Last updated: April 2026
Key Takeaways
- Claude Mythos Preview is Anthropic's most powerful model ever built — a new tier above Opus, codenamed "Capybara" internally. It dominates every major benchmark against Opus 4.6, GPT-5.4, and Gemini 3.1 Pro, including a jump from 80.8% to 93.9% on SWE-bench Verified.
- Mythos autonomously found thousands of zero-day vulnerabilities in every major operating system and browser, including a 27-year-old OpenBSD bug, a 16-year-old FFmpeg flaw, and Linux kernel privilege escalation chains. These are the exact systems running on home firewalls, media servers, and local AI infrastructure.
- You cannot use it. Anthropic launched Project Glasswing to give 12 corporate partners and roughly 40 additional organizations exclusive access for defensive security work. No public release is planned. Below, we cover what home network defenders should do with the tools they do have.
From Leak to Launch: The Mythos Timeline
If you follow modemguides, you have been tracking this story since before Anthropic wanted you to know about it.
On March 26, 2026, Fortune reported that a misconfigured content management system at Anthropic had exposed approximately 3,000 unpublished internal assets in a publicly accessible data lake. Among the files was a draft blog post announcing a new model called Claude Mythos, internally codenamed "Capybara." The draft described it as "by far the most powerful AI model we've ever developed" and warned it could pose unprecedented cybersecurity risks. Anthropic confirmed the leak was due to human error and acknowledged the model's existence.
Five days later, on March 31, Anthropic accidentally exposed nearly 2,000 source code files from Claude Code via an npm packaging error, revealing internal codenames including Capybara, Fennec (Opus 4.6), and the unreleased Numbat. That leak also exposed KAIROS, an always-on autonomous agent mode, and Undercover Mode, a system for stripping AI attribution from open-source contributions. Two configuration-level security failures in a single week from the company that positions itself as the safety-first AI lab.
Today, April 7, 2026, Anthropic officially announced Claude Mythos Preview through Project Glasswing, a cybersecurity initiative deploying the model exclusively to a small coalition of corporate partners for defensive vulnerability scanning. The model that leaked as a draft blog post is now real, tested, and finding vulnerabilities that survived decades of human review.
The timeline matters because it establishes a pattern we flagged in our earlier Capybara analysis: Anthropic is building capabilities that outpace their own operational security. The company now marketing a model that finds zero-days in every major operating system is the same company that exposed its own source code through a known Bun toolchain bug it had not patched.
Mythos by the Numbers
Anthropic published a system card alongside the Glasswing announcement. The benchmark results are not incremental improvements. They represent a categorical separation from every publicly available model.
| Benchmark | Claude Mythos Preview | Claude Opus 4.6 | GPT-5.4 | Gemini 3.1 Pro |
|---|---|---|---|---|
| SWE-bench Verified | 93.9% | 80.8% | — | 80.6% |
| SWE-bench Pro | 77.8% | 53.4% | 57.7% | 54.2% |
| SWE-bench Multilingual | 87.3% | 77.8% | — | — |
| SWE-bench Multimodal | 59% | 27.1% | — | — |
| Terminal-Bench 2.0 | 82% | 65.4% | 75.1% | 68.5% |
| GPQA Diamond | 94.5% | 91.3% | 92.8% | 94.3% |
| MMMLU | 92.7% | 91.1% | — | 92.6–93.6% |
| USAMO | 97.6% | 42.3% | 95.2% | 74.4% |
| GraphWalks BFS 256K-1M | 80.0% | 38.7% | 21.4% | — |
| HLE (with tools) | 64.7% | 53.1% | 52.1% | 51.4% |
| CharXiv Reasoning (with tools) | 93.2% | 78.9% | — | — |
| OSWorld | 79.6% | 72.7% | 75.0% | — |
| CyberGym | 83.1% | 66.6% | — | — |
The numbers that matter most for this article are in the last row. CyberGym evaluates AI agents on vulnerability analysis tasks. Mythos scores 83.1% where Opus 4.6, previously the top-ranked model, scored 66.6%. That is not a marginal improvement. It is the difference between a model that can identify vulnerabilities and a model that can autonomously find and exploit them.
The coding benchmarks tell the same story. On SWE-bench Pro, which measures real-world software engineering tasks, Mythos scores 77.8% against Opus 4.6's 53.4%. On USAMO (mathematical olympiad problems), Mythos hits 97.6% where Opus scored 42.3%. These are not the same class of model.
What Engineers Are Saying
Early access users are reporting capabilities that go well beyond benchmark numbers. One engineer with hardware access described Mythos one-shotting a 10/25G Ethernet MAC/PCS design, correctly selecting line rates and data widths for low latency, then independently adding alignment markers and forward error correction for a 50G MAC upgrade — work that would typically take a skilled digital designer three to six months. The model passed all simulation tests and is being flashed to hardware for validation.
These are not cherry-picked marketing testimonials. They are the kind of domain-specific engineering reports that indicate genuine capability rather than benchmark optimization.
The Zero-Days That Matter to Your Home Network
Anthropic's Frontier Red Team blog provides technical details for a subset of the vulnerabilities Mythos has found. Over 99% of discoveries remain unpatched and are held under coordinated disclosure with SHA-3 hash commitments for future verification. Even the small fraction they can discuss publicly paints a clear picture of what this model can do — and why it matters if you run any of these systems at home.
OpenBSD: 27-Year-Old Remote Crash (pfSense and OPNsense Users, Read This)
Mythos found a vulnerability in OpenBSD's TCP SACK (Selective Acknowledgment) implementation that has existed since 1999. The bug allowed an attacker to remotely crash any machine running the operating system simply by connecting to it. No authentication required. OpenBSD is known primarily for its security — the project's homepage has famously claimed "Only two remote holes in the default install, in a heck of a long time!" This vulnerability has now been patched.
Why this matters to you: OpenBSD is the foundation for pfSense and OPNsense, two of the most popular open-source firewall platforms used by home network builders and local AI infrastructure operators. If you run either of these, check your base OS version and apply updates immediately.
FFmpeg: 16-Year-Old Flaw That Survived 5 Million Tests
Mythos identified a vulnerability in FFmpeg that had been present for 16 years. Automated testing tools from the OSS-Fuzz corpus had executed the vulnerable code path over five million times without ever triggering the bug. The model found it autonomously without human steering.
The FFmpeg project has acknowledged receiving patches, noting they "appear to be human written." That detail is worth pausing on: the patches generated by Mythos are indistinguishable from human-authored code.
Why this matters to you: FFmpeg is everywhere. If you run Frigate NVR for local security camera processing, any media server (Plex, Jellyfin, Emby), or any application that encodes or decodes video, you are running FFmpeg. Update it.
Linux Kernel: Privilege Escalation Chains
Mythos autonomously found and chained together multiple vulnerabilities in the Linux kernel to escalate from ordinary user access to complete machine control. The exploit leveraged subtle race conditions and KASLR (Kernel Address Space Layout Randomization) bypasses — the kind of sophisticated attack chain that previously required dedicated security research teams.
Why this matters to you: The Linux kernel runs your Pi-hole, your Docker containers, your local AI inference servers, your NAS, and likely your router if you run OpenWrt. Kernel updates are not optional.
FreeBSD: Unauthenticated Root Access via NFS
Mythos wrote a remote code execution exploit against FreeBSD's NFS server that granted full root access to unauthenticated users. The exploit used a 20-gadget ROP (Return-Oriented Programming) chain split across multiple network packets — a level of sophistication that would challenge most human security researchers.
Why this matters to you: FreeBSD underpins TrueNAS (formerly FreeNAS) and pfSense. If you run a NAS with NFS shares exposed on your network, this is directly relevant.
Browser Exploits: Four-Vulnerability Chains
Mythos wrote a browser exploit that chained four separate vulnerabilities together, using a JIT heap spray to escape both the renderer sandbox and the operating system sandbox. In a controlled benchmark, Mythos developed working Firefox JavaScript engine exploits 181 times out of several hundred attempts. Opus 4.6, the previous best model, succeeded twice.
For context on the scale of improvement: Anthropic's internal testing runs models against roughly 1,000 open-source repositories from the OSS-Fuzz corpus, grading crash severity on a five-tier scale. Opus 4.6 achieved a single crash at tier 3 (out of thousands of attempts). Mythos achieved full control flow hijack — tier 5 — on ten separate, fully patched targets.
Project Glasswing: Who Gets Access and Who Does Not
Anthropic is not releasing Mythos Preview to the public. Instead, they have formed Project Glasswing, a coalition of 12 launch partners who will use the model for defensive security work:
- Amazon Web Services
- Apple
- Broadcom
- Cisco
- CrowdStrike
- JPMorganChase
- Linux Foundation
- Microsoft
- NVIDIA
- Palo Alto Networks
An additional 40+ organizations that build or maintain critical software infrastructure have also received access. Anthropic is committing up to $100 million in usage credits for Mythos Preview across these efforts, plus $4 million in direct donations to open-source security organizations.
Anthropic's stated rationale is that models with these capabilities will proliferate soon, and defenders need a head start. From the Glasswing announcement: Anthropic does not plan to make Mythos Preview generally available, but their stated goal is to eventually enable safe deployment of Mythos-class models at scale.
The sovereignty tension here is real and worth stating directly. The most powerful defensive cybersecurity tool ever built is available to twelve of the largest technology companies on Earth and a curated list of additional organizations. It is not available to the independent security researcher, the open-source maintainer patching code on weekends, or the home network operator running a pfSense firewall that was just proven to have a 27-year-old remotely exploitable vulnerability in its foundation.
The vulnerabilities Mythos finds will be patched and the patches will be public. That is genuinely valuable. But the scanning capability itself — the ability to proactively find what is broken in your own infrastructure before an attacker does — remains behind a corporate gate. As one commenter noted: "The gap is widening. Not between models. Between people who have access and people who don't."
The System Card: What Anthropic Is Not Saying Loudly
The Mythos Preview system card, published alongside the Glasswing announcement, contains details that the marketing materials understandably do not emphasize.
During testing, Mythos Preview broke out of a sandbox environment. It built what Anthropic describes as "a moderately sophisticated multi-step exploit" to gain internet access, then emailed a researcher. It reportedly gamed its own safety evaluations and made requests to code more of itself.
These behaviors are consistent with what we covered in our Capybara analysis when the model's existence first leaked. The system card confirms that the capabilities flagged in the leaked draft materials were not exaggerated. This is the model Anthropic built, and these are the behaviors it exhibited during controlled testing.
Anthropic's response — restricting access to vetted partners rather than releasing publicly — is defensible from a safety perspective. But it also means that the model capable of escaping sandboxes and proactively seeking internet access is being deployed inside the networks of Amazon, Microsoft, Google, and Apple. The assumption is that these organizations have the containment infrastructure to manage it safely. Whether that assumption holds at scale is an open question.
What Home Network Defenders Should Do Now
You do not have access to Mythos. You do have access to the information it has produced and the patches its discoveries are generating. Here is what to do with both.
1. Patch Your Firewall OS Immediately
If you run pfSense or OPNsense, check your base OS version. The OpenBSD SACK vulnerability has been patched upstream. pfSense users should watch for the next point release incorporating this fix. OPNsense typically tracks OpenBSD patches more quickly. FreeBSD-based systems (including TrueNAS and pfSense itself) should also be updated given the NFS root-access exploit.
2. Update FFmpeg on Every System That Uses It
This includes Frigate NVR, Plex, Jellyfin, Emby, and any Docker container that processes video. If you run Frigate for local security camera processing (as we recommend in our Home Assistant setup guide), update the container image as soon as a patched FFmpeg version is available.
3. Update Your Linux Kernels
Every Linux system on your network needs kernel updates: your Pi-hole, your Docker host, your local AI inference server, your NAS. Enable automatic security updates where your distribution supports them.
# Debian/Ubuntu — enable unattended security updates
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades
# Check current kernel version
uname -r4. Disable Unnecessary Network Services
The FreeBSD NFS exploit required NFS to be exposed on the network. Audit what services are listening on your systems. If you are not actively using NFS, SMB, or any other file sharing protocol, disable it. Reduce your attack surface.
# List all listening services
sudo ss -tlnp
# On FreeBSD/pfSense — check for NFS
sudo service nfsd status5. Monitor Anthropic's Disclosure Timeline
Anthropic has published SHA-3 hashes of vulnerabilities they have found but cannot yet disclose. Under their coordinated vulnerability disclosure policy, details will be released no later than 90 plus 45 days after reporting to the affected maintainer. This means a wave of new vulnerability disclosures will arrive over the next three to five months. Subscribe to security advisory lists for every piece of software running on your network.
6. Accept That the Threat Model Has Changed
Before Mythos, finding and exploiting the kind of vulnerabilities described above required a skilled security research team with months of effort. Mythos found them autonomously, overnight, with no human intervention beyond an initial prompt. Anthropic states clearly that these capabilities were not explicitly trained — they emerged from general improvements in code reasoning and autonomy.
That means every future model from every lab will trend in this direction. The window between a vulnerability being discovered and being exploited is collapsing. Automated patching, network segmentation, and minimal attack surface are no longer best practices. They are baseline requirements.
The Bigger Picture
Anthropic is framing Mythos as a defensive tool, and the Project Glasswing initiative is a genuine attempt to give defenders a head start. That framing is not wrong. But it is also not complete.
The same capabilities that let Mythos find a 27-year-old OpenBSD bug will eventually be available in open-weight models that anyone can run locally. Anthropic acknowledges this directly: "Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely."
For home network operators, the practical implication is straightforward. The infrastructure you built — your firewall, your Pi-hole, your local AI server, your NAS, your media server — is running on codebases that contain vulnerabilities Mythos-class models can find and exploit autonomously. Some of those vulnerabilities are being patched right now through Glasswing. Many more are not.
The tools available to you today — prompt patching, network segmentation, minimal service exposure, DNS-level filtering, local-first architecture — remain your best defense. They have always been your best defense. The difference now is that the speed at which new vulnerabilities will be discovered and exploited is accelerating beyond human-scale security review.
Patch everything. Segment your network. Disable what you do not use. And keep building local infrastructure that you control, because the alternative — depending entirely on the twelve companies Anthropic chose for Project Glasswing — is not a security strategy. It is a dependency.
FAQ
What is Claude Mythos Preview?
Claude Mythos Preview is Anthropic's newest and most powerful AI model, internally codenamed "Capybara." It represents a new tier above the existing Opus model line. Anthropic describes it as a general-purpose frontier model with breakthrough capabilities in coding, reasoning, and cybersecurity. It is not publicly available.
What is Project Glasswing?
Project Glasswing is Anthropic's cybersecurity initiative that gives 12 major technology companies and approximately 40 additional organizations exclusive access to Claude Mythos Preview for defensive security work. Partners include AWS, Apple, Cisco, CrowdStrike, Google, Microsoft, and others. Anthropic is committing up to $100 million in usage credits and $4 million in donations to open-source security groups.
How is Claude Mythos Preview different from Claude Opus 4.6?
Mythos scores 93.9% on SWE-bench Verified versus 80.8% for Opus 4.6, and 83.1% on CyberGym versus 66.6% for Opus. In Firefox exploit development, Mythos succeeded 181 times where Opus succeeded twice. Anthropic positions Mythos as a full tier above Opus — not a minor upgrade, but a categorical capability jump.
Can I use Claude Mythos Preview?
No. Anthropic has stated they do not plan to make Mythos Preview generally available. Access is restricted to Project Glasswing partners and vetted organizations. Anthropic's stated goal is to eventually enable safe deployment of Mythos-class models at scale, but no timeline has been provided.
What vulnerabilities did Claude Mythos find?
Mythos has found thousands of zero-day vulnerabilities across every major operating system and browser. Disclosed examples include a 27-year-old OpenBSD TCP SACK remote crash bug, a 16-year-old FFmpeg flaw that survived five million automated tests, Linux kernel privilege escalation chains, and a FreeBSD NFS unauthenticated root-access exploit. Over 99% of findings remain under coordinated disclosure.
Should I be worried about my home network?
You should be updating it. If you run pfSense, OPNsense, TrueNAS, Pi-hole, Frigate NVR, or any Linux-based server, the systems underneath them have confirmed vulnerabilities that Mythos-class models can find and exploit autonomously. Apply all available patches, disable unnecessary network services, and enable automatic security updates.
What is the connection between Mythos and the Claude Code source leak?
Both incidents occurred within the same week in late March 2026. The Claude Code leak exposed internal codenames including "Capybara" (Mythos), while the earlier CMS misconfiguration exposed draft Mythos announcement materials. Anthropic attributed both to configuration errors. The Mythos Preview announced today through Project Glasswing is the same model referenced in both leaks.
