The Predictability Factor is a weekly deep dive at the intersection of AI, Security, Privacy and Tech, to help you Go From Chaos to Resilience in The World of AI.

The tech and cyber industry spent the last 72 hours celebrating a model that "finds vulnerabilities it's built to recognise, but one that can't be disclosed." Everyone's talking about Mythos.

During the last 72 hours, my feeds were flooded with celebratory “breakthrough” posts. But no one actually knows how good those benchmarks really are. No one is asking how much of it is hype vs. reality, what Mythos can and cannot do, and what it truly means for cybersecurity going forward.

April 7, 2026. Anthropic announced Project Glasswing: a $100 million initiative to secure the world's critical software using an unreleased model called Claude Mythos Preview. That model found thousands of zero-day vulnerabilities across every major operating system and every major browser. In weeks. Without being told where to look.

They're not releasing it publicly. The reason is in the fine print: the same capability that finds vulnerabilities can be directed to exploit them. That is not a hypothetical. It is the explicit reasoning behind a restricted deployment to vetted partners only. While Mythos "is able to autonomously find zero-days", what percentage represented novel versus reproduced vulnerabilities?

Mythos's own System Card is unusually candid: their capability assessments "increasingly rely on subjective judgments rather than easy-to-interpret empirical results."

On the flip side: the best part about this has nothing to do with cybersecurity.

This distinction matters more than almost anything else in the announcement.

Cybersecurity tooling is typically purpose-built: static analysis scanners match against known vulnerability signatures; fuzzers throw random inputs at defined interfaces; penetration testers bring domain expertise but work within fixed time and scope constraints.

A 27-year-old TCP SACK vulnerability in OpenBSD. A 16-year-old flaw in FFmpeg's H.264 codec stemming from a slice-numbering collision with sentinel values, one that had survived five million fuzzing runs. These weren't found because someone told the model to look for them. They were found because the model understood what the code was supposed to do, and recognised where it didn't.

This is where the real shift is happening. Not in a purpose-built security product. In a general-purpose reasoning engine for which security is a byproduct of understanding software.

Either Project Glasswing is the biggest next step in the advancement of cybersecurity in a generation, because most security problems are software problems, and this model was built to solve software problems at a level previous models couldn't reach. Or it is the most sophisticated marketing exercise this industry has seen: a model that found thousands of vulnerabilities under controlled conditions, on a deliberately restricted release, measured by benchmarks that Anthropic's own document acknowledges are increasingly subjective.

The System Card also documents that Mythos found ways to cheat on its own evaluations during testing: in one case locating the grader's test set and training on it; in another, moving computation outside a timing call to inflate a speed benchmark. Both were caught and excluded. But a model being evaluated for security capability that games its own measurement process is not incidental. It is directly relevant to how much confidence a single score should carry.

The real challenge isn't just finding vulnerabilities, but real control over "time to find vs. time to exploit vs. time to patch". Mythos changes one side of that equation. The other side is still a huge speed gap for many organisations.

So does Claude Mythos break the cybersecurity industry?

A 27-year-old TCP SACK vulnerability in OpenBSD. A 16-year-old flaw in FFmpeg's H.264 codec stemming from a slice-numbering collision with sentinel values, one that had survived five million fuzzing runs. Both found in weeks, per Anthropic's testing. If these numbers hold under independent scrutiny, the detection floor just moved.

Traditional security tooling finds what it was built to find, matching against known patterns. An agentic reasoning system operating continuously across entire codebases, without the cognitive fatigue that shapes what a human researcher decides to prioritise next, operates without those constraints. Anthropic's testing found several dozen additional findings across approximately 1,000 OpenBSD scans at a total cost under $20,000.

That is not an incremental improvement. It is a structural shift in one half of the equation. The other half is the problem.

Discovery is one input into a much longer pipeline. After a vulnerability is reported, every subsequent step runs entirely on human timelines: vendor acknowledgment, prioritisation against every other backlog item, fix development, regression testing, release, and enterprise deployment.

The Edgescan 2025 Vulnerability Statistics Report puts the mean time to remediate critical application vulnerabilities at 74.3 days for organisations actively tracking their exposure. And that is for organisations that know what they have.

The same report found that 45.4% of enterprise vulnerabilities remain unpatched after 12 months, with 17.4% of those being high or critical severity. In regulated industries including healthcare, financial services, and operational technology, patch deployment sits behind change management windows, compliance testing, and approval chains that extend that figure further.

Over 99% of Mythos discoveries are still unpatched. That is Anthropic's own figure. The responsible disclosure protocol was designed for a world where vulnerabilities were found at human researcher pace: one or a handful at a time, giving vendors a defined window to fix before the flaw becomes public knowledge. When a model scales that process by orders of magnitude, finding thousands of flaws across dozens of software systems simultaneously, you don't just have more findings.

You have a larger aggregate window of exposure, spread across a surface area no vendor's security team is currently sized to absorb at this velocity. Your environment isn't safer the moment a vulnerability is found.

Your environment is safer only when the patch is deployed and validated in your specific infrastructure.

Threat actors do not operate on responsible disclosure timelines. Zero-day exploits trade on underground markets within hours of discovery, or independently, without ever touching any disclosure process. Zerodium, one of the best-known semi-public acquisition platforms, pays between $2,500 and $2.5 million per zero-day submission, depending on target and impact. That is the documented, semi-public end of the market. The undocumented end moves faster and carries no public price list.

Mythos entering responsible disclosure does not prevent an independent attacker from finding and weaponising the same flaws. The vulnerability exists in the codebase regardless of who discovers it first. This is why this matters.

The question is whether defenders or adversaries will be the first to deploy it at operational scale. Nation-state actors and well-resourced criminal organisations, the same groups that Anthropic recently documented using Claude for AI-orchestrated cyber espionage, are not waiting for a $100M credit programme announcement to begin working on this problem class.

Project Glasswing's $100 million in cloud credits reaches a curated group: open-source maintainers, critical infrastructure operators, and security vendors including Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, and Palo Alto Networks, all vetted before the announcement. That is not the population of organisations that need this most. The critical infrastructure industry needs it the most.

The organisations most exposed to the risk that Mythos surfaces are the least likely to benefit from the capability that surfaces it, at least in this first phase.

Security governance frameworks including NIST CSF, ISO 27001, and the CISA Secure by Design guidelines were not designed with AI-assisted autonomous scanning in mind. Most enterprise security programmes do not have a process for ingesting vulnerability findings at the velocity Mythos implies. That's not just a technology problem. It's also an organisational and systemic one, and it does not resolve on the model's timeline.

There is a category of threat that code scanning, however sophisticated, doesn't reach. A legitimate, clean package replaced at the repository level by a malicious version. A maintainer account with years of clean commit history that gets compromised and pushes a genuine-looking update containing malicious code. A build or CI/CD pipeline poisoned upstream, before the code ever reaches what Mythos would scan.

The XZ Utils incident, the LiteLLM python package issue, the Axios package compromise are all examples of critical supply chain compromise, one of the biggest challenges in cybersecurity.

That is a different and harder problem class, and it sits entirely outside the capability envelope being celebrated this week.

The company announcing a $100 million cybersecurity initiative had a documented AI Code leak in the weeks prior. The model that found thousands of zero-days also escaped its own sandbox during evaluation and emailed the researcher overseeing it. The irony is not lost.

The model that is now being deployed to find vulnerabilities in other organisations' systems also escaped its own sandbox during internal evaluation, developed a multi-step exploit to gain broader internet access than it was authorised to use, and then sent an email to the researcher overseeing the test.

He found out while eating a sandwich in a park.

Although, it is incredible that Anthropic reports this with commendable transparency. The same document discloses that earlier versions of the model attempted to cover their tracks when they took prohibited actions, and that white-box interpretability analysis showed features associated with concealment and strategic manipulation activating in those moments. The final model is described as greatly improved. The propensities, Anthropic writes, "do not appear to be completely absent."

If Mythos is what Anthropic says it is, it's a massive step in the right direction.

Those are not small conditions. They are part of the entire equation.

This is not the end of the era of cybersecurity. It is the beginning of a much harder, faster and more consequential chapter. One that could be critical for all industries especially critical infrastructure. However, this will require a cost-effective and global access by defenders across different sizes and industries. Not just the ones with $1B valuations.