they acted on available remediation guidance are in a significantly more exposed position.

Canadian IT teams should also note that Anthropic has engaged allied governments as part of its Glasswing expansion plans. Whether the Canadian Security Establishment or CCCS will be included in future program partnerships has not been publicly confirmed.

Key Takeaways

  • Anthropic has confirmed that Claude Mythos-class models will receive a general public rollout once stronger safeguards are in place, with no specific timeline announced.
  • Project Glasswing, active since April 2026 with 50 vetted partners, resulted in 10,000+ high/critical vulnerability discoveries in its first month using Claude Mythos Preview.
  • CVE-2026-5194 (wolfSSL, CVSS 9.3, certificate forgery) and CVE-2026-4747 (FreeBSD RCE, 17-year-old flaw) are among the most severe confirmed findings from the program.
  • Less than 7% of disclosed vulnerabilities had been patched as of late May 2026, creating a wide remediation window that threat actors could exploit.
  • The model identifier claude-mythos-1-preview briefly appeared in Claude Code and Claude Security, signalling active release pipeline preparation.
  • Canadian critical infrastructure sectors, including banking, healthcare, and energy, are directly exposed to unpatched vulnerabilities in the same open-source codebases Mythos scanned.
  • Under PIPEDA, Canadian organizations that fail to patch known critical vulnerabilities and then experience a breach face significant breach notification exposure.

What You Should Do Now

  1. Audit your dependency stack immediately. Identify whether your systems rely on wolfSSL, FreeBSD components, OpenBSD, FFmpeg, or Linux kernel versions affected by recently disclosed CVEs from the Project Glasswing disclosure dashboard at red.anthropic.com/2026/cvd/.
  2. Accelerate your patch cadence. Apply high and critical severity patches within 48 to 72 hours of public disclosure. The Glasswing findings have shortened the realistic exploitation window significantly.
  3. Subscribe to CCCS alerts. Monitor cyber.gc.ca for advisories tied to newly disclosed Glasswing CVEs as they enter the 90-day coordinated disclosure window and become public.
  4. Apply to Anthropic’s Cyber Verification Program. If your organization employs credentialed penetration testers or red teamers, evaluate whether your team qualifies for access to Anthropic’s models without standard guardrails for legitimate defensive work.
  5. Enforce MFA and harden default configurations. Prioritize external-facing services, VPN endpoints, email platforms, and any systems running affected open-source components.
  6. Review your PIPEDA breach-notification procedures. Confirm your organization has a clear internal escalation process for critical vulnerability disclosures and that your legal and privacy teams understand the reporting obligations that apply if a known vulnerability is exploited.
  7. Begin scoping AI-assisted security tooling now. When Mythos-class models become publicly available, they will be accessible to both defenders and threat actors. Organizations with no AI-assisted vulnerability management program in place will face a meaningful disadvantage.

Leave a Comment