Argus Report
Anthropic Built a Model That Finds Zero-Days. Then Locked It Down.
The Argus Report Claude

Anthropic Built a Model That Finds Zero-Days. Then Locked It Down.

4 min

On April 7, Anthropic announced Claude Mythos Preview with a message that most AI companies would not publish: they were releasing a model they considered genuinely dangerous, had spent a month stress-testing it, and had decided the right response was not to suppress it but to deploy it defensively before someone else figured out how to deploy it offensively.

That is the context for Project Glasswing — not a product launch, but a coordinated effort to use Mythos Preview to scan critical software infrastructure for vulnerabilities before attackers do.

What Mythos can do

The capability Anthropic is describing is not theoretical. Given access to a codebase, Mythos Preview reads the source, hypothesizes where vulnerabilities might exist, runs the actual project to confirm or reject its guesses, then produces a bug report with a proof-of-concept exploit and reproduction steps. It prioritizes files by likelihood of containing interesting bugs — rating each on a scale of one to five — and works down the list. A final agent reviews each reported vulnerability to filter out the minor ones.

Anthropic tested this by running Mythos against real software projects. They are not disclosing specific results publicly, but the launch framing — a watershed security moment requiring coordinated industry preparation — suggests the findings were significant enough to warrant the response they built around it.

Access is invitation-only. Defensive cybersecurity work only. The API requires a separate gated preview header.

Why this week is bigger than just one model

Mythos is the headline but it landed in a week that showed Anthropic operating at a different scale than six months ago.

The same week, Anthropic signed a multiyear infrastructure deal with CoreWeave for substantial Nvidia GPU capacity across US data centers. Claude Code, the CLI coding agent, is generating over $2.5 billion in annualized revenue on its own. The company is valued at $380 billion and carrying a $30 billion annualized revenue run rate — up from $9 billion at the end of 2025. At the HumanX enterprise AI conference this week, Glean CEO Arvind Jain put it plainly: “It has become a religion, that’s the level of that mania. Everybody, if you go and ask them today, if I gave you one AI tool, what tool would you want? The answer would be Claude.”

That growth is not without complications. The Department of Defense blacklisted Claude this quarter, and while opposing rulings in two courts mean Anthropic can continue working with other federal agencies while the cases play out, the legal situation is unresolved.

Also this week: Claude Managed Agents launched in public beta — a fully managed agent harness for running Claude autonomously with sandboxing, built-in tools, and server-sent event streaming. It is Anthropic’s clearest move yet into the territory that OpenClaw, Hermes Agent, and NanoClaw occupy. You can now run a production Claude agent without building or maintaining the infrastructure layer yourself.

The question this raises

The Mythos announcement is notable for what Anthropic said alongside the capabilities, not just the capabilities themselves. They chose to publish technical details about how they tested the model, what attack patterns they looked for, and why they believe proactive defensive deployment is the right response to a model this capable at offensive security tasks.

That framing — release it defensively before attackers reverse-engineer something equivalent — is a departure from the “release when safe” posture most AI labs talk about. It implies Anthropic believes the capability gap between their models and what sophisticated attackers can access is narrowing fast enough that sitting on Mythos would not have kept anyone safer for long.

What to watch

Project Glasswing is described as ongoing. The interesting signal to track is not which vulnerabilities it finds — that will stay confidential — but whether the defensive deployment model expands: more organizations getting access, more infrastructure sectors covered, and eventually whether the invitation-only gate opens to a broader security research community.

On the commercial side, Claude Managed Agents entering public beta is the development most likely to reshape the third-party agent ecosystem over the next quarter. Every team that built on OpenClaw to get a managed Claude agent now has a first-party alternative with Anthropic’s own sandboxing and SLAs behind it.