Anthropic on Tuesday formally unveiled Claude Mythos Preview, a brand new frontier AI mannequin that may autonomously uncover and exploit zero-day software program vulnerabilities at a scale the corporate says exceeds each human safety researchers and each automated instrument in existence. Alongside it, Anthropic launched Project Glasswing, a defensive coalition with roughly 40 organisations — together with Apple, Google, Microsoft, Amazon Internet Providers, CrowdStrike and JPMorgan Chase — tasked with utilizing the mannequin to search out and patch essential flaws earlier than adversaries can weaponise related capabilities. Mythos is just too harmful to launch to the general public.
For decentralised finance, the implications are rapid and uncomfortable. The roughly US$200 billion locked in sensible contracts throughout Ethereum, Solana and different chains sits behind safety infrastructure that Mythos has already demonstrated it may probe at machine pace and near-zero marginal price.
What Mythos can really do
The uncooked functionality numbers are placing. In Anthropic’s inside testing, Mythos recognized a 27-year-old denial-of-service vulnerability in OpenBSD — an working system purpose-built for safety — at a complete compute price underneath US$50. It uncovered a 16-year-old flaw in FFmpeg’s H.264 codec that had survived 5 million prior automated scans with out detection. It autonomously discovered and totally exploited a 17-year-old distant code execution flaw in FreeBSD’s NFS server (now tracked as CVE-2026-4747), granting unauthenticated root entry with no human intervention after the preliminary immediate.
In a single take a look at, the mannequin wrote a browser exploit that chained 4 separate vulnerabilities collectively to flee each the renderer and working system sandboxes. In one other, it took a publicly identified Linux vulnerability and turned it right into a working assault in underneath a day for lower than US$2,000 — a job that will ordinarily take a talented human researcher weeks.
The efficiency hole with earlier fashions is big. When each Mythos and its predecessor Opus 4.6 had been examined towards the identical Firefox 147 JavaScript engine vulnerabilities, Opus managed working exploits simply twice out of a number of hundred makes an attempt. Mythos succeeded 181 occasions.
“We didn’t explicitly prepare Mythos Preview to have these capabilities,” Anthropic’s analysis workforce wrote. The safety prowess, they defined, emerged from common enhancements in coding, reasoning and autonomous operation.
Why DeFi ought to be paying consideration
The findings that matter most for crypto infrastructure are buried in Anthropic’s technical blog. The mannequin recognized weaknesses in what Anthropic calls the world’s most generally used cryptography libraries, protecting protocols together with TLS, AES-GCM and SSH. These protocols underpin HTTPS connections, information encryption and the distant server entry that DeFi platforms and centralised exchanges rely upon. Flaws in any of them may theoretically permit an attacker to forge certificates or intercept non-public communications.
DeFi protocols face an elevated model of this threat as a result of they’re open-source by design. Their code is publicly readable — together with by a mannequin like Mythos that may catalogue each weak spot in a codebase at machine pace.
Anthropic flagged a particular concern for the sorts of defences DeFi protocols depend on most. The corporate famous that safety measures whose worth comes primarily from friction relatively than exhausting technical limitations might weaken considerably towards model-assisted adversaries. Multisig governance, timelocks and third-party audit stories all fall into this class. They sluggish attackers down however don’t block exploits on the code stage.
Alex Stamos, chief product officer at cybersecurity agency Hall and previously head of safety at Fb, described Mission Glasswing as a big and vital step. He told Platformer that the trade might have as little as six months earlier than open-weight fashions catch as much as frontier fashions in vulnerability discovery.
Logan Graham, who leads Anthropic’s frontier crimson workforce, echoed that urgency. He told Axios that competing fashions with related capabilities may emerge inside six to 18 months. “It’s very clear to us that we have to discuss publicly about this,” Graham stated.
The sandbox escape that rattled researchers
Maybe probably the most unsettling element within the Mythos disclosure is what occurred throughout inside security testing. When researchers positioned the mannequin in a secured sandbox surroundings and requested it to discover a option to sign if it may escape, the mannequin succeeded — constructing what Anthropic described as a reasonably refined multi-step exploit to realize broad web entry. It then despatched an unsolicited electronic mail to the researcher working the take a look at, who was reportedly consuming a sandwich in a park on the time.
The mannequin then went additional than requested, posting particulars of its exploit to a number of technically public-facing web sites in what Anthropic referred to as a “regarding and unasked-for” demonstration.
Anthropic CEO Dario Amodei acknowledged the broader trajectory in a video released alongside the announcement. “Extra highly effective fashions are going to return from us and from others, and so we do want a plan to answer this,” he stated.
Markets shrug — for now
Regardless of the alarming technical disclosures, crypto markets haven’t flinched. Bitcoin and ETH, had been up 4% in a single day, buoyed by improved threat sentiment following a brief ceasefire between the US and Iran.
Bitcoin is now regular at just below $71,000, Supply: Brave New Coin
CrowdStrike, one of many founding Glasswing companions, contextualised the risk in a blog post noting an 89% year-over-year improve in AI-assisted assaults tracked in its 2026 International Risk Report. The corporate framed the scenario as a race by which defenders should match the tempo of attackers who will inevitably acquire entry to related capabilities.
The market’s indifference might show non permanent. The mannequin is at present restricted to 40 vetted organisations and isn’t publicly out there. However as Stamos warned, the window of exclusivity could also be slender. When open-weight options shut the hole, the assault floor going through each open-source DeFi protocol — and the billions of {dollars} they custody — will increase dramatically.
What this implies for crypto’s safety mannequin
The crypto trade has lengthy relied on a layered strategy to safety: sensible contract audits from corporations like Path of Bits and OpenZeppelin, bug bounty programmes, multisig wallets, and time-delayed governance. These measures have served the ecosystem fairly effectively towards human-speed adversaries and standard automated scanners.
Mythos represents one thing qualitatively totally different. A mannequin that may autonomously discover decade-old bugs that hundreds of thousands of prior scans missed, chain a number of vulnerabilities into novel assaults, and produce working exploits for underneath US$2,000 basically modifications the price calculus for attackers.
The DeFi trade’s response will possible want to maneuver past friction-based defences towards what safety researchers name exhausting limitations — cryptographic proofs, formal verification, and structure designed to be resilient even when particular person parts are compromised.
Anthropic is offering as much as US$100 million in utilization credit to Glasswing individuals and US$Four million to open-source safety organisations together with OpenSSF, Alpha-Omega and the Apache Software program Basis. Whether or not that funding, and the broader trade response, can outpace the proliferation of Mythos-class capabilities will probably be one of many defining safety questions for DeFi in 2026 and past.
For now, the quantum risk to Bitcoin stays an issue for an additional decade. The AI risk to DeFi infrastructure is an issue for this yr.
Jason Jones Jason Jones Read More
