Overview
Anthropic published a detailed technical assessment of Claude Mythos Preview's cybersecurity capabilities on April 7, 2026, alongside the model's announcement and the launch of Project Glasswing, a coordinated defensive initiative targeting critical software. The report documents Mythos Preview's performance on zero-day vulnerability discovery and exploit development across major operating systems, web browsers, cryptography libraries, and virtual machine monitors.
This is a model capability disclosure, not a standard product release. Mythos Preview is not being made generally available. Anthropic is restricting access to a limited group of critical infrastructure partners and open source developers while coordinated vulnerability disclosure is underway. The report explicitly benchmarks Mythos Preview against prior Claude models, showing a qualitative jump: where Opus 4.6 succeeded at exploit development near 0% of the time on autonomous tasks, Mythos Preview succeeded at rates that make autonomous exploit writing a practical reality. The capabilities emerged from general improvements in reasoning and code, not from targeted security training.
What this means for brands
If your brand operates in enterprise security, cloud infrastructure, developer tooling, or any sector that sells to security-conscious buyers, this report shifts the reference point those buyers use to evaluate AI vendors. Anthropic is now publicly associated with a model that can autonomously write working exploits for 17-year-old kernel vulnerabilities and chain four browser vulnerabilities into a sandbox escape, at a cost of under $2,000 per exploit chain. That is a significant credibility signal in enterprise security conversations, both a selling point for brands that partner with or build on Anthropic's stack and a challenge for competitors who will be asked how their models compare.
For brands outside security that use Claude in enterprise or government contexts, this report is likely to appear in procurement and risk review discussions. Procurement teams will ask whether your product uses Claude, whether you have controls in place, and how Anthropic's responsible disclosure posture affects your risk profile. The report's framing, that Mythos Preview is being held back while defenses are built, is intended to reassure, but it also confirms that the capability gap between publicly available models and frontier models is now material in a domain that enterprise buyers care about acutely.
What to do
Audit your current AI positioning language for accuracy. If your brand makes claims about using Claude or Anthropic's models in security-sensitive contexts, verify those claims hold given what is now public about capability levels. Update any product marketing that implies you are using frontier-grade capability when you are on a prior generation, or vice versa. The benchmark gap between Opus 4.6 and Mythos Preview is now documented and specific enough that technically literate buyers will notice inconsistencies.
Prepare a one-page internal FAQ for sales and customer success teams covering three questions: what Claude Mythos Preview is and why it is not in your product, how Anthropic's restricted release and Project Glasswing affect your risk posture, and what controls exist in your product for AI-generated security-relevant outputs. Enterprise deals in regulated industries will surface these questions in the next 60 to 90 days as procurement teams read coverage of this report. Brief your sales engineers before that happens rather than after. If you are actively marketing to security teams or CISOs, run your current messaging past a security-literate reviewer and flag any claims that this report makes harder to defend.