1 hour ago
2
Anthropic built an AI model so good at hacking that the company decided most people shouldn’t be allowed to use it.
On April 7, 2026, Anthropic announced the limited release of Claude Mythos Preview, its latest frontier model. Rather than making it broadly available, the company restricted access through something called Project Glasswing, a controlled program offering the model only to select tech firms and key infrastructure providers for defensive cybersecurity purposes.
What Mythos actually did
During internal testing, Mythos autonomously detected thousands of high-severity vulnerabilities across various software platforms. That number includes 271 vulnerabilities found in Firefox alone. Some of these bugs had been sitting dormant in legacy systems for decades, invisible to human security teams and prior AI models alike.
Mythos didn’t just find vulnerabilities. It demonstrated the ability to chain exploits together in sophisticated sequences, essentially showing how a bad actor could turn individual weaknesses into coordinated cyberattacks.
Evaluations conducted by the UK’s AI Security Institute confirmed that Mythos represented significant advancements in autonomous cyber-attack simulations compared to Anthropic’s prior models. US bank executives and financial regulators reportedly engaged in urgent discussions about the implications.
The March leak and market fallout
A data leak in March 2026 revealed the existence of Mythos and its associated risks before the company was ready to go public. The leak triggered a noticeable decline in cybersecurity stocks and cryptocurrency prices.
No specific tokens were singled out in the discussions around Mythos. The selling pressure was broad and sentiment-driven, the kind of risk-off move that happens when the market suddenly realizes the infrastructure securing billions in digital assets might be more fragile than assumed.
What this means for crypto investors
DeFi platforms are the most obvious pressure point. Smart contract vulnerabilities are already the leading attack vector in crypto exploits. An AI that can systematically scan codebases and identify exploitable patterns at superhuman speed makes the existing security posture of many protocols look inadequate.
Anthropic’s decision to channel Mythos through Project Glasswing, providing it to defensive teams rather than releasing it broadly, creates an asymmetry. Defenders get access through a controlled program with compliance guardrails. Attackers, by definition, don’t wait for permission.
The company’s commitment to open-source security initiatives offers some counterbalance. If Mythos-derived vulnerability disclosures reach the broader developer community quickly, the net effect could actually be a more secure ecosystem.
The urgent conversations among US financial regulators suggest new compliance frameworks could emerge, potentially requiring crypto firms to meet higher cybersecurity standards.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.
English (US) · 