The Mythos Stunt

On April 7, Anthropic announced it had built the most capable AI model in the company's history. Then it announced it wouldn't release it. Claude Mythos, they said, could find and exploit software vulnerabilities with "unprecedented" autonomy. Too dangerous for public access. Only fifty organizations would get in, through a program called Project Glasswing.

The security community noticed immediately. So did the financial press. Because April 7 was also the day Anthropic announced its revenue had hit $30 billion, passing OpenAI for the first time.¹ The company's confirmed valuation stood at $380 billion from its February Series G, though reports emerged of VCs offering terms that would value it at $800 billion.² IPO talks with Goldman Sachs, JPMorgan, and Morgan Stanley were underway, with a potential October 2026 listing.³

"We built something too dangerous to release" is a safety announcement. It's also a marketing line. Both things can be true.

The Receipts

Let's start with what's verifiable. Anthropic claims Mythos found a 27-year-old vulnerability in OpenBSD's TCP SACK implementation. OpenBSD's official 7.8 errata confirms patch 025, dated March 25, 2026, addressed exactly this condition.⁴ The bug was real. The patch is real. Mythos found something that survived 27 years of human review.

FFmpeg 8.1, shipped March 16, 2026, fixed three vulnerabilities Anthropic says Mythos identified.⁵ FreeBSD assigned CVE-2026-4747 to a 17-year-old remote code execution flaw Mythos reportedly discovered.⁶ These aren't hypothetical. They're in the CVE database. They're in the changelogs.

The UK's AI Security Institute ran independent evaluations and confirmed that Mythos Preview completed a 32-step simulated corporate network attack, the first AI model to do so. It solved 73% of expert-level capture-the-flag problems.⁷ AISI called it "substantially more capable at cyber offence than any model we have previously assessed."

The vulnerabilities are real. The capabilities are real. This part isn't a stunt.

The Timing

But here's what else happened the week of April 7:

Anthropic's revenue passed OpenAI's for the first time. The company announced a 3.5 gigawatt compute deal with Google and Broadcom.⁸ VCs were reportedly offering terms at $800 billion, more than double the confirmed $380 billion Series G from two months prior. IPO planning was underway.

One cybersecurity expert called Project Glasswing "brilliant corporate theater."⁹ Another said labeling a model "too dangerous to release" is "a marketing flex because it immediately creates mystique and signals immense power to investors."

The Picus Security team noted that Glasswing launched "at the same time as Anthropic hitting a major revenue milestone, closing a large compute deal with Broadcom, and being reported as a potential IPO candidate."⁹

Convenient timing isn't proof of bad faith. But it's worth noticing.

The Skeptics

Gary Marcus, the AI researcher and noted LLM skeptic, initially withheld judgment. Then he grew more skeptical. In his Substack, he concluded: "To a certain degree... we were played."¹⁰

His critique is specific. The tests had "sandboxing" turned off, making them easier than real-world conditions. Open-weight models can already do similar things in simplified form. Mythos is more sophisticated, but "not some off-trend exponential gain." It's "nowhere near as scary" as the announcement implied.¹¹

Heidy Khlaaf, an AI safety engineer who has audited dozens of safety-critical systems, flagged "red flags" in how Anthropic presented the results.¹² No comparison benchmarks with existing security tools. No disclosure of false positive rates. No detail on how much human review was required. "Purposely vague language that clearly obscures evidence needed to substantiate Anthropic's claims," she wrote.

Stanford AI researcher Div Garg made a structural point: "You could argue it didn't need a public announcement." Framing the lack of public release as a public service "simply obscures even experts' abilities to validate their claims."⁹

The UK AISI evaluation itself came with caveats. Their test ranges lacked live defenders, endpoint detection, or real-time incident response. The results establish that Mythos can attack weakly-defended systems autonomously, not that it can breach hardened enterprise networks.⁷

The Moat

Here's the structural problem with "too dangerous to release": it's unfalsifiable by design.

Anthropic says Mythos is too capable to let the public access. But without public access, independent researchers can't verify the capabilities. You have to trust Anthropic's word. You have to trust AISI's evaluation. You have to trust the Glasswing partners (Amazon, Google, Microsoft, CrowdStrike, the Linux Foundation) who got access.¹³

This isn't necessarily wrong. If Mythos really is that capable, limiting access is defensible. But "trust us, it's too dangerous for you to verify" is also a convenient position for a company fielding $800 billion offers ahead of an IPO.

Anthropic turned safety into a moat and responsibility into marketing. The same announcement that says "we care too much to release this" also says "we're so far ahead that releasing it would be reckless."

You can believe both. You probably should. The uncomfortable answer is that Anthropic is telling the truth and extracting maximum business value from how they tell it.

The Numbers

Let's be precise about what we know:

$30 billion — Anthropic's annualized revenue, passing OpenAI.¹
$380 billion — Confirmed Series G valuation (Feb 2026). VC offers reportedly at $800 billion.²
$100 million+ — Credits given to Glasswing partners.¹³
50 — Organizations with Mythos access.¹³
73% — Success rate on expert CTF problems (AISI).⁷
32 — Steps in the network attack simulation Mythos completed.⁷
27 years — Age of the OpenBSD vulnerability Mythos found.⁴
<1% — Mythos-identified vulnerabilities patched so far.⁶
$20,000 — Cost for 1,000 runs finding dozens of bugs.¹⁴

The capabilities are real. The vulnerabilities are real. The timing is suspicious. The verification is blocked by design. The business incentives are enormous.

All of these things are true at once.

What We Don't Know

Anthropic hasn't released a breakdown of how many of those "thousands" of vulnerabilities are duplicates or low-severity. No head-to-head benchmarks against existing automated security tools were published. Khlaaf specifically flagged the missing false positive rate. The claim is "autonomous," but the technical details on how much human scaffolding was required are sparse. Marcus says open-weight models can achieve similar results "in simplified form," but nobody outside Glasswing can verify that either.

The information asymmetry is total. Anthropic knows what Mythos can do. Everyone else is working from press releases and limited evaluations.

The Question

Claude Mythos is both a genuine safety concern and a marketing campaign dressed as restraint. The answer to "which one?" is yes.

The vulnerabilities exist. The patches confirm it. AISI's evaluation, with its caveats, confirms the capabilities are real. Something changed. This isn't pure theater.

But the rollout? The timing, the $100 million in partner credits, the mystique of "too dangerous to release," the IPO-ready narrative of responsible leadership. That's marketing. Good marketing. Effective marketing. Marketing that serves both safety and shareholder value simultaneously.

Anthropic found a way to make responsibility profitable. That's not a criticism. That's the observation.

The question isn't whether Mythos is real. It's whether "too dangerous to release" is the whole truth or the useful part of the truth. And we can't verify that. By design.