Anthropic's Mythos Found Thousands of Zero-Days Across Every Major OS and Browser

Overview

Anthropic's Claude Mythos, the company's most powerful cybersecurity AI model, has identified thousands of previously unknown zero-day vulnerabilities across every major operating system and web browser, sending banks, tech giants, and governments scrambling to mount defenses.

Project Glasswing

The controlled rollout — dubbed Project Glasswing — restricts access to approximately 40 vetted organizations, including Apple, Amazon, JPMorgan Chase, and Palo Alto Networks. Anthropic designed the selective deployment to give the corporate world time to shore up cyber defenses before the model's capabilities could be weaponized by criminal groups or adversarial nations.

A Moment of Danger

"We are in a moment of danger." — Anthropic CEO Dario Amodei, May 5, 2026

Amodei warned that while AI can now identify vulnerabilities faster than ever, patching them still takes days to weeks — a widening gap that leaves systems exposed.

Government and Banking Response

Federal Reserve Chair Jerome Powell and Treasury Secretary Scott Bessent convened with major U.S. bank CEOs to discuss the Mythos threat. Vice President JD Vance and Bessent also held an emergency call with leading tech CEOs ahead of the model's release. A security incident clouded the launch: a handful of users in a private online forum gained unauthorized access to Mythos on the same day Anthropic announced the limited rollout plan.

Expert Pushback

Cybersecurity experts challenged the scale of the threat. Multiple specialists told CNBC that the capabilities Mythos demonstrates are achievable with earlier models, and that while AI accelerates vulnerability discovery, it does not represent a fundamentally new risk class. Anthropic confirmed it has no plans for a general public release of Mythos Preview.

Source: CNBC Full Report