mythos-preview

Security researchers at Calif used Anthropic's Mythos Preview model to develop a working macOS kernel memory corruption exploit on M5 silicon in five days, bypassing Apple's Memory Integrity Enforcement (MIE) system. The exploit chain targets macOS 26.4.1 and escalates from unprivileged local user to root shell using two vulnerabilities and several techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) has not received access to Anthropic's Mythos Preview model, according to an Axios report, while the NSA and Commerce Department are using the AI tool to find security vulnerabilities. The exclusion raises questions about the agency's ability to fulfill its role as the nation's central cybersecurity coordinator.

Anthropic has released Claude Opus 4.7, its most powerful generally available model, though it scores lower than the company's Mythos Preview model on every evaluation. The company intentionally reduced Opus 4.7's cybersecurity capabilities during training as it tests safety measures before releasing more powerful models.

OpenAI is restricting access to a new AI model with advanced cybersecurity capabilities to a small group of companies, mirroring Anthropic's decision to limit distribution of its Mythos Preview model. OpenAI's move builds on its February launch of the Trusted Access for Cyber pilot program following GPT-5.3-Codex, offering $10 million in API credits to participants.

Twelve major technology companies—including Apple, Google, Microsoft, Amazon, and Nvidia—have launched Project Glasswing, a coordinated effort to identify and patch critical software vulnerabilities using Anthropic's unreleased Mythos Preview model. The initiative discovered thousands of zero-day vulnerabilities in mission-critical software, including a 27-year-old bug in OpenBSD and a 16-year-old vulnerability in widely-used video software that automated testing tools had missed.

Anthropic is rolling out its Mythos Preview model only to a handpicked group of 40 tech and cybersecurity companies, withholding public release due to the model's sophisticated ability to find tens of thousands of vulnerabilities and autonomously create working exploits. The model found bugs in every major operating system and web browser during testing, including vulnerabilities decades old and undetected by human security researchers.