On April 7, 2026, Anthropic announced Claude Mythos Preview - a model that autonomously finds and exploits zero-day vulnerabilities across every major operating system and every popular browser. During testing, Mythos discovered a 27-year-old bug in OpenBSD, a 16-year-old vulnerability in FFmpeg, and - fully without human involvement after the initial prompt - autonomously exploited a 17-year-old remote code execution flaw in FreeBSD, gaining unauthenticated root access to the server. Anthropic described this as a "watershed moment" for cybersecurity, and CEO Dario Amodei warned of "some enormous increase in the amount of breaches and financial damage from ransomware" in the near future.
That is precisely why the model remained closed to the public. Instead of a general release, Anthropic launched Project Glasswing - a consortium of approximately 40 technology companies, including Amazon, Microsoft and Apple, using Mythos exclusively for defensive purposes. Today, May 28, alongside the release of Opus 4.8, the company announced that Mythos-class models will become available to all customers "in the coming weeks."
For the crypto market, this matters for one core reason: traditional cybersecurity economics relied on asymmetry between attack and defense. Mythos collapses the cost of finding vulnerabilities toward zero - for both sides simultaneously. White-hat researchers and smart contract auditors gain a tool for deep automated code review. Attackers gain an equivalent accelerator for finding flaws in smart contracts, bridges, oracles, and frontends. DeFi remains a particularly exposed environment: code is open, exploits are irreversible, and the pace of auditing has historically lagged behind the pace of development. In 2024, hackers drained approximately $1.8 billion from DeFi protocols.
Anthropic estimates a six-to-twelve month window before adversarial actors build models with equivalent capabilities. That is the real timeframe for security teams who want to end up on the right side of this equation.



