When an AI company tells the world it built something too dangerous to release, you’d expect fear. What Anthropic got instead was a bizarre cocktail of government panic, industry skepticism, media frenzy, and — let’s be honest — some of the best PR the AI industry has ever produced.

Anthropic’s Claude Mythos Preview isn’t available to you. It’s not available to me. It’s available to roughly 11 organizations — Google, Microsoft, AWS, JPMorganChase, Nvidia, and a handful of others — through something called “Project Glasswing.” The reason? Anthropic claims Mythos can autonomously discover vulnerabilities in virtually any operating system, browser, or software product, then build working exploits.

An AI that can hack. That claim alone sent Treasury Secretary Scott Bessent scrambling to summon the heads of America’s biggest banks to Washington. Fed Chair Jerome Powell joined the meeting. VP JD Vance had already been grilling tech CEOs about AI security days earlier.

This isn’t product launch territory. This is national security theater.

The Leak That Started Everything

The story gets weird fast. Mythos wasn’t supposed to be announced this way. On March 26, a security researcher found a misconfigured data store on Anthropic’s infrastructure — nearly 3,000 internal files exposed, including a draft blog post describing a model codenamed “Capybara.”

The leaked documents called Mythos “by far the most powerful AI model we have ever developed,” positioning it above their existing Opus models. Anthropic didn’t deny it. A spokesperson confirmed they were developing a model with “meaningful advances in reasoning, coding, and cybersecurity.”

The irony writes itself: the company pitching itself as the responsible steward of AI’s most dangerous capabilities accidentally left its own files publicly accessible without authentication. As one anonymous tech PR told The Guardian: “They accidentally leaked their own source code last week, then this week they claim stewardship over cyber threats. Any other big tech firm would be ridiculed.”

What Spooked Washington

The core claim: Mythos can identify and develop “exploit chains” — sequences of vulnerabilities chained together to deeply compromise target systems. Think Rube Goldberg machine hacking, where multiple small weaknesses combine into devastating attacks. Including zero-click attacks that compromise systems without any user interaction.

That’s what got Bessent and Powell on the phone with bank CEOs. Kevin Hassett, a Trump administration economic adviser, confirmed the meetings were about ensuring banks “were aware of the cyber risks.”

Anthropic’s frontier red team lead, Logan Graham, told WIRED that as the company reached out to Project Glasswing partners, “the phone calls got shorter and shorter because the potential threat was becoming more obvious.”

Security professionals are split. Alex Zenla, CTO of cloud security firm Edera: “I typically am very skeptical of these things… but I do fundamentally feel like this is a real threat.” Security engineer Niels Provos offered nuance: Mythos “doesn’t intrinsically change the problem space, but it changes the required skill level to find these vulnerabilities and exploit them.”

The Skeptics Aren’t Quiet

Gary Marcus called it “overblown,” writing on Substack: “To a certain degree, I feel that we were played. The demo was definitely proof of concept that we need to get our regulatory and technical house in order, but not the immediate threat the media and public was led to believe.”

Yann LeCun was blunter: “Mythos drama = BS from self-delusion.” He was responding to tests by AI security company Aisle, which found smaller, cheaper models could perform much of the same vulnerability analysis Anthropic was trumpeting as unprecedented.

Dr. Heidy Khlaaf, chief AI scientist at the AI Now Institute, noted that Mythos’s capabilities were not “substantiated” and criticized Anthropic for releasing marketing material disguised as safety disclosure.

The critique: existing AI tools can already find and exploit vulnerabilities. Mythos might be better at it, but framing it as an existential leap is — critics argue — brand positioning, not paradigm shift.

The Marketing Masterclass

Here’s where you have to appreciate the business strategy, regardless of where you land on the hype spectrum.

Anthropic has spent years as the “responsible” AI lab. They employ a resident philosopher to ponder whether Claude has a sense of self. In recent months alone: a 10,000-word New Yorker profile, the cover of Time, two Wall Street Journal features, and multiple New York Times podcast appearances.

Now they’ve manufactured the ultimate brand move: a model so powerful they won’t release it widely. Scarcity and social proof, weaponized simultaneously. The product is exclusive (11 organizations), dangerous (the government is meeting about it), and responsibly handled (look, we’re protecting you).

Meanwhile, Anthropic’s actual cash cow — Claude Code — continues to dominate enterprise AI coding. At the HumanX conference in San Francisco this week, “Claude Mania” was the phrase on everyone’s lips. Glean CEO Arvind Jain said it’s “become a religion.” Annualized revenue from Claude Code alone exceeds $2.5 billion.

Mythos isn’t the product. Mythos is the story that makes everything else Anthropic sells seem more credible.

What It Actually Means for Security

Strip away the marketing and the skepticism. Whether Mythos specifically represents a quantum leap or an incremental advance, the direction is unmistakable: AI models are getting dramatically better at finding and exploiting software vulnerabilities.

Patch cycles need to accelerate. If AI finds exploit chains faster than humans fix them, the discovery-to-patch window becomes existential.

Security-by-default must become standard. The era of shipping software with known-but-low-priority bugs is ending. AI doesn’t care about your severity ratings — it chains “low priority” vulnerabilities into critical attacks.

Defensive AI becomes essential. If attackers will have these tools, defenders need them yesterday. Project Glasswing, whatever you think of its PR wrapper, is the right idea.

The skills gap shifts downward. The required skill level to find and exploit vulnerabilities drops dramatically. Democratized offensive capability should concern everyone.

Anthropic’s Crowded Moment

Zoom out. April 2026 is the most crowded AI market in history: Google’s Gemini 3.1 Pro leads 13 of 16 benchmarks, OpenAI shipped GPT-5.4, Meta debuted Muse Spark, and xAI launched Grok 4.20 with a multi-agent architecture.

In this environment, Anthropic became the most talked-about company — not by releasing the most powerful public model, but by not releasing one. They’re winning the conversation while competitors fight over benchmark scores.

The real test is what Project Glasswing produces. If Microsoft, Google, and the major banks use Mythos access to meaningfully improve their security, Anthropic’s approach is vindicated. If it quietly fizzles, the skeptics get their day.

Either way, we’ve entered a new phase of the AI race — one where the most powerful move might be saying “this is too dangerous for you to have.” That should make everyone pay close attention.