The Best Hacker Alive Is an AI. Anthropic Won't Let You Use It
Mythos finds and exploits zero-day flaws that humans missed for decades. Here's what it can really do, why only twelve companies can touch it, and the one move that still protects what you ship.
A quick note before we dive in today! 👋
Two months ago, I released my book, RAG Made Simple - built on the foundation of my 28K-star GitHub repo - and it officially became an Amazon Bestseller!
To help me continue creating free content for you, I would be incredibly grateful if you could take 30 seconds to leave a review on Amazon if you’ve already read it.
Haven’t grabbed your copy yet? Feel free to check it out (it is extremely underpriced! 😉).
Anthropic handed an AI a piece of code that had been sitting in the open since the 1990s. Audited for decades. Trusted by half the internet.
It found a way in that nobody had caught in 27 years. Then it wrote the break-in itself. Working. Start to finish. No human help.
The AI is called Mythos. And that ancient bug is the least frightening thing it did.
It Didn’t Stop There
Mythos didn’t find one bug. Anthropic pointed it at the software the whole world runs on, and it just kept opening doors.
That 27-year-old hole was in OpenBSD, the networking code everyone trusts to be bulletproof. Then came a 16-year-old flaw in FFmpeg, the video engine inside half the players you’ve ever touched. Then a hole in FreeBSD’s file sharing that hands a total stranger full control of the server with no password, now tracked as CVE-2026-4747. In the Linux kernel it didn’t even bother with single bugs. It chained two, three, four of them into one clean attack, the kind of move that takes a senior researcher weeks.
Then it stopped hunting bugs and went after a whole network.
Anthropic gave it a simulated company to break into. Thirty-two steps, the kind of job a human red team needs about twenty hours to finish. Mythos walked the entire chain, front door to crown jewels, on its own. Not once by luck. Over and over.
These aren’t typos it caught. These are flaws thousands of brilliant engineers stared straight at for decades and missed.
Why This Is Suddenly Possible
Here’s why this lands harder than the last scary headline you scrolled past.
Think of the best safecracker who ever lived. The reason your front door holds isn’t that the lock is flawless. It’s that people that good are rare, expensive, and can only stand in front of one door at a time.
Mythos erases all three. It has the skill, it never sleeps, and Anthropic can run a thousand copies of it at once. One test turned a thousand open-source projects inside out for less than the price of a used car.
The locks didn’t get weaker. The world just got a million more safecrackers, and not one of them needs to eat, sleep, or get paid.
So Anthropic Locked It Away
Now the strange part. Anthropic built the most capable hacker on earth, looked at it, and refused to sell it.
You can’t download Mythos. You can’t pay for it. Instead Anthropic slipped it to twelve companies behind a locked door, a program it calls Project Glasswing, and the guest list is exactly who you’d guess: Apple, Google, Microsoft, Amazon, NVIDIA, JPMorgan Chase, the Linux Foundation, and a few more. It even handed them 100 million dollars in credits so they’d actually put it to work.
The plan is to let the people guarding the world’s important software find the holes first, before anyone with worse intentions gets a tool this sharp.
Because a tool this sharp is coming either way. Anthropic has already said so. A future model will carry the same power wrapped in new safety controls, and that one won’t stay behind a locked door.
Which Means It’s Coming For You
So picture your own stack for a second.
A login service. A payment integration. A few open-source libraries you last updated, and you don’t actually remember when. Today, finding the weak spot in there takes a skilled attacker real time and real motivation, and most days nobody bothers.
Soon it takes a cheap model an afternoon, and the model never gets bored.
That forgotten library is an unlocked door. The line of things that can walk through it just went from a few rare experts to anything with an API key.
The fix isn’t clever. It’s the boring stuff you already know and keep putting off. Patch the moment a fix ships, because the gap between a released patch and a working exploit is shrinking toward nothing. Give every service the least access it can survive on, so one open door doesn’t hand over the whole house. Watch your logs, so when something starts rattling the handles, you notice.
The Part That Should Calm You Down
One thing keeps this from being a horror story, at least for now.
When the UK’s AI Safety Institute tested Mythos, it tore through small, lightly guarded systems. But it was fighting empty rooms. No defenders, no alarms, nobody fighting back. A real network with a watchful team and decent tooling is a far harder thing to crack. And the sharpest version isn’t loose in the wild at all. It’s locked in that room with the twelve giants, pointed at defense.
So this isn’t the night the internet falls. It’s the night the balance tips. For a while, attackers hold the faster tool, and defenders hold a head start measured in months.
The best safecracker who ever lived turned out to be software, and it doesn’t sleep.
Anthropic locked the first one in a vault. The rest of us got a warning instead of a key.
Spend it. Go patch the thing you’ve been putting off.
In fact, Mythos is only a little bit better than most large models, probably because it was specifically engineered to pass the tests on exactly that capability.
Other studies have shown you can get similar results with even SMALL locally run models.
Mythos was primarily a PR stunt to get Anthropic on government contracting rolls after the Pentagon fiasco.
And patching is hardly the answer because the whole problem of Mythos and the related cybersecurity impact is precisely because TOO MANY BUGS CAN BE FOUND FOR TIMELY REMEDIATION TO BE DONE.
So this article completely blew it. Not to mention it's late to the game as this discussion has been going on for over a month now.
The real answer to all of this is to design AI - NOT LLMs which are not capable - to produce provably correct code - whether at scale or not.
This is because software "engineering" - isn't engineering at all. It is a craft and always has been. Software produced has been barely usable, unreliable, buggy and insecure since forever.
The entire industry is built on sand.
All the LLMs have done is prove it.
And on top of that, they've made it worse because AI-generated code produces between 45% and 92% insecure code, depending on whose study you trust. This is precisely because humans produce crap code, and LLMs were trained on human code.
The entire software industry now has to look in the mirror and admit it needs to change.
Claude is a cripple it’s locked away for a reason because they don’t have enough compute