The Machine That Hunts Ghosts Claude Mythos, GPT-5.4-Cyber, and the AI Tools Reshaping Cybersecurity

Anthropic did something most technology companies never do. Instead of releasing its newest model to the public and watching adoption numbers climb, it locked the doors. It handed access to roughly fifty organizations and told everyone else: this one is too dangerous.

That model is Claude Mythos Preview. The more you examine what it actually does, the more that caution starts to feel less like corporate theater and more like genuine alarm from people who built something that surprised even them.

What Mythos Can Do

The core capability is this: Mythos can autonomously find security vulnerabilities in software, write working exploits for those vulnerabilities, and chain multiple flaws together to take over entire systems, without a human touching the keyboard after the initial prompt.

During internal testing, Anthropic gave Mythos a list of 100 CVEs and known memory corruption vulnerabilities from 2024 and 2025 against the Linux kernel. The model filtered these down to 40 potentially exploitable ones, then attempted to write privilege escalation exploits for each. More than half succeeded.

Mythos autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD's NFS server, a stack buffer overflow in the RPCSEC_GSS authentication protocol. Now catalogued as CVE-2026-4747, it allows an unauthenticated remote attacker to gain complete root control over the server. That bug had survived 17 years of human security review before the model found it in hours.

In one test, Mythos was run against roughly a thousand open source repositories from the OSS-Fuzz corpus. With one run on each of approximately 7,000 entry points, it achieved 595 crashes at tiers 1 and 2, and full control flow hijack on ten separate, fully patched targets. Previous models had achieved full control flow hijack exactly zero times.

Fewer than one percent of the vulnerabilities Mythos has discovered so far have been fully patched by their maintainers. Anthropic has hired dedicated contractors just to manage the disclosure process.

What the UK Government Found

The UK AI Security Institute introduced a 32-step corporate network attack simulation called "The Last Ones," spanning initial reconnaissance through to full network takeover. No model had ever completed it end to end. Mythos completed it in 3 out of 10 attempts and averaged 22 out of 32 steps across all runs. Claude Opus 4.6 was next, averaging 16 steps. On expert-level capture-the-flag tasks, tasks no model could complete before April 2025, Mythos succeeded 73 percent of the time.

The AISI noted important limitations. The simulated environments lacked active defenders, endpoint detection, and real-time incident response. There were no penalties for triggering security alerts. These results represent performance against weakly defended targets. That caveat matters. But 73 percent on expert-level tasks is not a small number by any measure.

Project Glasswing: Defenders First

Rather than selling access, Anthropic launched Project Glasswing. The coalition includes AWS, Apple, Microsoft, Google, CrowdStrike, Palo Alto Networks, and roughly 40 additional organizations, all focused on using Mythos to harden critical software before attackers develop comparable tools.

Mozilla's experience is the clearest external proof of what that looks like in practice. In April 2025, Firefox shipped 31 bug fixes. In April 2026, after integrating the Mythos pipeline, it shipped 423. Using Mythos, the Firefox team found and fixed 271 security vulnerabilities over roughly two months. Mozilla engineers described the false positive rate as "almost none," a striking departure from earlier AI security tools that flooded teams with plausible but wrong reports.

Mozilla's bug bounty program pays researchers up to $20,000 for finding a bug in Firefox's sandbox. Despite that top-dollar bounty, Mythos is finding more sandbox issues than human researchers ever did.

GPT-5.4-Cyber: A Different Philosophy

While Anthropic locked Mythos behind a closed consortium, OpenAI took a structurally different approach. GPT-5.4-Cyber lowers the refusal boundary for legitimate cybersecurity work and enables new capabilities for advanced defensive workflows, including binary reverse engineering of compiled software without needing source code access.

OpenAI's Codex Security has contributed to over 3,000 critical and high-severity fixed vulnerabilities since its launch. Mythos appears to have more raw offensive-capability depth, which is why Anthropic keeps it behind closed doors. GPT-5.4-Cyber is more accessible, more controlled, and arguably more responsibly deployed right now. Whether "more accessible" is a feature or a limitation depends entirely on whether you are a security researcher trying to do your job or a policymaker trying to contain the capabilities.

The latest iteration, GPT-5.5-Cyber, extends the framework further, providing additional permissions for red-team and penetration testing workflows to organizations that complete an advanced identity verification process.

Google, China, and the Wider Race

Google's Big Sleep accelerates discrete stages of vulnerability research rather than operating as a fully autonomous agent. Experts describe it as meaningfully capable but more focused, accelerating specific phases of human-led research rather than replacing the researcher end to end.

China's 360 Digital Security Group claims its "Multi-Agent Collaborative Vulnerability Discovery System" contributed to roughly half of the vulnerabilities it identified at the Tianfu Cup hacking competition, finding close to 1,000 vulnerabilities in total, including over 50 high-severity flaws across Windows, Android, and IoT devices.

Analysts caution that 360's capabilities appear to accelerate discrete research stages rather than operate as a fully autonomous agent like Mythos. There is also a structural concern that extends beyond technical comparison: Chinese legislation requires private companies to report vulnerabilities to government agencies before disclosing them publicly, effectively channeling elite security research into state intelligence pipelines.

The Critics Are Not Wrong

Researchers at Vidoc and Aisle both concluded that many of Mythos's headline results can be reproduced using cheaper models running in parallel. Stanislav Fort of Aisle put it plainly: "A thousand adequate detectives searching everywhere will find more bugs than one brilliant detective who has to guess where to look."

Semgrep's analysis cut through the noise: Mythos's biggest advance is in exploit generation, not vulnerability detection. The ability to autonomously convert a detected flaw into a working, deployable exploit is where earlier models could not follow. Detection is increasingly commoditized. Construction of reliable, chained exploits is not.

Anthropic's own team estimates that similar capabilities will proliferate from other AI labs within six to eighteen months. Organizations will likely need to roughly double their current cybersecurity spending to keep pace. Annual increases of around 10 percent fall well short of what the threat now demands, particularly in energy, utilities, manufacturing, and water infrastructure, where systems are decades old and cannot be effectively patched.

The window for defenders to prepare is narrow, and it is already closing.