Within hours of Anthropic's announcement of Claude Mythos Preview and Project Glasswing on April 7, my feed became unrecognizable.

Mythos was being called "Anthropic's new cybersecurity product." Glasswing was being described as "a new AI cybersecurity company." One post referred to Glasswing as "Anthropic's new model." Another claimed Anthropic had "entered the penetration testing market." I watched in real time as a nuanced and genuinely significant development in AI was compressed, distorted, and regurgitated into something it never was.

So let me set the record straight — not as a commentator, but as someone who has spent 26 years in offensive security, built and sold companies in this space, and currently runs an autonomous offensive security company that operates in the exact market people are incorrectly attributing to Mythos.

Let's start with what Mythos actually is.

Mythos is not a cybersecurity product. It is not a penetration testing tool. It is not a security platform. It is Anthropic's next frontier language model — a successor to Claude Opus 4.6 — that is a general-purpose, multi-modal model optimized for coding and reasoning. It happens to demonstrate remarkable capability in identifying vulnerabilities in source code and binaries. That capability is significant, and it deserves serious attention. But a model that can find vulnerabilities is not a security product any more than a camera that can photograph a crime scene is a forensics lab.

And Glasswing is not a company, a product, or a model.

Project Glasswing is a controlled early-access program. Anthropic is giving approximately 52 organizations — 12 named partners including AWS, Apple, Microsoft, Google, CrowdStrike, and Palo Alto Networks, plus roughly 40 critical infrastructure maintainers — advance access to Mythos before public release. The purpose is straightforward: let these organizations run the model against their own infrastructure and products to find and remediate zero-day vulnerabilities before the model reaches the broader market and those same vulnerabilities become exploitable at scale. Anthropic committed $100M in usage credits to fund the effort. It is, in essence, a responsible disclosure program dressed in a nine-figure commitment. It is not a go-to-market launch. It is not a new entrant in cybersecurity. It is Anthropic doing the responsible thing with a model they themselves have acknowledged is too dangerous to release without preparation.

It is still early. Mythos is in restricted preview, Anthropic has published limited technical detail, and no one outside of the Glasswing partnership knows precisely what the model will or will not be capable of at general availability. What follows is our analysis based on what has been disclosed publicly as of this writing — and we will update our position as the picture evolves.

The distinction that matters.

Here is where the conversation needs to mature. There is a fundamental difference between a model that possesses offensive capability and a platform that is designed and permitted to use it.

While it remains to be seen how Anthropic will package Mythos at general availability — and whether they will offer a product tier specifically designed for offensive security use cases — their current regulatory posture, responsible scaling framework, and public statements all indicate that unrestricted offensive capability is not on the near-term roadmap. If that changes, we will adapt. But we are not building our strategy against speculation. We are building against what has been disclosed.

Claude — regardless of which model sits behind it, whether Opus 4.6 or Mythos — must operate within the guardrails Anthropic's red team has defined as safety constraints. Anthropic did not build Claude to attack systems. The harness around it explicitly prevents offensive cyber operations, including the ability to conduct penetration testing against a user's own infrastructure. A CISO cannot point Claude at a production API and instruct it to hack. The model may have the raw capability. The product will never permit it. While Claude can of course be jailbroken to attack networks as past headlines have proven, it isn't marketed as such.

This is not a limitation Anthropic is likely to relax. Their entire brand, regulatory posture, responsible scaling framework, and relationship with the U.S. government are built on constraining exactly this kind of use. Mythos will make Claude smarter. It will not make Claude a red team tool.

And this is where the FUD falls apart. The people calling Mythos "a cybersecurity tool" are conflating the capability of a model with the function of a product. They are two entirely different things. A frontier model that can identify a buffer overflow in the Linux kernel is not the same thing as an autonomous platform that can authenticate into a mobile banking application, chain together a sequence of business logic flaws across the API layer, escalate privileges through a deeplink handler, and produce an actionable exploitation report — all without a human in the loop and without violating anyone's Terms of Service to do it.

One is a model. The other is an autonomous red team system.

What this actually means for the industry.

The real story here is not that Anthropic built a model that can find zero-day vulnerabilities. We have known this was coming. The real story is what it signals about the next five years of cybersecurity.

Anthropic just assembled the largest coalition of technology companies in cybersecurity history and committed $100M to a single premise: AI has fundamentally changed how vulnerabilities are found and exploited. AWS, Apple, Microsoft, Google, CrowdStrike, Palo Alto Networks, NVIDIA, JPMorganChase, Broadcom, Cisco, and the Linux Foundation all signed onto that thesis in a single announcement. That is not a product launch. That is a market declaration.

And it raises the question every enterprise CISO should be asking right now: if a frontier model can autonomously discover thousands of zero-day vulnerabilities in every major operating system and browser — some of which survived decades of human review — what is that same class of capability going to do to my application layer? To my APIs? To the business logic in my web and mobile applications that no source code scanner has ever been able to reach?

The coming wave.

I want to be transparent about what we do not know. We do not know whether Anthropic will eventually release Mythos with an enterprise security product wrapper. We do not know whether a future version of Claude will relax its guardrails for authenticated offensive testing. We do not know what partnerships may emerge from Glasswing that could reshape the competitive landscape. What we do know is where we stand today: Mythos is a model in restricted preview, not a security product, and the gap between what it can do in a controlled research environment and what an enterprise can deploy against its own application layer in production remains vast. If and when that changes, the analysis changes with it.

I want to be clear about something: I am not dismissing Mythos. The capabilities Anthropic has demonstrated are genuinely impressive and, frankly, sobering.

But it should be taken seriously for what it is: a dramatic acceleration of AI capability in vulnerability discovery at the infrastructure level. Not a replacement for the specialized platforms, tooling, and expertise required to secure the application layer. Not a penetration testing product. Not a red team in a box.

The frontier models will continue to get more capable. Mythos will be followed by something stronger. And the barrier to entry for AI-driven offensive cybersecurity will continue to drop. That is the reality every company in this space — Assail included — must plan for.

But capability and product are not the same thing. A model that can hack and a platform built to hack are separated by architecture, by intent, by legal posture, by user experience, and by the willingness to let the system do what it was built to do without requiring a jailbreak to operate.

Our analysis is based on what Anthropic has publicly disclosed. We reserve the right to be wrong — and the agility to adapt if we are.

Alissa Knight is the Founder, CEO, and Chief AI Officer of Assail, Inc., a venture-backed autonomous offensive security company. With 26 years in offensive security, two prior company exits, and over $65M raised across ventures, she is the author of Hacking Connected Cars (Wiley & Sons), has provided advisory work to the Pentagon and U.S. Marine Corps, and maintains a permanent exhibit of her hacking equipment at the Mob Museum in Las Vegas. She is pursuing her degree in Mathematics at Harvard University and has produced seven television series. She publishes regularly on AI, offensive security, and the intersection of both.