Anthropic's Mythos Found Millions of Security Vulnerabilities - The Last Invention is AI

Summary5 min read

Podcast Summary: The Last Invention is AI
Episode Title: Anthropic's Mythos Found Millions of Security Vulnerabilities
Host: Jaden Schaefer
Date: April 7, 2026

Episode Overview

In this episode, Jaden Schaefer explores the seismic implications of Anthropic’s latest AI breakthrough, codenamed Project Glasswing. Powered by the unreleased Claude Mythos Preview model, this initiative aims to secure the world's most critical software by rooting out vulnerabilities better than nearly any human expert. The host dives into the details on why Anthropic has chosen to delay a public launch, the industry’s response, and what this could mean for software security and the evolution of powerful general AI models.

Key Discussion Points & Insights

1. Introduction to Project Glasswing and Mythos (00:00–03:30)

Project Glasswing: Anthropic’s urgent new initiative to secure global software, powered by the Claude Mythos Preview model, touted as their “most powerful model yet.”
Mythos can find software vulnerabilities better than almost any skilled human.
Not currently released to the public—distribution is limited to security researchers and major tech partners.

Quote:
"It's powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans."
— Jaden Schaefer (00:22)

2. Why Mythos Is a Gamechanger (03:30–06:30)

Mythos has found "thousands of zero day vulnerabilities, many of them critical," including vulnerabilities 10–20 years old.
Anthropic is restricting access until industry partners have time to patch vulnerabilities found by Mythos.
The fear: releasing it publicly could enable mass exploitation before software can be secured.

Quote:
"It's like the model's so powerful, they can't release it till we fix all the software in the world."
— Jaden Schaefer (05:19)

3. How Anthropic Is Rolling Out Mythos (06:30–08:30)

Mythos is being deployed by 40 partner organizations:
- Including Amazon, Apple, Broadcom, Cisco, CrowdStrike, Linux Foundation, Microsoft, Palo Alto Networks.
Purpose: equip these organizations to patch vulnerabilities across both proprietary and open-source code.
Data on what Mythos has been trained on is limited; not officially stated to be trained solely on code or cybersecurity tasks.

4. Anthropic’s New Model Tiering and Naming (08:30–10:00)

Anthropic typically used Opus/Sonnet nomenclature, but “Mythos” signals a new tier for general models.
Leaked documents indicate “Capybara” as the actual successor to Opus—stronger than anything Anthropic has released.

Quote:
“Capybara is the new name for a new frontier of model. It's larger and more intelligent than Opus… I don't know where they get the names for these. It's almost as bad as Bard in my opinion, but whatever.”
— Jaden Schaefer (09:54)

5. Security Concerns, Government Interaction, and Industry Strategy (10:00–13:30)

Government hesitancy and legal wrangling: Pentagon identified Anthropic as a “supply chain risk” after they refused to allow military uses.
Anthropic is in “ongoing discussions with a bunch of federal officials,” but legal issues complicate matters.
Leaks about Mythos began circulating after an unpublished blog and a Fortune-reported data incident.

Quote:
“With bad relationships with the government, they're giving this to the government, they're giving this to every major organization and telling them, look, like, use this and try to fix it before something like this gets out.”
— Jaden Schaefer (12:35)

6. Accidental Internal Leak, Revenue Explosion, and Business Growth (13:30–16:00)

Last month: Anthropic accidentally exposed 2,000 source code files, causing shutdown of 1,000 GitHub repositories during cleanup.
Anthropic’s revenue is skyrocketing:
- End of 2025: $9 billion run rate
- April 2026: $30 billion (more than triple in three months)
- 1,000+ business clients each spend $1M+ annually, up from 500 just two months prior.
Anthropic positions itself for enterprises rather than casual users.

Quote:
“Their growth is absolutely astronomical. And I think where Anthropic really crushed it, OpenAI is kind of targeting the everyday user… Anthropic is targeting business users.”
— Jaden Schaefer (15:39)

7. Industry Impact and Rationales for Controlled Rollout (16:00–18:00)

Anthropic’s rationale: even if they withheld Mythos, other groups (e.g., in China) would eventually develop similar models.
Best strategy: empower defenders to patch global software before inevitable public access.
$100 million in credits/tokens pledged to partners (e.g., Microsoft) to incentivize them to run and fix as many vulnerabilities as possible.

Quote:
“They’re literally paying Microsoft to fix the security vulnerabilities of the world because their model is about to crush it.”
— Jaden Schaefer (17:24)

Notable Quotes & Moments

On existential software risk:
"This is going to be an existential crisis for code because everything can be hacked and there's vulnerabilities everywhere that can be found." (01:05)
On runaway AI capability:
"It's the most sophisticated and high performance model. It can do complex tasks and it can do a lot of agent building and coding." (07:03)
On Anthropic’s new tier naming:
"Capybara is going to be better than Opus. But Mythos is kind of the umbrella of models." (09:54)

Timestamps for Key Segments

00:00 – 03:30: Introduction to Project Glasswing and Mythos
03:30 – 06:30: Why Mythos is different: zero-day discovery at scale
06:30 – 08:30: Distribution plan—major tech partners and rollout
08:30 – 10:00: Model naming, tiers, and “Capybara” leak
10:00 – 13:30: Government friction, leaks, and the security landscape
13:30 – 16:00: Code leak incident, revenue growth, and enterprise strategy
16:00 – 18:00: Controlled rollout rationale and partner incentives

Summary Takeaways

Mythos represents a huge step forward in AI’s capability to autonomously scan and identify software vulnerabilities.
Anthropic is treading cautiously, choosing not to immediately release Mythos to the public to prevent potential exploitation.
A patch-first strategy is underway, with enormous industry and government cooperation urged before the model becomes widely accessible.
Anthropic’s business is booming, propelled by focus on high-value enterprise customers and the demand for advanced AI tools.
The model’s raw power both excites and terrifies: it highlights the promise of AI as a tool for defense, but also as a potential existential risk if misused.

This episode provides a sweeping look at how rapidly advancing AI is both a critical asset and a potential liability, revealing the new realities faced by the software industry, governments, and technology at large.

Loading summary

Transcript1 lines

[00:00]
A
Welcome to the podcast. I'm your host, Jaden Schaefer. Today on the show, we are talking about Project Glasswing from Anthropic. They just tweeted this out like an hour ago. They said, introducing Project Glasswing, an urgent initiative to help secure the world's most critical software. It's powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans. Okay, there is this crazy project. It's not released to the public. They're sending this out to security researchers and they've pledged 100 million essentially to big companies like Microsoft to go and test all of the open source software, all of the software in the world to find the vulnerabilities and fix it before they release this to the public. Because they said basically this is going to be an existential crisis for code because everything can be hacked and there's vulnerabilities everywhere that can be found. So they're trying to, like, give it to the security researchers to fix everything before they release it. And it's not just for software. This is just a general, insanely good model, but that's just something that they're concerned about. So we're going to get into all of that on the podcast without too much doomerism. I think there's a lot of optimism, but is this is definitely an absolutely massive drop in model. And speaking of AI models, if you want to test all of the top AI models, everything from Anthropic to OpenAI to Grok to Gemini to Elevenlabs for audio, tons of cool image models, go check out my startup AI Box AI for 8.99amonth, you get access to over 80 of the top audio, image, text, video models. OpenAI Soar, which is going to get discontinued because it costs $130 to generate a video for them. But for you, it's very cheap. So if you want to check it out, go check out AI Box. I hope that saves you a ton of money and you get access to everything in one spot. All right, let's talk about what's going on with Anthropic. So they just released this, what they're calling, of course their quote, most powerful model yet. Now, it's interesting is usually everyone's like, this is our most capable model. This is most powerful. It sounds a little bit ominous. There was a leaked memo where they were actually calling it that. So this is what they told the world. This is just kind of internally and basically this right now is limited to it's just kind of a debut for a bunch of the top organizations as part of a new security initiative in which there's 40 partner organizations and they're all deploying the model across a bunch of different quote unquote defenses, security work areas. And they're basically trying to secure critical software before this goes out to the general public. I think they didn't specify exactly what this was trained on. So they're not saying like, hey, we specifically trained this on like cybersecurity work or kind of like source code. But right now, the preview that they're sending out to everyone is being used to scan both first party and open source software systems. They're looking for code vulnerabilities and, and they're just giving this out to a lot of the big organizations. What they're saying right now is that over the last few weeks they were using it internally and they were able to identify, quote, thousands of zero day vulnerabilities, many of them critical. So they're saying a lot of the vulnerabilities are one to two decades old. So they have this new software they ran on code bases and they're finding vulnerabilities that have been around for 10 to 20 years in literally everything. And they're just, they're concerned, they really can't release this to the public because they're like, as soon as we release it to the public, security of basically all software is going to explode. So now they're trying to get this out to people that can fix it before they release it. It's like the model's so powerful, they can't release it till we fix all the software in the world. And so they're like, okay, everyone, we really want to release this new model because they're probably gonna make a lot of money and be OpenAI. But like, we're not held back by anything other than that we're gonna destroy the entire Internet and all. So combined. So honestly, that's a pretty wild, a pretty wild point. And I mean, this is just crazy. Apparently this isn't just like a software model. It's a general purpose model. It's. It's the new tier. So they have like Opus Sonnet, they have these other tiers. This is going to be Mythos and is kind of the, the next highest tier. They have a higher tier. I guess they're not continuing with the Opus model or the, you know, Sonnet model, but kind of the OPUS being the best. They actually are creating a new thing because it is such a Big step up, which is really interesting. It has really strong agentic code need coding and reasoning skills. So everyone using Claude cowork, which I've been shouting from the rooftops and Claude code recently, are going to love it. And it's basically the most sophisticated and high performance model. It can do complex tasks and it can do a lot of agent building and coding. So who is Anthropic giving this to in order to go and, you know, know, put it out onto all of the different, you know, test all the code bases in the world and fix all of these vulnerabilities? They're giving it to Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft and Palo Alto Networks. All of those people are going to share what they've learned from using the model so that the rest of the tech world can benefit from it. It's not going to be made publicly available, so we don't know exactly when they're going to actually launch it. It feels, it's kind of like a wait and see. They're like, look, we're giving this to all of the biggest tech companies. We're going to see what they can do with it, what they can fix with it, what they can teach us about it, and then we'll basically decide on how and when we get this out. Anthropic says that right now they have engaged in, quote, ongoing discussions with a bunch of federal officials about the use of Mythos, although one would imagine that I think a lot of those discussions are pretty complicated by the fact that Anthropic and the current administration are having a whole bunch of illegal battles. Pentagon labeled the AI lab a supply chain risk because Anthropic didn't let them use their AI model for autonomous targeting or surveillance and basically had a bunch of different rules and they didn't want to follow them. Or maybe they just didn't want. The precedent of having rules. I think would probably be a fair characterization. But in any case, news of this right now is originally something that got leaked a little while back. We kind of reported on it. There was a data security incident that got reported by Fortune and there was a blog with some. It was like an unpublished blog draft somewhere that someone found and alluded to this. So we kind of knew that this was coming. We didn't realize how wild this was. Basically Anthropic attributed that leak in particular to quote, unquote, human error. So they're like, look, it wasn't like an AI model leaking this. The ant model didn't do it. But what they did say is that Capybara is the new name for a new frontier of model. It's larger and more intelligent than Opus. So it's actually going to be called Capybara. That's I guess, their latest. I don't know where they get the names for these. It's almost as bad as Bard in my opinion, but whatever. So Capybara is going to be better than Opus. But Mythos is kind of the umbrella of models, right? They kind of do these, these pushes where they'll make an umbrella of models and they go from best and then like medium if you want to save power and then kind of worse if you want to like run it on locally or on an edge device or something like that. So Capybara is the new one. It's going to replace Opus. And according to all these leaked documents, it is by far the most powerful AI model we've ever developed. In this leak, Anthropic claimed that this new model was going to far exceed the performance in areas like software coding, academic reasoning and cybersecurity. And evidently the cybersecurity was one of the big areas they were concerned about because now they're pushing this, you know, making this big push when they released it. You know, if you kind of look at some of the current public models, we like, sure, you could use something like Chat, GPT or Gemini or anything for some sort of cybersecurity issue. But it feels like this, this one is so advanced they're concerned about the threats of this being weaponized by bad actors. It's going to find bugs and exploit them. And because they found, they just alone found so many zero day exploits and so much, you know, infrastructure and software, they're, you know, even with bad relationships with the government, they're giving this to the government, they're giving this to every major organization and telling them, look like, use this and try to fix it before something like this gets out. And the other thing that I think is important is everyone's like, you know, well, why don't they just like not release it if it's so dangerous? Why don't they keep it forever? And the reality is these models are all getting better and better and someone in China is going to make an open source version of this and release it either way. So I think it's in everyone's best interest to take this, use it to fix the software as fast as possible. Because if Anthropic was able to create it, other people inevitably are going to be able to create it. Eventually as well. Last month, Anthropic accidentally exposed about 2,000 source code files and more than half a million lines of code that was kind of linked to a mistake. In the launch of version 2.188 of Claude Code and their software package. The company accidentally caused a thousand code repositories on GitHub to be taken down because they were trying to clean up the mess and they were, you know, launching cease and desists. In addition, I think what not a lot of people know is that Anthropic right now is absolutely exploding in revenue. If you take a look at the numbers, you can just how fast Anthropic is growing right now. They put out a tweet a couple days ago where they said our run rate revenue has surpassed $30 billion, up from 9 billion at the end of 2025. As demand for CLAUDE continues to accelerate, this partnership gives us the compute to keep pace. So their revenue's exploding. They're making a lot of these partnerships. I mean, the end of 2025 they were at $9 billion in run rate and run rate revenue, and now they're past 30 billion, triple since the end of last year. I mean, we're three months in, so. So this is absolutely exploding. OpenAI is concerned, everyone's concerned. Obviously the software industry is concerned with what is coming down the pipe here. Something that's interesting is as far as that whole $9 million at the end of last year goes, they said when we announced our Series G fundraise in February, we shared that over 500 business customers were each spending over a million dollars on an annualized basis. Today that number exceeds 1,000, doubling in less than two months. Months. That is crazy. Their growth is absolutely astronomical. And I think where Anthropic really crushed it, OpenAI is kind of targeting the everyday user who maybe will spend $20 a month and many will just do it, use it for free. Anthropic is targeting business users. I personally am spending hundreds and hundreds of dollars a month on it, loving every second of it because I'm getting so much done. But I think they, they know their customer. They're, they're finding the power users that are really pushing AI to its limits. And, and I mean, even in the case of giving it to all these cybersecurity people, it's like they, they basically made the problem. They're like, we made a model so, you know, good it discovered all of the cybersecurity issues and now you need to use our model to fix the problem that we basically made, and so they're giving it out. But they are, in all fairness, they are pledging about $100 million they're giving to all of these different companies and credits and tokens. And they're like, look, we're going to give you guys $100 million to run through and fix all of the software in the world because we know we made this problem and we want to get the model out. So that's pretty fascinating. They're literally paying Microsoft to fix the security vulnerabilities of the world because their model is about to crush it. Everyone, thank you so much for tuning into the podcast today. If you enjoyed this episode, I mean, this was an absolute wild ride. Make sure to test all of the Latest models from OpenAI Anthropic Gemini. Test them side by side. I think, I think this is so important to understand the capabilities of all these models. And you can do that at AI box AI for. For $8.99 a month. And you also get audio, image, video, everything in one place. Hope that it is a phenomenal product for you. Put a lot of blood, sweat and tears into it. So let me know what you guys think. Hope you have a fantastic rest of your day and I will catch you in the next episode.