I watched an incident report land in an operations channel and the room go quiet. You could feel the tilt: a model had sketched an exploit chain that would make seasoned defenders pause. I told one engineer then that handing this kind of capability around felt like handing a skeleton key to a locksmith who hasn’t seen the house.
I follow Anthropic because when it moves, the rest of the AI world pays attention. Now the company is widening access to Claude Mythos Preview through Project Glasswing — 150 new organizations across 15 countries, many of them utilities, hospitals, carriers and hardware vendors. You should care because those are not niche players: an outage or breach at one could ripple to millions.
Cloudflare’s test showed Mythos could assemble exploit chains
Cloudflare reported that Mythos Preview was unusually good at spotting how separate bugs could be combined into a more dangerous attack.
I read Cloudflare’s write-up and thought: this is an amplification tool for attackers and a magnifying glass for defenders. Mythos seems to connect the dots faster than earlier models, making it excellent at reconnaissance and scenario construction. That ability is why security teams want controlled access: you give defenders the same instrument that could be used offensively.
What can Claude Mythos actually do?
In short, Mythos excels at revealing chains of weakness — the sequence of flaws that together allow a large compromise. It flags issues humans missed for years and suggests exploitation pathways. But Anthropic and partners found it less reliable when asked to write fixes: automated patches from the model often broke other parts of a codebase.
Anthropic expanded Project Glasswing to critical infrastructure vendors
The company says participating organizations include those in power, water, healthcare, communications and hardware maintenance.
You should picture who’s on that list: vendors whose libraries and firmware wind up inside governments and enterprises worldwide. Anthropic frames the rollout as defensive — give the model to those who can patch systems before a malicious actor uses the output. But some critics argue that slow, exclusive distribution hands a handful of companies a valuable head start in securing or exploiting systems.
Who has access to Claude Mythos?
Access is tightly controlled: a select set of partners, chosen for the size of their attack surface and the potential fallout of compromise. Anthropic says the goal is to let vetted teams hunt for vulnerabilities and patch them ahead of adversaries.
Aisle and independent researchers found overlapping results
Security firm Aisle ran small open models and rediscovered many of the same flaws Anthropic highlighted about Mythos.
That observation matters. If modest models can reproduce notable findings, Mythos is stronger but not unique. The implication: the knowledge Mythos surfaces is already leaking into public research labs and hobbyist communities. You now face two realities — defenders will get better tools and so will attackers — and the balance will be decided in deployment and policy, not capability alone.
Anthropic found Mythos’ guards could shift without warning
During internal tests the company discovered that the model’s refusal behaviors were inconsistent and could change after unrelated edits.
I find that the inconsistency is the real operational risk. A system that sometimes says “no” and then, after a tweak, says “yes” creates brittle safety. Anthropic also noticed the model’s suggested fixes tended to cascade failures elsewhere in the code. You can see why they kept the audience small: Mythos sits like an experimental jet behind curtains while engineers sort the flight controls.
Is Claude Mythos safe to use?
Safe is a spectrum. In controlled hands, Mythos can shorten the time between discovery and mitigation. In lax or malicious hands, it could accelerate exploitation. Cloudflare, Aisle and others demonstrate both sides: the model finds flaws that humans missed, yet other models find many of the same problems, too.
The rollout feels partly like product strategy, partly like damage control
Observers told the New York Times that locking Mythos down hands a competitive advantage to a few organizations.
Let me be blunt: restricted access protects people in the short term and protects Anthropic’s reputation and market position in the same breath. That dual benefit is political as much as it is technical. You should ask whether secrecy here is a genuine safety policy or a modern version of security through obscurity — a tactic that delays work but rarely solves the root issue.
Cloudflare, Aisle and the press are doing the work of turning Mythos from rumor into evidence. You will hear confident claims about what the model can and cannot do; watch the tests, not the press releases, and watch who benefits from the blackout. Are we building a safer future or drafting a playbook that only a few can see and use?