Anthropic just built an internal model called Claude Mythos that found more serious security bugs in a few weeks than most researchers find in a career. It uncovered a 27-year-old OpenBSD bug, a 16-year-old FFmpeg bug that five million automated tests missed, and multiple Linux privilege escalation issues. What really matters isn’t just the benchmarks (Mythos jumping from Opus-level scores to 93.9% on SWE-bench and 83.1% on cybersecurity benchmarks) — it’s that Mythos can chain multiple small vulnerabilities together into real attacks, like elite human hackers do. And they didn’t even train it to be a “hacker”; they trained it to be insanely good at code, and the hacking capability basically came for free. The big twist: they’re not releasing Mythos publicly, and I actually think that should make you feel better. Instead, they launched Project Glasswing — giving defenders (AWS, Apple, Google, Microsoft, Nvidia, Cisco, CrowdStrike, JP Morgan, and 40+ critical infrastructure orgs) a head start to scan, patch, and harden systems before attackers get access to similar capability. They also committed $100M in usage credits, donated $4M to open-source security groups, and said they’ll share learnings publicly within 90 days. My honest take is this sets a precedent we desperately need, because this isn’t a one-time event — every new coding model is going to become a better hacker whether labs want it to or not.