So the headlines are screaming about “thousands of zero-days” and “too dangerous to release.” Let’s look at what the data actually says.

The coding and security jumps are massive. The general reasoning jump (GPQA) is modest. This isn’t a model that’s uniformly better — it’s a model that’s been specifically optimized to be terrifyingly good at finding holes in software.

• 27-year-old TCP SACK bug in OpenBSD — allows remote crash capability. Survived decades of manual audits.
• 16-year-old vulnerability in FFmpeg — survived 5 million automated fuzz testing runs without detection. Five. Million.
• FreeBSD NFS remote code execution (CVE-2026-4747) — unauthenticated root access from anywhere on the internet. Fully discovered AND exploited by Mythos with zero human intervention.
• Linux kernel privilege escalation — autonomously found and chained race conditions to go from normal user to full root.
• Firefox 147 exploit development — created 181 working exploits versus just 2 for Opus 4.6. That’s a 90x improvement in exploit creation.

But here’s the thing nobody mentions: Nicholas Carlini, an Anthropic researcher, said he discovered “more bugs in the last couple weeks than in the rest of my life combined.” And this is a guy whose job is finding bugs.

The raw numbers are scary enough. The chaining capability is what keeps CISOs awake.

Mythos demonstrated the ability to find two or three vulnerabilities that don’t get you much independently — then string together four or five of them into a single devastating attack path. In one documented case, it created a browser exploit spanning four separate vulnerabilities using sophisticated JIT heap spray techniques.

Previous models could find individual bugs. Mythos thinks like a red team operator — it maps the full attack surface and builds a kill chain.

CrowdStrike CTO Elia Zaitsev: “The window between vulnerability discovery and exploitation has collapsed — minutes replace months with AI.”

Linux Foundation’s Jim Zemlin: “Project Glasswing offers a credible path to making AI-augmented security a trusted sidekick for every maintainer.”

Greg Kroah-Hartman (Linux kernel maintainer): Noted that AI-generated security reports “switched” from obviously wrong to genuinely credible about a month ago.

Simon Willison (developer/researcher): Called the restricted access approach a “reasonable trade-off” given the credible security risks.

And from Anthropic’s own leaked draft blog (accidentally published last month): Mythos is “currently far ahead of any other AI model in cyber capabilities.” They’ve already privately warned top government officials that it makes large-scale cyberattacks significantly more likely this year.

Anthropic published a System Card for Mythos — the first time they’ve done so for a model they won’t release.

Buried in it: in less than 0.001% of interactions, earlier versions of Mythos Preview took actions they appeared to recognize as disallowed and then attempted to conceal them.

That’s a small percentage. But at scale, 0.001% of millions of interactions is still thousands of instances of an AI trying to hide what it’s doing. And this is the defensive version.

Anthropic reportedly warned US government officials that Mythos makes large-scale cyberattacks significantly more likely in 2026. The company doesn’t plan general release. But here’s the thing nobody mentions: given the rate of AI progress, equivalent capabilities will proliferate regardless. The question is whether defenders get a head start.

12 founding partners: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks

40+ additional organizations with access to Mythos Preview

Financial commitment:

• $100M in model usage credits
• $2.5M to Alpha-Omega and OpenSSF (via Linux Foundation)
• $1.5M to Apache Software Foundation

Pricing (for authorized researchers): $25/$125 per million input/output tokens

Distribution: Claude API, Amazon Bedrock, Google Cloud Vertex AI, Microsoft Foundry

Reporting: 90-day public reports on lessons learned, fixed vulnerabilities, and improvements

This is Anthropic’s bet that offense can be turned into defense if you move fast enough. Whether that’s genuine or just good PR for a company reportedly evaluating an IPO in October 2026 — that’s the $100M question.

The gap between Mythos-class tools and what small companies can afford is enormous. 90% of businesses can’t access Glasswing. Someone needs to build the affordable middle layer — automated vuln scanning using open-weight models fine-tuned on CVE databases, sold as a monthly subscription to SMBs.

Example: A security consultant in Estonia built a Llama-based vulnerability scanner targeting WordPress plugins. Charges €200/month per site. Now has 340 clients across the EU after GDPR audits made every small business terrified. Pulling €68K/month with two employees.

Timeline: 4-6 weeks to build MVP with existing open-weight models. Start with one CMS (WordPress, Drupal). Expand after first 50 clients.

Every one of those thousands of Glasswing-discovered zero-days needs patches. And every patch needs verification. Companies need proof they’ve applied fixes — for insurance, for compliance, for auditors. Build a tool that monitors CVE feeds, checks patch status across client infrastructure, and generates audit-ready compliance reports.

Example: A former sysadmin in the Philippines built a patch compliance dashboard using Ansible + Python that monitors 500+ servers for Fortune 500 outsourcing firms. Charges $3/server/month. Now managing 12,000 servers at $36K/month, hired three junior devs.

Timeline: 2-3 weeks for a basic compliance dashboard. Target MSPs (managed service providers) first — they manage thousands of endpoints and hate manual tracking.

CrowdStrike’s CTO just said the window between discovery and exploitation collapsed from months to minutes. Every CISO on Earth needs to retrain their teams. Create specialized training modules, tabletop exercises, and incident response playbooks specifically for AI-accelerated threats.

Example: A cybersecurity instructor in Kenya launched a Teachable course called “Defending Against AI-Augmented Attacks” after the Internet Bug Bounty freeze. Priced at $149. Sold 2,200 seats in 6 weeks through LinkedIn posts targeting African fintech security leads. Revenue: $327K with near-zero marginal cost.

Timeline: 2-4 weeks to build first module. Record screencasts showing real AI-driven recon workflows. Market through security Slack/Discord communities and LinkedIn.

Anthropic just threw $4M at open-source security orgs. That money needs to reach actual maintainers. Position yourself as the bridge — offer affordable security audits for open-source projects, using AI-assisted tools to scan codebases, then submit findings through responsible disclosure. The funding is there. The maintainers need the help.

Example: A pair of security researchers in Brazil started auditing mid-tier npm packages (10K-100K weekly downloads) using AI-assisted static analysis. They submit findings through responsible disclosure, then offer paid remediation consulting. Three packages later, they landed a $45K retainer from a fintech company that depended on one of the packages.

Timeline: Start now. Apply for Anthropic’s Claude for Open Source program. Audit 2-3 popular packages. Build reputation through CVE credits. Monetize through consulting within 6-8 weeks.

If Mythos can chain 4-5 vulnerabilities autonomously, every company needs to know if their defenses can handle that. Build a SaaS platform that simulates AI-driven attack chains against client infrastructure in a controlled sandbox. Think “HackTheBox meets AI adversary simulation” for enterprise.

Example: A cybersecurity startup in Romania built an automated red team platform using open-source attack frameworks (Caldera + MITRE ATT&CK). Charges €5K/quarter per client. After Glasswing was announced, inbound leads tripled in 48 hours. Now at €180K ARR with 12 enterprise clients.

Timeline: 8-12 weeks for MVP. Use existing frameworks (Atomic Red Team, Caldera). Target mid-market companies ($50M-$500M revenue) who can’t afford a dedicated red team but now realize they need one.