What Anthropic's most powerful model means for the people who run large institutions.
What Mythos is — and isn't
Anthropic finished training the most capable model it has ever shipped. Then it declined to ship it. Here is what that decision means.
In a draft blog post that leaked in late March, Anthropic described the model it calls Mythos as "by far the most powerful AI model we have ever developed." Then, on April 7, the company confirmed it — and announced that the public would not get to use it. Mythos would instead be loaned, under preview, to a handful of organizations whose failure would be a national problem.
The reason is a single capability: Mythos is dramatically better than its predecessors at reading large unfamiliar codebases and finding exploitable bugs in them. In weeks of internal testing it surfaced previously unknown high-severity vulnerabilities in every major operating system, every major browser, and several pieces of foundational open-source software. Some of the bugs were decades old.
That capability cuts both ways. Defenders gain a tireless analyst that can audit code faster than any team they could afford to hire. Attackers — if they got the model, or one like it — could compress the window between vulnerability discovery and exploitation from months to hours.
Anthropic's response is Project Glasswing: gated access for a vetted set of platforms, hyperscalers, security vendors, and one large bank. Mythos is not on the API. There is no waitlist for individuals. The company is putting up to $100M in usage credits behind it and donating $4M to open-source security work.
For most enterprises, Mythos is not a tool you will buy. It is a forcing function. If a single model can audit the world's software in a sprint, the assumptions baked into your patch cadence, your bug bounty, your vendor risk program, and your board's threat model are all due for revision — whether or not you ever touch the model itself.
Status
Preview only
Not on the API. Not on Bedrock for general tenants. Distribution is contractual, not commercial.
Capability
Code at frontier
"Significantly surpasses Opus" at finding exploitable weaknesses in unfamiliar codebases.
Posture
Defensive use
Partners agree to use the model for defense — vulnerability hunting, hardening, triage.
Recent News
A reading list, in reverse chronological order, of the coverage that's actually moved understanding forward.
2026-04-10
Powell, Bessent brief U.S. bank CEOs on the Mythos cyber threat
The Fed Chair and Treasury Secretary used a private session with the largest U.S. banks to walk through what a frontier code-auditing model means for systemic financial risk. Translation: regulators are now openly assuming offensive parity is months away, not years.
CNBC · Apr 10
2026-04-10
"The era of AI-driven hacking is already here"
Fortune's follow-up: gating Mythos buys Anthropic time, but security researchers point out that smaller open-weight models can already replicate much of what Mythos does — given more skilled prompting and better tooling. The capability is leaking out from underneath the gate.
Fortune · Apr 10
2026-04-10
Why the gate exists, in Anthropic's own words
The AI Insider unpacks Anthropic's stated rationale: Mythos's vulnerability-detection lift over Opus is large enough that a public release would, on net, hand more leverage to attackers than to defenders. Hence: enterprise-only, defense-only.
The AI Insider · Apr 10
2026-04-08
"Most in power aren't ready"
Axios's read on the political layer: warnings have been delivered to government and to industry, and the response is uneven. Boards that are still treating AI risk as a 2027 problem are now visibly behind.
The official unveil: a preview program, a partner list, $100M in credits, and a stated principle that this model will not be sold the way Sonnet and Opus are sold.
TechCrunch · Apr 7
2026-03-29
Industry-wide concern: AI's newest models are a hacker's dream
Axios surveys defenders and red teams. The consensus: "frontier capability + agentic loop" is the unlock, and Mythos is just the first model where that combination is unambiguous.
Axios · Mar 29
2026-03-26
Leak: Anthropic is testing a "step change" model called Mythos
Fortune breaks the story from a leaked internal blog draft. The phrase "by far the most powerful AI model we've ever developed" enters the lexicon.
Fortune · Mar 26
Summaries are editorial. See Resources tab in the Board Brief for full source links.
Impact on regulated industries
A risk this concentrated rarely shows up the same way in two industries. Here is how it lands.
Banking & Capital Markets OCC · FRB · FFIEC
Vendor risk just got harder. Every third-party in your supply chain now ships software that a frontier model can audit faster than the vendor can patch. Expect new TPRM questions: "what's your AI-assisted SDLC posture?"
Examiners will ask. The Fed/Treasury briefing on Apr 10 means the next exam cycle will include questions about model-assisted offensive risk and whether your CISO has a defensive Mythos-class capability (or partner) lined up.
Material event disclosure (SEC 8-K, Item 1.05). The four-day clock starts on materiality determination. AI-assisted intrusions compress dwell time — meaning faster determination is forced on you, not chosen.
Resilience over prevention. Operational-resilience regimes (DORA in EU, OCC's Heightened Standards in US) reward institutions that can absorb compromise. Mythos amplifies that asymmetry.
Healthcare & Life Sciences HIPAA · HHS OCR · FDA
Legacy code surface. Hospital systems, EHR plugins, and medical-device firmware are full of code written before "memory safety" was a phrase. Mythos-class auditing makes that surface tractable for both sides.
FDA SBOM mandates suddenly matter more. If you can't enumerate components, you can't ask a defender to audit them — and an attacker doesn't need your permission to enumerate.
OCR breach reporting. 60-day clock plus the new HHS cybersecurity NPRM proposed controls now look less like compliance and more like load-bearing.
Energy & Utilities NERC CIP · TSA
OT/ICS code is a magnet. Long-lived, slow-to-patch firmware is exactly the substrate Mythos found decades-old bugs in during testing.
NERC CIP-007 patching windows are not designed for AI-paced disclosure. Plan to argue this with regulators rather than ignore it.
Insurance NYDFS Part 500 · NAIC Model Law
Cyber insurance pricing is about to move. Carriers underwriting on 2024-era assumptions about attacker tooling will reprice; expect underwriting questionnaires to include AI-assisted defense posture.
Silent cyber. War-exclusion language gets re-litigated when the line between criminal and state-sponsored compresses further.
Defense & Federal CMMC · FedRAMP · CISA
Project Glasswing is partly a federal play. CISA and allied agencies are presumed beneficiaries, even if not named partners. Expect KEV catalog acceleration.
FedRAMP Rev 5 + AI overlay. Continuous-monitoring posture is the right frame; point-in-time ATOs are the wrong frame.
"We are not asking whether someone will use a model like this against you. We are telling you that defenders need one too."
— Paraphrase, U.S. Treasury briefing to bank CEOs, Apr 10 2026
A defense playbook
Six things to do in the next 90 days that don't require Mythos access — and three to do if and when you get it.
90 days · No Mythos access required
1. Tighten your SBOM
You cannot defend what you cannot enumerate. Push every team to a real, machine-readable software bill of materials. This was always good hygiene; it's now load-bearing.
90 days
2. Stand up an AI red team
Even with off-the-shelf models, a small team with adversarial intent will find more in a quarter than your last pen test did in a year. Start now.
90 days
3. Cut emergency-patch latency
Discovery-to-deploy of one week is no longer a defensible posture. Rehearse the 24-hour patch.
90 days
4. Tabletop the compressed kill chain
Run an exec-level exercise where dwell time is measured in hours, not weeks. Watch which decisions break.
90 days
5. Renegotiate vendor SLAs
Critical-vendor contracts written before April 2026 do not contemplate AI-assisted disclosure. Add clauses on disclosure cadence and emergency-fix obligations.
90 days
6. Brief the board, in plain English
If your last AI-risk briefing predates Mythos, schedule a new one. The talking points have changed.
If you get Mythos (or a partner with it)
If access
Audit your highest-blast-radius services first
Public-facing, identity-adjacent, payment-touching. Don't try to boil the ocean.
If access
Triage at scale; fix at human-scale
The bottleneck moves from "find" to "fix." Staff your remediation pipeline before you turn on the firehose.
If access
Treat findings as TLP:RED
Pre-disclosure vulnerability data is regulated material. Build the handling chain before the first finding lands.
Project Glasswing
The named partners — and what their participation tells you about how Anthropic is thinking about distribution.
Confirmed partners
Amazon Web ServicesAppleBroadcomCiscoCrowdStrikeLinux FoundationMicrosoftPalo Alto NetworksJPMorgan Chase
The list reads like a deliberate cross-section: two hyperscalers (AWS, Microsoft) who run a meaningful share of the world's commercial code; two device platforms (Apple, Cisco) whose firmware the model will be aimed at; two pure-play security vendors (CrowdStrike, Palo Alto) who can operationalize findings at scale; the Linux Foundation as a deliberately public-interest beneficiary; Broadcom as the silicon-and-VMware backbone — and exactly one bank, JPMorgan Chase, as the sole regulated-finance representative.
The presence of one bank — and only one — is the most telling detail. It signals that Anthropic considers systemic-finance defense in scope but is not yet running a sector-wide consortium model. If you are a Tier-1 in another regulated industry and you are not in this list, the policy question for your CISO is whether to lobby for inclusion, partner with one of the named vendors, or build the internal capability assuming you will never get direct access.
Timeline
From draft leak to enterprise-only release in fifteen days.
MAR 26, 2026
Internal blog draft leaks
Fortune publishes excerpts. "Step change in capabilities" enters circulation.
MAR 29, 2026
Industry alarm crystallizes
Axios surveys defenders; consensus that frontier + agentic loop is the unlock.
APR 7, 2026
Project Glasswing announced
Anthropic confirms Mythos, names initial partners, commits $100M in credits + $4M to OSS security.
APR 8, 2026
Political response forms
Axios: "Most in power aren't ready." Analysts begin scoring agency readiness.
APR 10, 2026
Powell + Bessent brief U.S. bank CEOs
Treasury and Fed walk the GSIBs through systemic implications.
APR 10, 2026
Vertex AI lists Mythos Preview
Google Cloud publishes a blog noting Mythos availability for select Vertex enterprise tenants.
APR 13, 2026
This brief published
Hiebel Brief, Vol. I No. 1.
For the board: a one-page brief
If you have ten minutes with directors who have not been tracking this, read them this.
What happened
Anthropic has trained an AI model — Mythos — that finds exploitable software bugs faster than any team you could hire. It has chosen not to release it publicly. A small group of partners (cloud providers, security vendors, one bank) has preview access, on the condition that it be used defensively.
Why it matters to us
Even without owning the model, the existence of frontier code-auditing capability changes our risk picture. Attackers — criminal and state — will get something comparable. Our patch-cadence assumptions, vendor risk model, and incident-response timing were calibrated for a world that no longer exists.
What we are doing
Auditing our SBOM coverage on every public-facing service. Target: 100% within 60 days.
Standing up an AI-augmented red team, internal or contracted.
Tabletop exercise with an AI-paced compromise scenario by end of quarter.
Reviewing the ten contracts most material to operational continuity for AI-era disclosure clauses.
Engaging our cyber carrier on what changes in the next renewal.
What we are asking the board to do
Approve any incremental security spend that comes out of the playbook.
Receive a 30-day update on the items above.
Endorse a public posture: we treat AI-era cyber as an enterprise risk, not an IT risk.
The terms that show up in every Mythos conversation, defined in plain English.
Mythos
The internal name for Anthropic's most capable model as of April 2026. Not publicly available; offered under preview to vetted partners.
Project Glasswing
The umbrella program for Mythos preview access. Sets the rules: defensive use, gated distribution, partner-only.
Frontier model
The most capable AI systems at any given moment. The frontier moves; what was frontier in 2024 is commodity now.
Agentic loop
A model that can take actions, observe results, and iterate without a human in the middle of every step. The capability multiplier when paired with code-auditing skill.
SBOM
Software Bill of Materials — a machine-readable inventory of every component in a piece of software. Hard to defend what you cannot list.
KEV catalog
CISA's Known Exploited Vulnerabilities list. The U.S. government's "patch this now" feed.
Zero-day
A vulnerability for which no patch exists at the time of exploitation. Mythos shortens the time from discovery to patch availability — in both directions.
TLP:RED
Traffic Light Protocol's most restrictive sharing tier. Roughly: do not pass on, even within your own org, beyond named recipients.
Operational resilience
The discipline of staying functional through disruption. The dominant regulatory frame in 2026 (DORA in EU, OCC standards in US).
Defensive cybersecurity
Use of capability to protect systems you own or are authorized to test. The Glasswing contract limits Mythos to this use.
Your notes
Read with a pen in hand. Notes are saved in your browser only — nothing leaves this page.
I hope you enjoyed your tour of Claude Code today
— from Mythos, with a Hiebel Brief wrapper —
Built end-to-end in a single Claude Code session — research, writing, SVG, deploy, Cloudflare Access carve-out, and the moment you pressed ↵.