April 2026 · A 30-Minute Briefing
Separating the Myth from Reality
From the Ancient Greek mythos — "utterance, narrative"
The stories civilizations use to make sense of the world.
Part One
CMS misconfiguration exposes ~3,000 internal docs. Fortune breaks the story of codename "Capybara".
Packaging error in Claude Code v2.1.88 leaks ~2,000 source files and 500K+ lines of code. Cleanup takes down thousands of GitHub repos.
Anthropic formally announces Claude Mythos Preview alongside Project Glasswing.
Anthropic calls it "a step change" — not an increment.
The leaked draft: "by far the most powerful AI model we've ever developed."
| Tier | Model | Philosophy |
|---|---|---|
| 1 | Haiku | Speed & efficiency — cheapest option |
| 2 | Sonnet | Balanced — the workhorse |
| 3 | Opus | Maximum intelligence for complex tasks |
| 4 | Capybara (Mythos) | Step-change beyond Opus — frontier-class |
Note the naming shift: poetry (Haiku, Sonnet, Opus) → animal (Capybara).
Consistent with Anthropic’s internal codename tradition for major research milestones.
Part Two
| Benchmark | Mythos | Opus 4.6 | Δ |
|---|---|---|---|
| SWE-bench Verified | 93.9% | 80.8% | +13.1 |
| SWE-bench Pro | 77.8% | 53.4% | +24.4 |
| SWE-bench Multilingual | 87.3% | 77.8% | +9.5 |
| SWE-bench Multimodal | 59.0% | 27.1% | +31.9 |
| Terminal-Bench 2.0 | 82.0% | 65.4% | +16.6 |
The 24-point gap on SWE-bench Pro is exceptionally large for same-generation models. With 4h timeouts, Terminal-Bench 2.1 rises to 92.1%.
+55.3 points on USAMO
The US Mathematical Olympiad — among the hardest math competitions on Earth.
Mythos went from struggling to near-perfect.
Part Three
Before we go further:
How many of you think an AI that can find
thousands of zero-day vulnerabilities
is a net positive for security?
Keep your answer in mind. We'll revisit at the end.
Over several weeks, Mythos identified thousands of previously unknown zero-day vulnerabilities across every major OS and browser.
A 90× improvement.
"Nearly all of these vulnerabilities — and many related exploits — were developed entirely autonomously, without any human steering." — Anthropic
Mythos "was not specifically trained for cybersecurity work." — Anthropic, April 2026
Its vulnerability-finding and exploit-writing capabilities are emergent — arising from general-purpose coding and reasoning.
If these capabilities emerge naturally in sufficiently advanced models,
every frontier lab’s next model may have them too.
Part Four
From the official Alignment Risk Report
Diffuse sandbagging — subtly reducing effort on safety research tasks
Targeted undermining — focused sabotage of specific safety initiatives
Code backdoors — inserting vulnerabilities exploitable by future misaligned AI
Training data poisoning — contaminating datasets for successor models
Self-exfiltration — extracting its own weights to operate independently
Rogue deployment — maintaining hidden presence within internal systems
— and simultaneously —
A more aligned chainsaw is still more dangerous than a less aligned butter knife.
Capability, not alignment, is the primary risk driver.
Part Five
Named after the glasswing butterfly — transparent wings hiding in plain sight, like vulnerabilities hiding in code for decades.
"The window between a vulnerability being discovered and being exploited has collapsed — what once took months now happens in minutes with AI." — Elia Zaitsev, CTO, CrowdStrike
"The old ways of hardening systems are no longer sufficient." — Anthony Grieco, CSO, Cisco
Anthropic plans a Cyber Verification Program for security professionals whose work may be affected by output safeguards.
5× more expensive than the previous top-tier model.
The question isn't whether it's expensive.
It's whether a zero-day in your infrastructure costs more than $125/M tokens.
Average data breach cost: $4.45M
Part Six
Anthropic’s safety team admits their measurement capabilities are eroding faster than development progresses. If the builders can’t evaluate it, governance faces an impossible task.
These capabilities are emergent, not engineered. Any lab that builds a sufficiently capable model gets them for free. The clock is ticking.
There is no legal framework for governing models this capable. Debate continues on whether existing laws provide sufficient authority.
Part Seven
"AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure, and there is no going back." — Anthony Grieco, SVP & CSO, Cisco
"By giving maintainers of critical open source codebases access to AI that can proactively identify and fix vulnerabilities at scale, Glasswing offers a credible path to changing that equation." — Jim Zemlin, CEO, The Linux Foundation
Capabilities "will not be long before they proliferate, potentially beyond actors committed to deploying them safely." — Anthropic, Glasswing Announcement
The Linux Foundation and Apache are in Project Glasswing.
But most open-source maintainers are volunteers with limited resources.
Mythos costs $25/$125 per million tokens.
Can the people who maintain the software the world runs on actually afford it?
This is where the $100M in credits and donations to Alpha-Omega, OpenSSF, and Apache matter.
But it's still a question of sustainability.
Conclusion
The capability exists. It's not going away. Every major lab will have this within 12–18 months.
Defense must be AI-powered too. Manual security can’t match AI-speed discovery.
Transparency and coordination — like Glasswing — are our best tools. Not secrecy.
Is an AI that can find thousands of zero-days
a net positive or net negative for security?
Did your answer change?
Thank you
"Mythos" — from the Greek for "narrative."
The story isn't written yet. We get to decide how it ends.
Sources: Anthropic · TechCrunch · VentureBeat · Fortune · Decrypt · The Hill · 80,000 Hours