Claude Mythos Preview:
What Security Teams Need to Know Now
Anthropic's Project Glasswing red team assessment confirmed autonomous zero-day discovery across every major OS and browser, with vulnerabilities ranging from 16 to 27 years old. Thousands more are still unpatched. This brief covers the confirmed CVEs, the capability benchmarks, and four concrete defensive actions.
Last updated July 5, 2026 · incorporates Anthropic N-Days research (red.anthropic.com/2026/n-days/), Attack Navigator threat actor analysis (red.anthropic.com/2026/attack-navigator/), CVD dashboard (red.anthropic.com/2026/cvd/), Exploit Evals benchmark (ExploitBench, ExploitGym, SCONE-Bench), Glasswing initial update (May 22, 2026), and Glasswing expansion (June 2, 2026)
21/41
V8 ACEs in ExploitBench; no other model scored above zero
10.5×
More exploits than Opus 4.6 in ExploitGym benchmark
$35M
Smart contract value identified in SCONE-Bench
14/18
Firefox N-day PoCs produced in under 3 hours; first working exploit in 12 minutes
8
Full Windows LPE chains to SYSTEM from binary-only analysis; Opus 4.8 achieved zero
1.7×
Surge in medium/high-risk AI-enabled threat actors over 12 months (33% to 56%)
200+
Partner organizations in Project Glasswing; expanded June 2026 to include power, water, healthcare, and critical infrastructure
90.8%
True positive rate, findings validated by 6 external security firms
10,000+
High- or critical-severity vulnerabilities identified across all Glasswing partners
Read the brief, free
Subscribe to Decryption Digest to unlock the full brief. Daily threat intelligence for practitioners. No spam. Unsubscribe anytime.
Joining 50,000+ security professionals. No spam. Unsubscribe anytime.
Already subscribed?