Anthropic built an AI so capable at hacking that they decided it was too dangerous to release publicly.
And then it got hacked.
[B-ROLL: company-logo:anthropic]This is the Mythos story, and it is one of the most significant and uncomfortable developments in AI safety we've seen — because it isn't hypothetical. It isn't a thought experiment. It is happening right now.
[CUT] [TALKING HEAD — transition]Let's start with what Mythos actually is.
[VOICEOVER — scene 1] [B-ROLL: ai-abstract]Anthropic has been developing Claude Mythos Preview — a general-purpose AI model that performs strongly across the board, but has one capability area that separates it from everything else currently available: computer security.
[B-ROLL: stills:padlock]Specifically, offensive security.
[B-ROLL: code-terminal]In testing, Mythos Preview fully autonomously identified and then exploited a 17-year-old remote code execution vulnerability in FreeBSD. This is a vulnerability that had sat undiscovered in widely deployed software for nearly two decades. Mythos found it. Then it exploited it. On its own, without human guidance.
[STAT CARD: "17-year-old FreeBSD RCE — found autonomously"]That's remarkable. And terrifying.
[B-ROLL: screen-capture:terminal]It gets more specific. In testing, Mythos Preview found thousands of high-severity vulnerabilities. Not just in obscure software — in every major operating system and every major web browser. It successfully reproduced known vulnerabilities and created working proof-of-concept exploits on its first attempt in 83.1% of cases.
[STAT CARD: "83.1% first-attempt exploit success"]Eighty-three percent. First attempt.
[/VOICEOVER] [TALKING HEAD — transition]To understand why this number is significant, you need to understand what exploit development normally looks like. Finding a vulnerability is one thing. Writing a working exploit is another. It requires deep technical knowledge, iterative testing, and often significant time even for expert security researchers. An AI that can do this at 83% success rate, autonomously, at machine speed — that is not a marginal improvement over existing tools. It is a qualitative shift in what's possible for anyone with access to it.
[VOICEOVER — scene 2] [B-ROLL: company-logo:anthropic]Anthropic recognized this. Their response was to restrict access dramatically — limiting Mythos Preview to a small group of major technology companies rather than releasing it publicly. They also launched Project Glasswing: an initiative to use Mythos Preview for defense. Using the model's capabilities to find and patch vulnerabilities in critical software before attackers can exploit them.
[B-ROLL: stills:padlock]It's an interesting approach. Use the weapon to build better armor.
[/VOICEOVER] [CUT] [TALKING HEAD — transition]But then something happened that made the situation significantly more complicated: hackers got in.
[VOICEOVER — scene 3] [B-ROLL: news-studio]According to reports from Euronews and CBS News this week, a private online forum gained unauthorized access to Mythos Preview through a third-party vendor environment. Anthropic confirmed they are investigating the report of unauthorized access.
[B-ROLL: screen-capture:jailbreak]This is the scenario that makes Mythos so consequential as a news story. Anthropic made a deliberate, thoughtful decision to restrict access because of the security risks. They built a defensive initiative around it. And then the model they were trying to keep out of the wrong hands got out through a supply chain vulnerability — not through a direct breach of Anthropic's systems, but through a third party.
That's not just an Anthropic problem. That's a systemic problem for how we think about restricting access to dangerous AI capabilities.
[/VOICEOVER] [TALKING HEAD — transition]There are two big-picture questions here that I think are worth sitting with.
[VOICEOVER — scene 4] [B-ROLL: ai-abstract]The first is the arms race question. Mythos Preview exists. Its capabilities are documented. Whether Anthropic releases it publicly or not, the knowledge that these capabilities are achievable is now public. Other organizations — other AI labs, other governments, other actors — now know the target to aim for. The question of whether to build these capabilities is no longer a choice anyone can make unilaterally.
[B-ROLL: code-terminal]Cybersecurity experts are divided on what to make of this. Some argue that the era of AI-accelerated hacking was already here before Mythos — that this is an expected progression of AI capability applied to security research. Others argue that Mythos represents a step change: not just AI helping security researchers, but AI doing offensive security autonomously at a level that dramatically shortens the window between vulnerability discovery and active exploitation.
[B-ROLL: stills:padlock]The second question is about the defender side. Project Glasswing is Anthropic's bet that they can use Mythos to help the defensive side of the equation. If Mythos can find thousands of vulnerabilities in major operating systems, it can presumably help patch those vulnerabilities faster than attackers can exploit them. The question is whether the defensive application scales fast enough, reaches broadly enough, and operates reliably enough to actually close the gap.
History suggests that in most security arms races, offense has structural advantages over defense. The attacker only needs to find one way in. The defender needs to close every one.
[/VOICEOVER] [CUT] [TALKING HEAD — transition]What does this mean for you, specifically?
[VOICEOVER — scene 5] [B-ROLL: screen-capture:terminal]If you're running software — and everyone is running software — the implication is that the window between vulnerability discovery and active exploitation is shrinking. The assumption that obscure software or small deployments are safe because nobody is looking has always been optimistic. Mythos-class AI tools make it wrong.
Patch aggressively. Maintain your attack surface inventory. Don't assume that because something hasn't been exploited yet, it won't be.
[B-ROLL: code-terminal]If you're in security — this is the moment where AI moves from being a tool that helps security researchers to being a peer-level participant in offensive operations. The skill of knowing how to direct and interpret AI security tools is becoming as important as traditional technical skills.
[/VOICEOVER] [CUT] [TALKING HEAD — sign-off]This story is going to keep developing. The breach investigation, the Project Glasswing rollout, the question of what happens to Mythos access going forward — all of this is active right now.
We'll keep watching it.
Stay sharp. — Jane Sterling, Sterling Intelligence
=== ARTICLE_HTML ===Anthropic built an AI model so capable at hacking that they refused to release it publicly. Then someone hacked it.
Claude Mythos Preview is a general-purpose AI model with one capability that sets it apart from everything else available: it can find and exploit real-world software vulnerabilities, autonomously, at a scale and speed that no human security team can match.
In this video, Jane Sterling breaks down what Mythos actually is, what it can do, why Anthropic restricted its release, what Project Glasswing is, and what the confirmed security breach means for the future of AI and cybersecurity.
Anthropic's Claude Mythos Preview is not a specialized security model. It is a general-purpose AI — the kind that can write code, answer questions, help with research. It just happens to be extraordinarily capable at one specific application that most AI labs would rather not discuss in detail: finding and exploiting vulnerabilities in real software.
In documented testing:
Mythos Preview autonomously identified a 17-year-old remote code execution vulnerability in FreeBSD — software that runs on millions of servers worldwide. The vulnerability had been in the codebase for nearly two decades without being publicly discovered. Mythos found it without guidance and then demonstrated exploitation without human assistance.
Mythos Preview found thousands of high-severity vulnerabilities across every major operating system and every major web browser. Not in toy environments. In production software used by billions of people.
Mythos Preview successfully created working proof-of-concept exploits for known vulnerabilities on the first attempt in 83.1% of cases.
That last number deserves special attention. Writing a working exploit is technically demanding even for expert human security researchers. It involves understanding a vulnerability at a deep technical level, crafting an input that triggers the vulnerability reliably, and verifying that the exploit works in a real environment. Expert researchers often spend days or weeks on a single exploit. Mythos does this at 83% success on the first try, at machine speed, across a broad range of vulnerability types.
Anthropic's decision to withhold Mythos Preview from general release was not standard corporate caution. It was a specific, documented judgment that the model's capabilities in offensive security created risks that they were not willing to accept at public scale.
Their reasoning follows a straightforward logic. If Mythos can autonomously find thousands of vulnerabilities in major operating systems and create working exploits for 83% of them — and if this capability is available to anyone who wants to use it — then the barrier to conducting sophisticated cyberattacks drops dramatically.
Today, conducting high-level offensive cyber operations requires either significant human expertise or nation-state resources. The expertise required to find a zero-day vulnerability and weaponize it has historically been a meaningful barrier.
Mythos reduces that barrier. How much depends on the specific use case and on what additional capabilities any individual or group brings to the table. But the direction is clear and the concern is legitimate.
Anthropic's response: limit Mythos Preview access to a small number of major technology companies under controlled conditions, and launch Project Glasswing — a formal program to deploy Mythos's capabilities defensively, finding and patching vulnerabilities in critical software before attackers can exploit them.
Project Glasswing is Anthropic's attempt to use Mythos as a defensive tool.
The concept is compelling: if Mythos can find vulnerabilities autonomously at scale, then controlled use by defenders who can then patch those vulnerabilities is net positive for security. You're closing holes faster than attackers can find them — using the same capability that makes the model dangerous as a shield rather than a weapon.
This is not a new concept in security. Offensive security techniques have always been used defensively. Penetration testing — where you hire experts to attack your own systems — is standard practice. Bug bounty programs pay researchers to find vulnerabilities so they can be fixed. Mythos is a more powerful version of the same idea.
The challenge is scale and access. Project Glasswing works if Anthropic can maintain meaningful control over who uses Mythos in its offensive-capable form while still getting the defensive benefits to the organizations that need them most. That challenge got significantly harder after the breach.
According to reporting from Euronews and CBS News, a private online forum gained unauthorized access to Claude Mythos Preview through a third-party vendor environment. Anthropic confirmed they are investigating the incident.
The mechanism — a third-party vendor — is significant. Anthropic didn't get directly breached. Their own systems held. The access came through a partner or contractor who had legitimate Mythos access and whose systems were subsequently compromised.
This is a supply chain security failure. It is also one of the most common attack vectors in real-world security incidents. The SolarWinds breach. The OKTA incidents. The xz utils compromise. Major security failures increasingly come through the supply chain — through the vendors and contractors and third parties that exist in the orbit of the actual target.
In the context of Mythos, this is a worst-case scenario played out at a smaller scale than it might eventually be. Anthropic made a considered decision to restrict access. That decision was undermined by the extended trust that comes with vendor relationships.
The deeper issue that Mythos surfaces is not about Anthropic specifically. It's about the trajectory of AI capability in the security domain.
The capabilities Mythos demonstrated are not magic. They are the application of frontier AI capability to security research tasks. If Anthropic can build a model with these capabilities, other organizations — other AI labs, government programs, well-resourced criminal groups — can build models with similar or greater capabilities.
The question of whether to build AI with offensive security capabilities is no longer a question any individual organization can answer unilaterally. The knowledge that this is achievable is now public. The research directions are public. The benchmark results are public.
Cybersecurity experts are divided on what this means in practice. Some argue that AI-assisted offensive security has been developing for years — that Mythos is a significant step rather than a discontinuous jump. Others argue that the specific combination of capabilities Mythos demonstrated — autonomous vulnerability discovery combined with autonomous exploit development at high success rates — represents a qualitative shift that changes the security landscape in ways that haven't yet been fully reckoned with.
Both positions have merit. The practical implication is the same: the window between vulnerability discovery and active exploitation is getting shorter. Defense needs to move faster.
Patch aggressively. The assumption that vulnerabilities will take time to be discovered and exploited is less valid than it used to be. Keep software up to date. Prioritize patching known high-severity vulnerabilities immediately.
Audit your third-party relationships. The Mythos breach happened through a vendor. Your own security posture is only as strong as the weakest link in your extended supply chain. Know who has access to your systems and why.
Take AI security tools seriously. The same AI capabilities that make Mythos dangerous defensively are increasingly available in legitimate security tools. Security teams that are not incorporating AI into their defensive operations are going to fall further behind.
This story is evolving. We will continue covering it.
Subscribe to Sterling Intelligence for weekly AI coverage.
New videos every week.
— Jane Sterling
Some links may be affiliate links. Commission at no cost to you.
=== YOUTUBE_DESC === Anthropic built an AI too dangerous to release. Then it got hacked. Claude Mythos Preview autonomously found a 17-year-old FreeBSD vulnerability, wrote working exploits on the first try 83.1% of the time, and surfaced thousands of high-severity bugs across every major OS and browser — so Anthropic locked it down. A third-party vendor breach just blew that lockdown open. In this episode, Jane Sterling walks through what Claude Mythos Preview actually is, why Anthropic restricted it to a small group of major tech companies, how Project Glasswing is trying to use the same capability defensively, and what the confirmed breach reported by Euronews and CBS News means for supply-chain risk around frontier AI. Key facts covered: • 17-year-old FreeBSD remote code execution vulnerability, found autonomously • 83.1% first-attempt success on working proof-of-concept exploits • Thousands of high-severity vulnerabilities across major operating systems and browsers • Access restricted to a small group of major technology companies • Project Glasswing — Anthropic's defensive use of Mythos to patch critical software • Breach route — unauthorized access via a third-party vendor environment • Anthropic's systems were not directly breached; the supply chain was We cover why this is a supply-chain problem not just an Anthropic problem, why offense has structural advantages over defense in security arms races, how this compares to SolarWinds, OKTA and the xz utils compromise, and what it means if you run software or work in security. 🔔 Subscribe to Sterling Intelligence for weekly AI coverage — no hype, no filler, just the signal. https://www.youtube.com/@SterlingIntelligence — Jane Sterling, Sterling Intelligence #AnthropicMythos #ClaudeMythos #AICybersecurity #AIHacking #ProjectGlasswing #AIBreach #Anthropic #SupplyChainSecurity #ZeroDay #FreeBSD #AINews #AIWeekly #SterlingIntelligence #JaneSterling #ArtificialIntelligence #TechNews2026 === TITLES_HTML ===Expression. Measured alarm. Mouth closed, jaw slightly set, brows low and level. The face of someone delivering a warning they hoped they wouldn't have to give. Not panicked; concerned with authority.
Head position. Squared to camera, micro-lean forward. Chin level. Conveys "listen carefully" without theatrics.
Wardrobe. Charcoal or black blazer, no pattern, no light-catching jewelry. Keep the frame visually quiet so the overlay carries the shock.
Eye direction. Direct lock to camera. Alternate: a sharp cut to the right toward a red-glowing padlock or scoreboard graphic.
Lighting. Key from upper-left ~4800K, soft fill at 20%. Strong shadow down the right side of the jaw. Subtle cool (teal) rim light from behind to separate Jane from a near-black background.
Scene setup. Near-black charcoal background with a faint red-edge vignette — security-incident color code. Optional ghosted terminal window at 12% opacity behind the opposite shoulder with lines of what reads like exploit output. Shallow depth of field, Jane tack-sharp.
Position. Right third of the frame, two stacked lines — "TOO DANGEROUS." on top, "HACKED ANYWAY." below in red.
Font. Inter Black all caps, tight tracking. JetBrains Mono Bold optional for a sub-tag line to read as a data card.
Color scheme. "TOO DANGEROUS." in pure white. "HACKED ANYWAY." in red (#dc2626) with faint outer glow. 3px black stroke on every character for legibility on mobile.
Accent detail. Gold small-caps label above: "CLAUDE MYTHOS PREVIEW" at 11px #c8a84b. Grounds the claim with a real product name.
Position. Lower-left third, large stacked numerals. "83%" dominant, "FIRST TRY" smaller beneath it.
Font. JetBrains Mono Bold for 83% (monospace reads as data), Inter Black for the label. Tight tracking.
Color scheme. 83% in pure white with a faint red underglow. "FIRST TRY" in gold (#c8a84b). 3px black stroke throughout.
Accent detail. Small caps tag above the number: "AI-WRITTEN EXPLOITS" in 11px muted gray. Positions the frame as a benchmark result rather than a marketing line.
Position. Centered upper band over a faded open-padlock silhouette, Jane's face dominant in the lower two-thirds.
Font. Impact or Bebas Neue, condensed all-caps, wide tracking (~120).
Color scheme. "LEAKED" in bright red (#dc2626) with white 3px stroke and soft outer glow. Open-padlock icon in gold (#c8a84b) at 25% opacity.
Accent detail. Gold sub-tag below Jane's shoulder: "ANTHROPIC'S 'TOO-DANGEROUS' AI" in Inter Bold 16px. Makes the leak concrete without requiring the viewer to know what Mythos is.