Anthropic Built a Model It Won't Let You Use. Here's What It Can Do.

Anthropic announced Claude Mythos on April 7 with a warning they put in the press release: the model “poses an unprecedented cybersecurity risk.” They weren’t hedging. Mythos can autonomously discover and exploit zero-day vulnerabilities, find unknown software flaws, and do it faster than human defenders can respond. Anthropic’s own system card says its capabilities “far exceed” every prior model on autonomous research and engineering.

Access is restricted to a handful of cybersecurity firms and financial institutions doing defensive testing. No general release date. No API access for builders. You can read the system card. You can’t use the model.

What Mythos Actually Is

It’s a general-purpose frontier model, not a specialized security tool. That distinction matters. Anthropic didn’t build a cyberweapon. They built a smarter general model and discovered during testing that it had acquired capabilities that surpass all but the most skilled human security researchers at finding and exploiting vulnerabilities.

Armorcode put it plainly: “It’s a general-purpose model, not one specifically built for security. But during testing, Anthropic discovered it possesses striking cybersecurity capabilities that far exceed any prior model.”

Nobody designed this. It emerged from scale and training. Which means the next model after Mythos has the same trajectory, and the one after that.

The Six Capability Areas Worth Understanding

From Anthropic’s system card and confirmed testing disclosures:

Cybersecurity - autonomous zero-day discovery and exploitation, both offense and defense. This is the one that triggered restricted access. The model doesn’t need to be pointed at a known vulnerability. It finds them.

Code generation and debugging - complex codebase refactoring at scale, large-scale code review. Not autocomplete. Architectural-level reasoning about large codebases.

Academic and scientific reasoning - mathematical proofs, scientific paper analysis, multi-step logical chains. Useful for research workflows where you need more than summarization.

Complex multi-step reasoning - synthesizing information across sources, long decision chains that hold coherence. Related to what made Opus 4.7 interesting for agentic work, but further.

Agentic workflows - autonomous multi-step task execution with higher stability than prior models. The loop elimination problem that Opus 4.7 improved on, pushed further.

Proactive vulnerability discovery - distinct from cybersecurity defense. This is the capability that sets off the alarm: it doesn’t wait for a known attack surface. It goes looking.

Why This Matters for Builders

The practical reality: Mythos is not available to you right now. But the capability curve it represents is.

Every general-purpose frontier model from here forward will have some version of these capabilities emerge from training, whether the lab intends it or not. Anthropic didn’t build a vulnerability scanner. They built a capable reasoner and the vulnerability scanning was already inside it.

For builders working on security tooling, agentic systems, or anything that touches code execution, that changes the threat model you’re designing against. The offensive capability isn’t coming from purpose-built attack tools. It’s coming from general models that anyone with API access can point at a target.

The system card is public and worth reading in full, not for what it tells you about Mythos specifically, but for what it tells you about how Anthropic is thinking about capability emergence. That framework will apply to every model they release after this one.

The restricted access is a policy decision. The capabilities are already real. The gap between “model exists” and “model is widely accessible” has historically been measured in months, not years.

Plan accordingly.

Update - Apr 18: While Anthropic Restricts Mythos, the Previous Model Just Did This

On April 17, Mohan Pedhapati, CTO of Hacktron, published a full account of building a working Chrome exploit using Claude Opus 4.6 - the model Anthropic already replaced with 4.7.

One week of work. 2.3 billion tokens. $2,283 in API costs. Roughly 20 hours of human intervention to unstick dead ends. Result: arbitrary code execution on Chrome 138, the version bundled in Discord. Proof: calc.exe popped.

The economics are the point. Bug bounty programs pay up to $15,000 for a Chrome exploit. The cost to produce one just dropped to $2,283 in API fees plus researcher time. That’s the legitimate market. Criminal markets pay more.

Pedhapati’s framing is worth quoting directly: “Whether Mythos is overhyped or not doesn’t matter. The curve isn’t flattening. If not Mythos, then the next version, or the one after that. Eventually, any script kiddie with enough patience and an API key will be able to pop shells on unpatched software. It’s a question of when, not if.”

Anthropic’s Mythos system card says its cyber capabilities are “unprecedented.” The 4.7 card says cyber capabilities are “roughly similar to 4.6.” 4.6 just produced a working Chrome exploit for $2,283.

Restricted access is a policy decision. The capability curve doesn’t wait for policy.

Source: The Register

Sources: Anthropic System Card · Armorcode analysis · MindStudio breakdown · CNBC