The curl case tells the story of exploding noise. Claude Mythos tells the other half.
In April 2026, Anthropic introduced Claude Mythos Preview through Project Glasswing. The stated aim was to give selected partners controlled access to advanced cyber capabilities, helping them identify and fix vulnerabilities in critical software.
Anthropic says Mythos Preview found old and complex vulnerabilities in major projects, including OpenBSD and FFmpeg. These results should remain attributed to Anthropic.
But the strongest evidence comes from an independent third party: the UK AI Security Institute.
The Institute evaluated Claude Mythos Preview in controlled environments. On expert-level Capture the Flag tasks that no model tested by the AISI could solve before April 2025, Mythos Preview achieved a 73% success rate.
That figure does not mean Mythos can compromise 73% of companies. It applies to a specific set of tests. But it marks a clear jump.
The AISI also tested the model on “The Last Ones”, a 32-step network attack simulation. The scenario runs from initial reconnaissance through to full network takeover. The Institute estimates that a human expert would need around 20 hours to complete it.
Mythos Preview became the first model evaluated by the AISI to complete the scenario end to end. It succeeded in 3 out of 10 attempts, completing an average of 22 out of 32 steps.
The distinction matters: a cyber range is not a real company. A controlled test is not a production environment. But for a CISO, the signal is strong enough to change the conversation.
AI is no longer used only to generate poor-quality tickets. It is also beginning to shift the frontier of offensive research.