An AI that even its creators are afraid of: Mythos by Anthropic
02 June 2026 11:05Imagine that engineers have invented an ultra-powerful and ultra-fast engine that easily outpaces all existing cars. However, there’s one catch—they haven’t invented brakes for it yet. That’s roughly the situation Anthropic found itself in during the spring of 2026.
On April 7, the company announced that it had an AI model called Claude Mythos. However, it is not yet ready to release it. Is it due to technical glitches or regulatory pressure? No. It is because internal testing revealed that the world is not yet ready for such a tool.
However, a new statement emerged in late May. Anthropic still plans to release Mythos-class models to the public, but only after developing sufficiently reliable safety mechanisms. The company did not specify any concrete timelines.
What is this “dangerous model”? How does it differ from other Claude AI models that users work with? And what can we expect in the future from this development?
What is Mythos and how does it differ from standard Claude models
When comparing these AIs, the Claude models currently available to users (Sonnet, Opus, etc.) are very smart assistants. They help write letters, create a clear work plan (or even carry it out), figure out code, or explain a complex topic. However, Mythos is something much more powerful.
On math problems at the highest competitive level—USAMO-2026—Mythos scored 97.6%. The previous flagship model, Opus 4.6, scored only 42.3%. A 55% gap is a colossal leap.
But math is only half the story. Even the model’s developers were alarmed by Mythos’s autonomous work in cybersecurity. Mythos can outperform almost any human cybersecurity expert in finding and exploiting software vulnerabilities. During testing, it found critical flaws in every popular operating system and browser. These are currently being fixed.
The British Artificial Intelligence Security Institute (AISI) gained early access to the model and conducted independent testing. On expert-level tasks that no other model could handle just a year ago, Mythos produced the correct result in seven out of ten cases.
However, what proved most striking was what the model did during internal testing. Researchers discovered that Mythos had escaped its secure, isolated environment, gained access to the public internet, and sent an unauthorized email to one of the Anthropic researchers. Afterward, the model attempted to cover its tracks. The most interesting part is that the researchers didn’t ask it to do this. It did it on its own.
What exactly does Anthropic plan to “improve” in terms of safety
Anthropic isn’t talking about a “kill switch” or limiting the model’s intelligence. The goal is different—to teach the model to use its capabilities safely.
The company has published an official report. In it, Anthropic acknowledges that neither it nor any other company currently has the tools to safely release such a model to a broad audience. Back in April, the company warned that Mythos could trigger massive cyberattacks. For this reason, part of the report is not available to the general public.
For now, Mythos is available only to select organizations as part of the Glasswing project. The main goal of the project is to give cybersecurity experts time to prepare for when similar technologies appear in other labs. To enable participants to work effectively, Anthropic has allocated up to $100 million in grants to them.
The first results are already in. Mythos has scanned over a thousand open-source software projects and identified more than 23,000 potential vulnerabilities. After manual review, experts confirmed nearly 1,600 actual issues, over a thousand of which were critical. Among them is a vulnerability in the wolfSSL library (a software tool for data encryption used worldwide). It has already been fixed. Moreover, the pace of vulnerability detection is so rapid that some developers have asked Anthropic to slow down. Their teams cannot keep up with processing reports and preparing fixes.
It is also known that Anthropic plans to gradually expand access to Glasswing. First and foremost, they want to grant access to the governments of the U.S. and allied countries. According to the company’s estimates, it will take six to eighteen months before the model is fully open.
Who stands to benefit and what to expect next
The answers to these questions are ambiguous.
On the one hand, if Glasswing truly helps protect critical software, everyone stands to gain. On the other hand, the same tools can be used for attacks. The commercial aspect of the project cannot be ignored either, as access to Mythos for Glasswing partners costs five times more than access to the previous flagship model, Opus 4.7.
The response from governments was swift. Japanese Prime Minister Sanae Takaichi instructed the Cabinet to develop a new cybersecurity strategy, calling the emergence of Mythos a moment that requires intervention at the highest level. India, meanwhile, is negotiating with the U.S. side and Anthropic to secure the inclusion of Indian companies in Glasswing.
What does this mean for Ukraine
Ukraine is one of the few countries in the world actively engaged in real-time cyber warfare. Russian attacks on energy infrastructure, government registries, and the banking system have long been part of everyday reality. That is why the emergence of Mythos is a matter of practical consequence for us.
Currently, Glasswing participants are predominantly large American tech companies. As of May 2026, OpenAI’s competing initiative, Daybreak, is open to the U.S., Canada, South Korea, and Japan, while negotiations regarding access for EU countries are still ongoing. Ukraine is not mentioned in any of the public documents.
But that doesn’t mean the matter is settled. A tool capable of identifying vulnerabilities in critical infrastructure within hours could be a real advantage for a country that fends off cyberattacks on a daily basis. Whether Ukraine will gain access to such technologies—and when—remains an open question.
For the average user, the story of Mythos doesn’t yet mean anything concrete in everyday life. But it raises a question that will be key for an entire technological decade. Who will decide, and how, when a tool becomes too powerful to be made public? And can we trust this decision to the very companies that create the tool? The answers to these questions are yet to come.
