What it is
Claude Mythos Preview is Anthropic’s restricted frontier model for advanced cybersecurity work. It is distributed through Project Glasswing, a defensive security initiative involving major software and infrastructure organizations.
What is verified
The public record is split between broad claims and concrete entries. The concrete entries in this ledger are:
- CVE-2026-4747, the FreeBSD NFS/RPCSEC_GSS remote kernel RCE that Anthropic says Mythos Preview fully autonomously identified and exploited.
- Mozilla’s Firefox 150 release cluster, where Mozilla says Mythos identified 271 vulnerabilities and advisories explicitly credit researchers using Claude from Anthropic on specific CVEs.
- Anthropic’s May 2026 coordinated vulnerability disclosure dashboard, where Project Glasswing reveals fixed, vendor-confirmed, CVE/GHSA-backed open-source entries discovered by Claude Mythos Preview.
What is not counted
Anthropic says Mythos found many other vulnerabilities in operating systems, browsers, FFmpeg, OpenBSD, Linux, and open-source projects. The dashboard also contains many disclosed or candidate items that are not publicly revealed at technical detail level. Bugflation does not count those as individual findings until they are publicly auditable.