Anthropic Mythos: Pentagon Banned It, Banks Are Testing It

On April 7, 2026, Anthropic published a report that spooked the most powerful rooms in America simultaneously. Mythos Preview — the company's most capable AI model to date — had done something no security team in history had managed: it autonomously found zero-day vulnerabilities (previously unknown security flaws that give attackers complete control of a system) in every major operating system and every major web browser. Anthropic's decision was immediate. This model would not be released to the public.

What followed was a collision of political contradictions. The same Trump administration that had blacklisted Anthropic from Pentagon contracts was now urgently directing Wall Street's biggest banks to begin testing that very model. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an emergency meeting with bank CEOs. The alarm was real — and so was the pressure to act.

How Anthropic Mythos Uses AI Automation to Find Zero-Day Vulnerabilities

Mythos Preview's cybersecurity abilities were never intentional. CEO Dario Amodei explained the situation plainly: "We haven't trained it specifically to be good at cyber. We trained it to be good at code, but as a side effect of being good at code, it's also good at cyber."

The research methodology was deliberately minimal: launch an isolated container (a sandboxed virtual environment — a walled-off copy of the target software, separated from the real system) running target code, give Mythos a single prompt, and let it work. No follow-up instructions. No human hand-holding. Mythos read source code, formed hypotheses, ran the software, used debugging tools (programs that let you inspect exactly what software is doing, line by line), and produced working exploit code — entirely on its own.

The numbers are stark:

• 100% success rate on Cybench — a benchmark of 35 real-world CTF (Capture the Flag) challenges drawn from four international cybersecurity competitions
• 181 successful Firefox exploits, compared to just 2 successes for the prior model (Claude Opus 4.6) across hundreds of attempts on the same targets
• 72.4% of identified Firefox JavaScript vulnerabilities converted into fully working shell exploits (code that gives an attacker a command prompt on your machine)
• Chained four separate vulnerabilities into a single browser attack — escaping both the browser renderer and the OS-level sandbox (the security barrier meant to prevent browser code from touching the rest of your computer)
• Led 17 of 18 benchmarks across Anthropic's internal evaluation suite, saturating nearly all existing capability evaluations
• Scored 0.83 on CyberGym — up from 0.67 for the prior model — a benchmark testing targeted vulnerability reproduction in real open-source codebases

Among the specific discoveries: a 17-year-old remote code execution vulnerability (RCE — a flaw letting anyone on the internet run arbitrary code on a target machine, no password required) in FreeBSD, catalogued as CVE-2026-4747. A 27-year-old bug in OpenBSD — widely regarded as the most hardened general-purpose operating system available, commonly deployed in firewalls and government-critical infrastructure — that had gone entirely undetected. And a flaw in FFmpeg (the open-source video processing library embedded in YouTube, WhatsApp, VLC, and thousands of other applications) that had survived five million automated security tests without being caught once.

The Pentagon Paradox: Banned on Monday, Deployed by Friday

The political contradiction surrounding Mythos may be the strangest subplot in recent AI history.

The Trump administration currently maintains Anthropic on a Pentagon "supply chain risk" designation — a classification that bars Anthropic from defense contracts and instructs military contractors to stop using its technology. The reason: Anthropic refused to remove two safety constraints from its models. It will not build models optimized for fully autonomous weapons systems. It will not enable mass surveillance of American citizens.

On April 8, 2026 — one day after Mythos launched publicly — Anthropic lost an appeals court bid to temporarily block that Pentagon blacklisting.

That same week, officials from the same administration directed Wall Street banks to begin testing Mythos internally — using it to find vulnerabilities in their own systems before malicious actors could. Goldman Sachs, Citigroup, Bank of America, and Morgan Stanley have all been confirmed as testing the model.

As The Next Web summarized: "Every bank that adopts Mythos deepens the company's integration into critical national infrastructure, making the supply chain designation look increasingly absurd."

The Bessent-Powell Emergency Meeting: Anthropic Mythos as a National Security Threat

On April 10, 2026, Bessent and Powell convened what Bloomberg described as an "urgent" meeting at Treasury headquarters in Washington, with the CEOs of the country's most systemically important (too-big-to-fail) financial institutions, summoned on short notice.

Attendees included Jane Fraser (Citigroup), Ted Pick (Morgan Stanley), Brian Moynihan (Bank of America), Charlie Scharf (Wells Fargo), and David Solomon (Goldman Sachs). The single notable absence: Jamie Dimon of JPMorgan Chase — though JPMorgan is a Project Glasswing launch partner.

The message from Treasury and the Fed: the same software categories running on bank networks — Linux kernel derivatives, web browsers, FFmpeg-powered media pipelines — are exactly the software Mythos systematically dismantles. A model with similar capabilities in adversarial hands could identify and chain exploits across critical infrastructure faster than any human security team could detect, let alone patch.

Project Glasswing: $104 Million in Controlled Defense

Anthropic's answer to the situation it created is Project Glasswing — a restricted deployment keeping Mythos Preview out of public hands while directing it toward infrastructure defense.

The commitment includes:

• $100 million in Mythos Preview usage credits made available to partner organizations
• $4 million in direct donations to open-source security foundations and software maintainers
• Access extended to approximately 40–50 organizations that build or maintain software critical infrastructure worldwide

Launch partners span the backbone of the modern internet: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Each of these organizations maintains software that hundreds of millions of people depend on daily.

Amodei framed the long-term stakes directly: "More powerful models are going to come from us and from others, and so we do need a plan to respond to this." The implication is significant. Mythos is not the endpoint — it is the first publicly acknowledged model with these autonomous offensive capabilities. Future models, from Anthropic and from competitors, will likely surpass it. Project Glasswing is an attempt to establish a defensive protocol before that happens.

A Note of Skepticism: What the Anthropic Mythos AI Report Actually Confirms

Tom's Hardware published a sharp counteranalysis, noting that Anthropic's claim of "thousands" of severe zero-days was extrapolated from just 198 manually reviewed vulnerability reports — with expert contractors agreeing with Mythos's severity assessments in roughly 90% of those cases. Anthropic itself acknowledged it "can't actually confirm that all of the thousands of bugs Mythos claims to have found are actually critical security vulnerabilities." Red Hat's analysis found that many flagged bugs were functionality issues rather than exploitable security flaws.

Gary Marcus, writing in the Communications of the ACM (the Association for Computing Machinery — one of computing's oldest and most respected professional bodies), published a skeptical analysis asking what observers should actually take from the report. The honest answer sits somewhere between the extremes: even at half the claimed capability, a model that autonomously finds and chains real vulnerabilities at scale — in production software, without human guidance — represents a qualitative shift in what AI can do to critical infrastructure. Whether Mythos is a sales pitch, a genuine security breakthrough, or both, governments and the world's largest banks are treating it as a real threat that demands a real response.

If you manage enterprise infrastructure or are evaluating AI-powered security tooling, Anthropic's Project Glasswing page is the official access point. Based on the partner list and emergency government response, the waiting list is growing fast. Learn how to assess AI security tools for your organization before the next model arrives.

Related Content — Get Started | Guides | More News