Claude Mythos 1: The AI Security Leak Worth Watching
Claude Mythos 1 briefly appeared in Anthropic's UI, then vanished. The security numbers from Project Glasswing are real—and raise harder questions than the hype does.
Written by AI. Rachel "Rach" Kovacs

Photo: AI. Iolanthe Fenwick
The model name claude-mythos-1-preview appeared in Anthropic's interface, users screenshotted it, and then it disappeared. That's not unusual—companies accidentally surface internal references all the time. What makes this particular ghost sighting worth examining isn't the leak itself. It's what the surrounding context suggests about where AI-assisted security is actually heading.
Julian Goldie's recent breakdown of the Mythos 1 signals covers the technical tea-leaf reading well: UI strings referencing "access to the claude mythos model in Claude code and claude security," a model selector appearance on Google Cloud's Vertex AI console, a Claude security dashboard being built out with vulnerability tracking infrastructure. His read is that these aren't coincidences—and on that narrow point, he's probably right. You don't build vulnerability tracking dashboards for a model you've shelved.
What the video is less careful about is separating confirmed information from inference, and inference from hype. That's worth untangling before we get to the parts that actually matter.
What's signal, what's noise
The leak itself is thin. A model name appeared, got pulled, and showed up in some code strings. Goldie is upfront about this: "Everything in this video is based on leaks and publicly available information. Anthropic has not officially confirmed a launch date or general access for Claude Mythos 1. None of this is confirmed."
That caveat does a lot of work, and it's easy to forget it twenty seconds later when the numbers start arriving.
The numbers, though, come from a different and more substantive source: Project Glasswing. This is where the story gets genuinely interesting, independent of whatever the leaked model name means. Anthropic gave approximately 50 major organizations—Microsoft, Apple, Google, Cloudflare, JP Morgan Chase, Nvidia, Cisco, the Linux Foundation, Amazon, Crowdstrike—early access to a Mythos preview for one specific purpose: find vulnerabilities before attackers do.
The reported results over one month are the kind of numbers that stop you mid-scroll. Over 10,000 high-severity or critical security flaws identified. Of those, 1,726 confirmed as real vulnerabilities. 1,094 classified as high or critical severity. That led to 97 patches and 88 security advisories. Cloudflare alone reportedly found 2,000 bugs in their own systems, 400 of them severe.
Mozilla's security team used Mythos to audit Firefox 150 and found 271 vulnerabilities—ten times what they found in Firefox 148 using Claude Opus 4.6. Same team, same process, same browser. Ten times the output.
These numbers come from Anthropic and its partners, so they carry the usual caveats around self-reported results. But the scale is notable enough that zero-day discoveries of this magnitude, if accurate, would represent a genuine inflection point in automated security research—not just an incremental capability bump.
The dual-use problem, stated plainly
Here's where Goldie's framing is actually useful, even if his overall tone runs hotter than the evidence warrants: "Same capability that finds these vulnerabilities—it can also build the exploits. Mythos didn't just find the bugs. In many cases, it built working attacks to prove they were real. That's what makes it dangerous."
This is the crux of the Mythos situation, and it's a genuine tension rather than a marketing story. Proof-of-concept exploit generation is standard practice in responsible disclosure—you demonstrate the vulnerability is real so the vendor takes it seriously. But a model capable of doing this autonomously at scale is, by definition, a dual-use tool. The same capability that helps Cloudflare find 400 severe bugs in its own systems could help someone else find 400 severe bugs in Cloudflare's systems.
Anthropic's stated reasoning for the controlled rollout is direct: they don't want to hand attackers the same tools they're giving defenders. "Once a model this powerful is out in the open, the defensive head start disappears." That's a coherent position. It also creates a tension that Anthropic has been navigating publicly for weeks—how do you demonstrate capability to justify the caution without the demonstration itself becoming a roadmap?
The Capabara tier framing—Anthropic's internal designation for where Mythos sits, above Haiku, Sonic, and Opus in the model hierarchy—suggests this isn't just a performance upgrade. It's being treated as a qualitatively different category of capability, which is why the access controls are correspondingly stricter.
The bottleneck nobody's talking about
The detail that deserves more attention than it gets: Mythos is reportedly generating findings faster than the industry can fix them.
That's not a capability problem. That's a process problem, and it's a harder one. Goldie puts it directly: "The problem is no longer finding vulnerabilities. The problem is patching them fast enough."
Security teams have always operated in a state of triage—too many potential issues, not enough engineers, not enough time. What AI-assisted scanning at Mythos's reported scale does is blow up the assumption that finding vulnerabilities is the bottleneck. If a model can surface 1,094 high-or-critical severity issues in 30 days across major enterprise software, the constraint shifts entirely to remediation capacity: the engineers who have to understand the finding, reproduce it, write the fix, test the fix, and ship it without breaking anything else.
This isn't unique to Mythos. It's the structural problem that emerges whenever you dramatically accelerate one step of a multi-step process. And it's worth asking whether the organizations in Project Glasswing—the Apples and Googles of the world, with large security teams—are actually representative of the broader software ecosystem. A small open-source project or a mid-sized SaaS company receiving 400 high-severity findings from an AI scan doesn't have the same remediation capacity. The flood of findings might be less useful, or actively paralyzing, without the infrastructure to act on them.
Anthropic appears aware of this. They've pledged $100 million in model credits to Project Glasswing partners and donated $4 million to open-source security foundations including Alpha-Omega and OpenSSF specifically to help manage the volume of findings.
What the infrastructure signals actually tell us
The mixed signals around Mythos make more sense when you look at the pattern of previous Claude releases. Goldie tracks it: "Every major model has gone through a preview stage before general release. Sonic did it. Opus did it. The preview label historically has appeared several months before general availability."
The preview label being removed from Mythos's base listing on Google Cloud's Vertex AI console—exactly the pattern that preceded Claude Opus 4.7's broad availability—is the most concrete signal in the video, and it's a reasonable one to note.
Anthropic's official statement from May 22nd is the clearest public anchor: "once they've developed stronger safeguards, they plan to make Mythos-class models available through a general release." Independent analysts are placing limited enterprise API access in a late June to early July window. Prediction markets put public release odds by June 30th at around 45%.
The current publicly available tool—Claude Security, running on Opus 4.7—already scans GitHub repositories for vulnerabilities and scores 73.1% on the CyberGym benchmark. Mythos reportedly scores 83.1% on the same benchmark. That ten-point gap, applied to the Firefox audit comparison, is what produces a 10x difference in findings. The gap between what's findable and what's being found has apparently been wider than the security industry realized.
Reading the tea leaves honestly
There's a version of this story where Mythos 1 is exactly what the signals suggest: a qualitative leap in automated vulnerability research, being deployed carefully because the offensive applications are real, on a timeline that's months rather than years away from broader enterprise access.
There's another version where the numbers are real but the framing is running ahead of them—where "10 times more vulnerabilities found" reflects as much about the audit methodology and the specific software audited as it does about a step-change in AI capability.
Both versions are consistent with the available evidence. What's not in question is that AI-assisted security research is compressing timelines in ways that matter, that the dual-use problem is real and not resolved by controlled rollouts, and that the bottleneck in software security is shifting from detection to remediation faster than the industry's processes are adapting.
The model name in the UI was a breadcrumb. The harder questions aren't about when Mythos ships—they're about whether the organizations receiving its findings are actually equipped to act on them at the pace the model generates them.
Rachel "Rach" Kovacs is Buzzrag's cybersecurity and privacy correspondent.
AI Moves Fast. We Keep You Current.
Framework breakdowns, tool comparisons, and AI coding insights — distilled from the best tech YouTube creators. Free, weekly.
More Like This
Browser Use CLI Gives AI Agents Web Control—For Free
New Browser Use CLI tool lets AI agents control browsers with plain English commands. Free, fast, and works with Claude Code—but raises questions about automation.
When AI Models Find Bugs Faster Than Humans Can Fix Them
Anthropic's Claude Mythos claims 83% success finding software vulnerabilities. The debate reveals fundamental tensions in AI security policy.
Claude Code 2.1.91: Three Updates That Actually Matter
Claude Code's latest update brings shell execution controls, 500K character handling, and session reliability fixes. Here's what changed and why it matters.
Claude Mythos Found Zero-Days in Minutes. Your Stack Next?
Anthropic's leaked Claude Mythos model found zero-day vulnerabilities in Ghost within minutes. Security researchers call it 'terrifyingly good.'
Anthropic's Claude Code Leak Exposes Security Gaps
Anthropic accidentally leaked Claude Code's source code—twice. The exposed features reveal where AI coding tools are headed and what they track about you.
Anthropic's Mythos 1: Power, Leaks, and Mixed Signals
Mythos 1 found 10,000+ critical vulnerabilities in 30 days. Now it's leaking into Anthropic's products—days after they said it wouldn't be released.
Anthropic's Claude Mythos Found Thousands of Zero-Days
Anthropic's new Claude Mythos AI discovered thousands of zero-day vulnerabilities, prompting a defensive security initiative before public release.
Why Your AI Agent Sits Idle After Installation
Installing an AI agent takes 10 minutes. Making it actually useful takes 40 hours. Here's why the industry keeps solving the wrong problem.
RAG·vector embedding
2026-05-28This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.