In the first weeks of April 2026, Anthropic did something that no AI company had done before: it gave a restricted group of technology firms access to a model too dangerous for general release, specifically because that model was better at breaking software than any tool that has ever existed.

The model is Claude Mythos Preview. The initiative is Project Glasswing. The partners include AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, and Nvidia, alongside roughly forty organizations responsible for the most critical software infrastructure on the planet.

In the weeks before Mythos Preview's official April 8 release, it had autonomously identified thousands of zero-day vulnerabilities across every major operating system and every major web browser. Among them: a 17-year-old remote code execution flaw in FreeBSD that grants complete root access to any machine running NFS, and a 27-year-old vulnerability in OpenBSD, an operating system with a long reputation as one of the most hardened environments in existence. Mythos found them systematically, at scale, without human guidance, without fatigue, and without any particular targeting. It simply looked, and found.

The question the technology industry is now trying to answer is what this means for the next phase of digital security. The honest answer is that nobody fully knows. But the contours are already visible.

What Broke

Software security has always operated on a foundational asymmetry: vulnerabilities are hard to find and relatively easy to exploit once found. The defense side of that equation is patching, finding vulnerabilities first, or close enough to first, that defenders can close the hole before attackers walk through it.

The entire industry of penetration testing, bug bounties, coordinated disclosure, and security auditing exists to work within this asymmetry. It is labor-intensive, expensive, and depends on human expertise that is genuinely rare.

Mythos Preview did not find one vulnerability that human experts had missed. It found thousands across the most scrutinized software in the world. Not niche systems, the operating systems that run hospitals, banks, air traffic control, and national defense infrastructure.

The 27-year-old OpenBSD vulnerability is particularly significant: OpenBSD has been continuously audited by some of the most skilled security researchers alive for nearly three decades. Mythos found something they didn't.

The practical implication is not subtle. If an AI can do this with defensive intent and controlled deployment, the same class of model or a comparable one released without controls, can do it with offensive intent and no restrictions. The gap between those two scenarios is not a technical gap. It is a governance gap, and it is closing.

The Dual Use Problem at Superhuman Scale

Every sufficiently powerful technology creates a dual-use problem. For example, nuclear physics powers cities and destroys them. The pattern is not new, what is new with Mythos Preview is the speed at which the dual use tension arrived, and the asymmetry of access between offense and defense.

Anthropic was transparent about the risk in a way that is unusual for the technology industry: it privately briefed top government officials that large-scale AI-assisted cyberattacks are significantly more likely in 2026 because of what Mythos class models can do.

This was not a worst case scenario projection. It was a current state assessment. The model exists. Similar capabilities will proliferate. The question is not whether adversaries will have access to AI-powered vulnerability discovery, it is whether defenders will have closed enough of the discovered gaps by the time they do.

Nation state adversaries that currently lack the capacity to develop frontier AI independently: Iran, North Korea, gain dramatically from a world where Mythos equivalent capability becomes available through less controlled models. This is the specific risk that Anthropic flagged to officials, not a science fiction scenario of AI attacking infrastructure autonomously, but a near term scenario where state sponsored hackers with access to capable AI move from targeted, human-intensive operations to AI-accelerated ones. The operational cost of a sophisticated cyberattack drops. The scale of what becomes feasible rises.

What This Means for Organizations That Run Software

For most enterprise technology leaders, Glasswing is a distant event: Anthropic's problem, a government problem, a Big Tech problem. That framing will not survive contact with the threat it describes.

Every organization running a complex software environment, which is every hi-tech company, every telecom, every bank, every infrastructure operator, is running code with vulnerabilities that a Mythos class model could find.

The current defensive posture of most organizations was built for a world where finding those vulnerabilities requires human expertise and sustained effort. That world ended in April 2026.

The practical implication is not that every organization needs to run Mythos equivalent models against their own systems, though those that can should. It is that the security assumptions embedded in current risk frameworks need revision.

Patch cycles designed around human discovery rates are too slow for AI discovery rates. Vulnerability management programs that prioritize known CVEs are poorly positioned for a threat that generates unknown CVEs faster than disclosure processes can handle. Perimeter defenses built on the assumption that attackers have limited capability to probe for undisclosed weaknesses are now inadequate for the threat environment being described by Anthropic's own risk assessment.

The organizations that will be least exposed are not necessarily those with the largest security budgets. They are the ones whose security programs are built on the right assumption: that their attack surface can be found completely, quickly, and cheaply by a motivated adversary with access to capable AI. Some organizations already operate on this assumption. Most do not.

When the Expert Is No Longer the Differentiator

There is a broader implication in what Mythos Preview did that most post-mortems on the model have skipped.

The 27-year-old OpenBSD vulnerability was not missed by amateurs. OpenBSD has been continuously audited by some of the most skilled security researchers alive, over nearly three decades of sustained professional attention. These are not people who lack rigor or commitment. They are among the best in the world at exactly this task. Mythos found what they didn't, not because they were doing it wrong, but because the model could do something they cannot: hold the entire codebase in attention simultaneously, at a depth and breadth that no human expert can sustain.

This is the signal beneath the headline. It is not specific to security. What Mythos demonstrated in vulnerability research, comparable models are beginning to demonstrate in legal analysis, financial modeling, clinical diagnostics, and engineering design. The common thread is the same: tasks that previously required years of accumulated expertise to perform well are becoming tasks that AI performs better, faster, and at a fraction of the cost. The scarcity that made expertise valuable is being compressed.

This does not mean expertise disappears. The judgment required to direct Mythos, to decide what systems to analyze, how to prioritize the findings, what to patch first, how to govern the process, remains deeply human and deeply valuable. But the focus of that value has shifted.

The premium is no longer on the person who can find the vulnerability. It is on the person who can determine what to do when thousands of them are found at once.

For organizations, this shift has concrete structural consequences that most have not yet operationalized. Org design built around expert scarcity, where seniority is defined by the depth of a skill, where headcount reflects the volume of specialized tasks. When AI handles the depth, the human role migrates toward direction, interpretation, and accountability. Those are different skills than the ones most organizations currently hire and promote for.

It is the kind of redesign that feels premature until it is suddenly overdue. Hiring profiles need to change. Senior roles need to be redefined around judgment and AI oversight rather than domain execution. Performance frameworks need to measure output quality, what was done with the AI's work, rather than effort or volume.

Organizations that make this shift deliberately will have a structural advantage over those that make it reactively, because the reactive version happens under pressure, after the old structure has already become a liability.