Anthropic's Mythos can find every vulnerability in every system your clients use. The question isn't whether it works. It's why it exists outside a locked room.
I remember the day Microsoft Edge launched.
I was Head of Product for McAfee's consumer business — 200 million users, half a billion devices. A browser launch wasn't a celebration in my world. It was a war. The moment a new browser hit the market, the clock started. Zero-day vulnerabilities surfaced within hours. Customer calls stacking up. All hands on deck.
At some point that day — I don't remember exactly when — I screamed into the aisle: "Why do we still have zero-day vulnerabilities from a top software provider after three decades?"
The engineering manager sitting next to me didn't look up from his screen. "It's software," he said. "Written by imperfect developers."
He was right. And for years, that answer was enough. Software has bugs. Developers are human. The patch window existed because mistakes exist — and smart people on both sides were fighting to find them first. You could lose ground and recover it. That was the game.
On April 7, 2026, Anthropic changed the game.
Mythos just answered my question.
Claude Mythos Preview doesn't work the way attackers worked when I was at McAfee. It doesn't find one vulnerability and hand it to a team. It autonomously discovers zero-day vulnerabilities across every major operating system and browser, generates exploit chains, maps attack surfaces, and moves faster than any human security team can track.
In one month, Mythos found vulnerabilities that imperfect developers wrote into widely-used software 16 and 27 years ago. Decades of security audits. Penetration tests. Bug bounty programs. Nobody found them. Mythos found them in weeks.
My engineering manager was right. The problem was always imperfect humans writing software. Mythos doesn't need a human to find the mistake.
That's what changed.
CrowdStrike's 2026 Global Threat Report: 89% year-over-year increase in attacks by adversaries using AI. The weaponization gap "shrank dramatically in 2025."
What I or security software providers lived through — your firm can't survive the version I'm describing.
Anthropic opened the Ark.
Indiana Jones understood something the U.S. Army didn't. The Ark wasn't dangerous because it existed. It was dangerous because humans couldn't resist studying it. Jones put it in a crate, stamped it classified, walked away. The Army said: we'll study it defensively. We know how that ends.
On April 7, Anthropic launched Project Glasswing — a consortium of 40 tech giants including AWS, Apple, Microsoft, Google, and CrowdStrike, using Mythos "defensively" to find and patch critical vulnerabilities. The announcement landed the same week Anthropic began evaluating an October 2026 IPO. The timing is worth noting.
I understand the competitive argument. China. Russia. Someone was going to build this. The pressure is real. But competition has never been sufficient justification for releasing something this dangerous before the safety infrastructure matches the capability. We've held that line with bioweapons or nuclear weapons. The logic doesn't improve when you put AI in front of it.
"Someone else would have built it" is not a release strategy. It's an alibi.
Indiana Jones put the Ark in a crate. He didn't write a white paper about it.
Jones sealed it and walked away. Nobody held a press conference. Nobody knew what was in the crate.
Anthropic announced Mythos to the world. Adversaries don't need access to the model. They need proof the capability is real. April 7 gave them that.
Glasswing finds the vulnerability. Your firm patches it in 5 months. Next exploit comes the day after.
Here's what Project Glasswing actually does. It finds vulnerabilities in widely-used software and patches them for the consortium. Those patches eventually reach everyone else through normal OS and browser updates. Anthropic will tell you that protects you.
It doesn't. Not in the way that matters.
In the old world — my world at McAfee — the patch window was the battlefield. Attackers found vulnerabilities. Defenders built patches. The race was tight but both sides could compete.
Mythos doesn't find a vulnerability. It finds all of them. Continuously. By the time your firm runs the update that closes one door, Mythos has already mapped ten more.
Does Glasswing's guest list include your firm? The 200-person accounting firm holding ten years of client tax returns isn't in it. The AEC firm with confidential infrastructure drawings for a federal project isn't in it. My IT team has asked me to run two software updates for two weeks. Still waiting. If the CEO of a company that thinks about this stuff can't get it done — what's the patch cadence at your firm?
That gap between when a patch exists and when it reaches your devices — that's where the next five years of professional services security incidents will happen.
Two conversations nobody is having.
Don't release a capability like this until there are binding enforcement mechanisms, not voluntary consortiums, that prevent misuse at scale. The bar isn't whether you can find vulnerabilities defensively. The bar is whether you can guarantee the same capability cannot be used offensively by anyone outside your control. Whether the weights stay contained. Whether every Glasswing partner's posture is actually airtight.
I don't know what that bar looks like in practice — nobody does yet. But I know Glasswing doesn't clear it.
LLM models that are in the market already are extraordinary. Professional services firms haven't come close to using what Claude already makes possible. We can transform how firms work, serve clients, and build trust with what we already have. We don't need Mythos for that. We need Mythos to stay in the box.
Assume you're already a target. You hold valuable client data and have less security infrastructure than the enterprises in Glasswing. That combination makes you more attractive to an adversary who knows the hardened targets are covered.
Before next quarter: audit who inside your firm actually has access to client data — not who should, who does — and how often your systems update. Know which vendors in your stack touch client data and assume none of them are inside a Glasswing-style program. Get cyber insurance that specifically covers AI-assisted attacks. Most policies written before 2025 don't.
The firms that come out of this intact won't be the ones who waited for Glasswing to protect them.
They'll be the ones who assumed it wouldn't.