Back to Home

Claude Mythos: zero-day in Linux and OpenBSD

Anthropic introduced Claude Mythos Preview as part of Project Glasswing for finding zero-day vulnerabilities. The model surpasses Opus in benchmarks and detected bugs in Linux, OpenBSD, FFmpeg. Investments in defensive security without public release.

Mythos Preview breaks benchmarks: 93.9% SWE-bench
Advertisement 728x90

Claude Mythos Preview: Frontier Model for Finding Zero-Day Vulnerabilities in Project Glasswing

Anthropic has launched Project Glasswing — a closed project focused on defensive security. Participants, including AWS, Apple, Google, Microsoft, NVIDIA, Cisco, CrowdStrike, JPMorgan Chase, and Linux Foundation, have gained access to Claude Mythos Preview. This frontier model is not planned for public release. In just weeks of operation, it has uncovered thousands of zero-day vulnerabilities in key systems.

Vulnerability Scanning Results

The model discovered bugs in major OSes, browsers, Linux kernel, OpenBSD, and FFmpeg. Among the fixed examples:

  • A 27-year-old vulnerability in OpenBSD.
  • A 16-year-old hole in FFmpeg.
  • A chain of bugs in Linux kernel for privilege escalation.

These findings demonstrate the model's ability to perform at the level of leading security researchers. Anthropic has invested up to $100 million in usage credits and $4 million in open-source security projects: Linux Foundation, OpenSSF, Alpha-Omega, Apache Software Foundation.

Google AdInline article slot

Benchmarks and Performance

Claude Mythos Preview significantly outperforms Claude Opus on key metrics in security and development tasks. Here's the comparison:

| Benchmark | Mythos Preview | Opus |

|-----------------------|----------------|----------|

Google AdInline article slot

| SWE-bench Verified | 93.9% | 80.8% |

| CyberGym | 83.1% | 66.6% |

| Terminal-Bench 2.0 | 82.0% | 65.4% |

Google AdInline article slot

The gap highlights the model's potential in automated code analysis and exploit discovery. This is especially relevant for mid/senior developers working with legacy code and kernel-level systems.

Anthropic's Strategy for Defensive AI

The project focuses on using AI for defense, not attack. Models are already capable of finding and exploiting vulnerabilities with high efficiency. No public release of Mythos Preview is planned: protective mechanisms will be refined first. Capabilities will be integrated into future versions of Claude Opus.

Participation of tech giants ensures scale: shared access to models accelerates patching of critical bugs. For developers, this means new tools for proactive security in CI/CD pipelines.

Key Takeaways

  • Claude Mythos Preview found thousands of zero-days, including historical vulnerabilities in OpenBSD and FFmpeg.
  • Benchmarks show leadership: +13–16% over Opus in SWE-bench, CyberGym, Terminal-Bench.
  • $104 million in investments targeted at defensive security and open source.
  • No public release: focus on safe integration into future models.
  • Project Glasswing unites AWS, Google, Microsoft, and others for collective defense.

Implications for Developers

Senior specialists can expect evolution of tools like GitHub Copilot or similar, but with a focus on vulnerability scanning. Integrating such models into workflows will automate auditing of kernel modules and media libraries. Current benchmark leaders (SWE-bench >90%) point to a shift from assistive AI to autonomous security agents.

— Editorial Team

Advertisement 728x90

Read Next