Anthropic just shipped a frontier AI model Mythos almost no one can use. The company calls that a feature, not a bug. For banks, exchanges and crypto infrastructure, the launch reads less like a product update and more like a policy event.
TL;DR
- Anthropic unveiled Claude Mythos Preview on Apr. 7, 2026, and restricted access through Project Glasswing with partners including JPMorganChase, AWS, Microsoft, Google, Cisco, CrowdStrike, Apple, NVIDIA and the Linux Foundation.
- The model has reportedly found thousands of high-severity vulnerabilities and scored 83.1% on the CyberGym benchmark, compared with 66.6% for Claude Opus 4.6.
- Banks, US agencies and UK regulators are now rushing to assess what a frontier cyber AI means for market stability, counterparty trust and crypto infrastructure.
A Frontier Model Aimed At Code, Not Conversation
When Anthropic unveiled Claude Mythos Preview on Apr. 7, it skipped the usual consumer launch choreography. No creator demos arrived. No free tier opened.
Visit the project page, and the company describes Mythos as a general-purpose, unreleased frontier model with a specific edge in finding and exploiting software vulnerabilities.
Anthropic writes that models have now reached a level at which they can surpass all but the most skilled humans at that work.
That framing alone reshaped how bank CISOs and crypto security teams parsed the announcement. The partnership structure sent the same signal. Anthropic paired the release with Project Glasswing, a restricted program meant to keep Mythos out of ordinary users' hands.
JPMorganChase stood out as the only bank in the launch lineup. That signal landed hard on Wall Street.
Also Read: Why Is America's Next Fed Chair Being Forced To Sell All His Crypto Before Tuesday
What Claude Mythos Actually Is
Anthropic calls the system Claude Mythos Preview. The company is clear that it will not release it broadly.
According to statements reported by VentureBeat, Newton Cheng, cyber lead on Anthropic's Frontier Red Team, said the company does not plan to make Claude Mythos Preview generally available due to its cybersecurity capabilities.
Read the Frontier Red Team's technical post, and the numbers start to feel uncomfortable. Mythos has already identified thousands of high-severity flaws, including bugs in every major operating system and every major web browser, according to Anthropic.
Among the finds sit several noteworthy items:
- A 27-year-old vulnerability inside OpenBSD, undiscovered until this model ran against it.
- A 16-year-old flaw in FFmpeg that automated testing had touched more than five million times.
- Chained Linux kernel bugs capable of root-level privilege escalation in a single attack path.
- Thousands of additional issues spanning browsers, servers and widely deployed libraries.
Anthropic says Mythos identified most of those flaws, and developed many exploits, entirely autonomously, without any human steering.
Expert contractors reviewing 198 findings agreed with the model's severity ratings in 89% of cases.
Also Read: NEAR's Biggest DeFi Protocol Rhea Finance Bleeds $7.6M In Fake-Token Oracle Attack
Why Anthropic Is Treating Mythos Differently
Look at the rollout plan.
Anthropic is committing up to $100 million in Mythos usage credits across defensive-security work inside Project Glasswing. The company is also donating $4 million to open-source security groups.
Check the partner list, and the picture sharpens further. Glasswing launched with a core consortium of twelve organizations, plus more than 40 additional groups granted access.
The named partners include:
- AWS, Apple, Broadcom, Cisco and CrowdStrike on the security and hyperscaler side.
- Google, Microsoft, NVIDIA and Palo Alto Networks across infrastructure and defense.
- JPMorganChase as the sole bank, alongside the Linux Foundation and Anthropic itself.
That is a consortium, not a customer list.
According to posts on X covered by Euronews, Anthropic co-founder Dario Amodei said the dangers of getting this wrong are obvious, but insisted the upside is a fundamentally more secure internet if the deployment works.
Also Read: Hyperbridge Exploit Losses Hit $2.5M, Ten Times The Initial Estimate
Mythos vs The AI Field
Compare Mythos to its stablemates on Anthropic's own benchmarks, and the gap is not subtle.
On CyberGym, the vulnerability-reproduction benchmark, Mythos Preview hit 83.1%, while Claude Opus 4.6 reached 66.6%.
Other measures tell a similar story. On SWE-bench Verified, Mythos scored 93.9% versus 80.8%. Humanity's Last Exam, with tools enabled, moved from 53.1% to 64.7%.
Stack that against Anthropic's new flagship. *
Claude Opus 4.7, released Apr. 16, reached a reported 73.1% on CyberGym after the company deliberately suppressed offensive-cyber training signals. The intentional downgrade tells its own story about how Anthropic views these capabilities.
According to reporting from Axios, Logan Graham, head of the Frontier Red Team, told the outlet that rivals are probably six to 18 months behind.
Run the benchmark logic forward. The strategic choice behind Glasswing looks less like marketing, and more like an attempt to shape how this class of model enters the economy.
Also Read: Drift Lines Up $150M Tether Deal To Relaunch After $285M Hack
Why Finance May Care More Than Ordinary Users
Reuters reported on Apr. 13 that government officials in the United States, Canada and the United Kingdom have met with top banking officials to discuss threats tied to Claude Mythos Preview.
A US Treasury spokesperson said the Trump administration was pushing banks to understand and anticipate a wide range of market developments.
Go deeper into the timeline.
Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting with bank CEOs on Apr. 9.
Participants included:
- Bank of America chief Brian Moynihan.
- Goldman Sachs chief David Solomon.
- Several other top lenders across the US banking sector.
According to coverage from CNBC, JPMorganChase chief Jamie Dimon told analysts on the Q1 earnings call that AI has made cyber risk worse and harder to manage.
Follow the money, and the asymmetry stands out.
Banks face legacy code, thousands of vendors and settlement systems that cannot afford downtime. Consumer users mostly face a chatbot they already trust.
One group has existential risk. The other group mostly has curiosity.
Also Read: 17,000 AI Agents Hit DeFi Since 2025, But Humans Still Win At Trading, Report Finds
Why Crypto Is One Of The Most Exposed Sectors
Think about the crypto attack surface. Exchanges hold billions in hot wallets. Bridges chain logic across networks, and DeFi protocols lean on immutable code that cannot easily patch itself.
Consider recent history. Hacken reported more than $3.1 billion stolen across crypto in the first half of 2025 alone, surpassing the $2.85 billion full-year 2024 total.
Exploits tied to large language models and AI-connected Web3 infrastructure spiked more than 1,000% compared with 2023, per the same firm. A model that autonomously chains vulnerabilities is exactly the kind of tool this threat landscape was not built to survive.
Look at the sectors most exposed to a Mythos-class capability:
- Centralized exchanges running custom matching engines and hot-wallet logic.
- Stablecoin issuers like Tether and Circle, whose smart contracts hold hundreds of billions in dollar-pegged liabilities.
- Cross-chain bridges, historically the industry's weakest link by stolen value.
- DeFi protocols whose composability multiplies blast radius across interconnected contracts.
- Market makers and trading desks that manage API keys and automated infrastructure at scale.
Map those categories against Anthropic's claim of autonomous, chained exploitation, and the risk model changes. Crypto does not get the regulatory shield that legacy banks enjoy.
Also Read: Circle CEO Sees Yuan Stablecoin Arriving Within 5 Years
The First Real Battleground Is Exchanges And Custodians
Watch the largest crypto venues first. They process most of the industry's volume, and they carry a long public record of breaches stretching from Mt. Gox to the $1.46 billion Bybit incident in early 2025.
Read the operational picture now. Crypto.com was accused in late 2025 of concealing a Scattered Spider breach that used social engineering to harvest staff credentials.
Coinbase disclosed a bribery-driven data breach that exposed information for roughly 97,000 users. A Mythos-class adversary would not need to bribe anyone to find the next weak link.
Consider custodians and trading desks. Firms like Anchorage Digital Bank and Paxos now hold mandates from Charles Schwab, Morgan Stanley and BlackRock.
Their attack surface is no longer niche infrastructure. It sits adjacent to regulated bank balance sheets and ETF flows worth more than $100 billion.
Also Read: Charles Schwab Spot Bitcoin And Ethereum Trading Goes Live In Q2 With Paxos Custody
Economic Consequences And The New Security Economy
Mythos will not only change who gets hacked. It will change what security costs.
See the pricing signal. After the preview period, Anthropic plans to charge $25 per million input tokens and $125 per million output tokens for Mythos, five times the rate for Opus 4.6.
Only firms with deep budgets will run it at scale. Smaller security vendors will either integrate Mythos through partner clouds, or watch their share disappear into larger ecosystems.
Follow the vendor map. CrowdStrike, Palo Alto Networks and Cisco now sit inside Glasswing, which suggests consolidation is already under way.
Expect several second-order effects:
- Cyber insurance premiums likely climb for firms outside the model's access ring.
- Smaller security vendors get acquired, or become resellers of Glasswing-adjacent tools.
- Regulators push harder for mandatory disclosure and patching timelines.
- Larger institutions pull ahead on defense, widening the gap versus mid-sized peers.
The new security economy will look less like a free market, and more like a licensed one.
Also Read: Bitcoin Inflows To Binance Hit 2020 Lows, Signaling Tighter Supply Ahead
What Mythos Could Mean For Market Structure
Think beyond individual incidents. Markets are confidence machines, and a single publicly confirmed Mythos-style compromise of a top-ten exchange could reprice counterparty risk across crypto within hours.
Watch how liquidity reacts. Capital typically flees to perceived safe venues during stress, as the Bybit and FTX shocks both showed.
If large holders decide that only a handful of custodians meet the new security bar, liquidity will concentrate in those names fast. The long tail of exchanges, bridges and DeFi protocols may end up competing for a shrinking pool of risk-tolerant capital.
Consider the equity story. BlackRock booked $130 billion in Q1 2026 net inflows and $13.9 trillion in assets, with its iShares Bitcoin ETF among the drivers.
Institutional flows into crypto now depend on a security baseline. A Mythos-class adversary threatens to redefine that baseline on the attacker's terms.
Also Read: Bitcoin Coils Near $75,000 As Whales Stack $750M In Fresh Buys
The Bullish Counterargument Favors Defenders
Not every scenario is dark. Anthropic's own case rests on a simple claim: defenders gain more from Mythos than attackers do, because only defenders get the sanctioned access.
Read the UK AI Security Institute report published Apr. 13. Mythos solved 73% of expert-level capture-the-flag tasks and completed a 32-step corporate network attack simulation in testing.
The AISI also noted that the model failed completely in operational-technology environments, and that real-world systems include defenders and tooling absent from test ranges. That caveat matters.
See the defensive wins too. Microsoft Security Response Center, Apple, the Linux Foundation and the Apache Software Foundation will receive direct remediation support under Glasswing.
Open-source maintainers, historically under-resourced, now get a well-funded ally. If most Mythos-found bugs get patched before they reach attackers, the net effect could tilt toward security rather than chaos.
Also Read: CZ Says Biden Wanted To Make An Example Out Of Binance, Denies Paying For Trump Pardon
What Comes Next On Policy And Regulation
Watch the state moves closely. Bloomberg reported on Apr. 16 that White House federal CIO Gregory Barbaccia told Cabinet officials the Office of Management and Budget is preparing protections for agencies to use a modified version of Mythos.
Read the agency picture. CISA and the Center for AI Standards and Innovation have been briefed on Mythos, per CNBC and NBC News.
Follow the UK track. According to American Banker's coverage, Bank of England Governor Andrew Bailey called Mythos a serious challenge that could crack the whole cyber risk world open in remarks at Columbia University.
The Bank's Cross Market Operational Resilience Group includes the Financial Conduct Authority, HM Treasury, the National Cyber Security Centre, and eight of the UK's largest banks. The group is scheduled to discuss Mythos within the next two weeks.
Canada's foreign minister, François-Philippe Champagne, said the model was a key topic at the recent IMF meetings in Washington.
Also Read: Yellow Takes On Tron In Stablecoin Payments With 2.5M TPS Network
A Policy Event Dressed As A Product Launch
Claude Mythos is not a chatbot. It is a policy event dressed as a product launch, aimed squarely at the seams where code meets money.
Look at what the launch signals. A single lab now holds a cyber capability it refuses to sell, that governments want to license, and that crypto cannot ignore.
The combined effect will be measured in security budgets, insurance premiums, liquidity migration and trust.
For ordinary users, Mythos will stay invisible. For finance and crypto, it has already arrived.
Track how the economy absorbs Mythos over the next several quarters. That signal, more than any headline benchmark, will tell the real story of what this frontier model changed.
Read Next: Bitcoin Inflows To Binance Hit 2020 Lows, Signaling Tighter Supply Ahead