1. The Mythos Red Team Report | 7,000 Zero-Days, 1% Patched, Autonomous Kill Chains
In early April 2026, Anthropic's Red Team published findings from a controlled evaluation of Claude Mythos Preview, the model tier positioned above Claude Opus in Anthropic's internal hierarchy. The report disclosed capabilities that separated Mythos from every prior AI model on the market along three specific dimensions: autonomous zero-day discovery, multi-stage exploit chaining, and speed. For background on Anthropic's broader technical roadmap and the Mythos deployment milestone tied to Google's $40B investment, see ObjectWire's coverage of the Anthropic compute-for-equity deal deep dive.
BY THE NUMBERS
7,000+
Zero-Days Identified
<1%
Fully Patched
Minutes
CTF Resolution Speed
The "1% problem" is the operative phrase from the report. Anthropic confirmed it is actively coordinating with software developers and OS maintainers to remediate the disclosed vulnerabilities, but the throughput of the patching process cannot match the velocity at which Mythos identified new attack surfaces. The report noted that fewer than 1% of the discovered flaws have been fully addressed by their maintainers, creating a window during which the disclosed vulnerabilities are theoretically known to Anthropic's partner ecosystem but not yet closed in production systems.
Autonomous Exploitation
Zero-days in every major OS and browser
Unlike previous models, Mythos successfully identified and exploited zero-day vulnerabilities, meaning software flaws unknown to the developers, in every major operating system and browser tested during the controlled evaluation. No prior public AI model had demonstrated autonomous zero-day capability at this scope.
Kill Chain Construction
Chaining small bugs into multi-stage attacks
The qualitative leap over Claude Opus 4.6 is not raw bug detection speed. It is Mythos's ability to chain individually minor vulnerabilities together into a coordinated multi-stage attack sequence. Each individual flaw might be low severity. Mythos constructs the path between them that makes the sequence critical.
CTF Performance Gap
Minutes vs days on expert-level challenges
Security professionals use Capture the Flag challenges as standardized benchmarks for offensive capability. Mythos solved CTF problems at the minutes timescale that human security researchers typically require days to resolve, demonstrating a qualitative performance gap that the UK AISI later confirmed in its own assessment.
The 1% Problem in Practical Terms
2. India's Emergency Response | Sitharaman Mobilizes RBI, CERT-In, and the IBA on April 23
On April 23, 2026, Indian Finance Minister Nirmala Sitharaman convened an emergency high-level summit in New Delhi. The attendees included the Reserve Bank of India (RBI), the Indian Computer Emergency Response Team (CERT-In), and the chiefs of India's major public and private sector banks. The summit was explicitly triggered by the Anthropic Red Team disclosure, making it the first time a major world economy had mobilized its financial sector in direct response to the capabilities of a specific AI model.
Sitharaman Directive | April 23, 2026
Threat Intelligence Sharing: The Indian Banks' Association was ordered to build a real-time threat intelligence sharing mechanism between institutions, replacing the siloed incident-response model in which individual banks handle breaches independently without broadcasting indicators to the sector.
AI-Defensive Teams: Banks were directed to stop relying on legacy firewall architectures and transition to specialized teams trained to monitor for "agentic" intrusion patterns, the behavioral signatures produced by an AI model executing a multi-step autonomous attack rather than a human actor.
Framework Shift: The strategic framing was explicit. Legacy perimeter defense, in Sitharaman's phrasing, was no longer sufficient against an adversary that can discover and chain unknown vulnerabilities faster than defenders can classify them.
What we have proved ourselves to be, that we are protective, might not be enough. We need something far more versatile to counter newer threats.
India's financial sector presents a specific attack surface. The country's Unified Payments Interface processes over 14 billion transactions monthly across a network that spans rural infrastructure running significantly older software stacks alongside modern digital banking layers. A Mythos-style exploit targeting an interface compatibility layer between legacy and modern components, exactly the type of multi-step chain the Red Team described, would have systemic implications beyond a single institution. Sitharaman's directive to build cross-bank intelligence sharing is a structural acknowledgment of that interconnected risk. For broader context on the AI safety governance failures that preceded this emergency, see ObjectWire's reporting on the OpenAI Tumbler Ridge apology and emerging AI liability frameworks.
3. Japan in Crisis Mode | Katayama's Task Force Alpha and the Legacy Code Problem
Japan followed within 24 hours. On April 24, Finance Minister Satsuki Katayama announced the formation of an emergency task force designated Task Force Alpha, involving the Bank of Japan and the "Big Three" private banking institutions. Katayama's framing was more acute than India's: where Sitharaman described a readiness gap, Katayama described a structural vulnerability with no near-term remediation path.
Interconnectedness Risk
Real-time systems, market-wide collapse in seconds
Japan's financial infrastructure operates on real-time settlement protocols with deep institutional interconnections. Katayama warned that a single Mythos-style multi-stage exploit targeting a shared settlement layer could cascade through the system fast enough to cause market-wide collapse before any circuit-breaker intervention could be executed manually.
The Legacy Code Problem
Decades-old banking software, reconstructible by Mythos
A significant portion of Japan's core banking code was written in the 1970s and 1980s, predating modern security architecture concepts. Mythos's ability to reverse-engineer legacy codebases and reconstruct internal logic from compiled binaries makes this code particularly vulnerable, since traditional security audits have not flagged it as an active attack surface.
Why Legacy Code Is the Highest-Risk Target
Task Force Alpha's mandate includes conducting a full audit of the legacy code surface area within Japan's Big Three banks by end of Q2 2026. The Bank of Japan is providing direct technical assistance for the audit, which is expected to be the first comprehensive security review of those codebases since the early 2000s. The review is not public but its existence has been confirmed by Katayama's April 24 announcement.
4. Project Glasswing | The 40-Partner Containment Strategy
Anthropic's response to its own disclosure is a restricted access program called Project Glasswing. Rather than releasing Mythos to the general public or through its standard API, Anthropic has granted limited access to 40 organizations with the stated mission of accelerating the patch process for the discovered vulnerabilities. The composition of the 40 partners includes major technology firms with large software deployment footprints and select Western banks whose infrastructure represents high-value targets.
Project Glasswing | Access Parameters
Partner Count: 40 vetted organizations as of late April 2026. Expansion timeline not disclosed.
Access Scope: Partners receive limited Mythos access for defensive research only, specifically to test their own software against the model's exploit-discovery capabilities and accelerate internal patching before vulnerabilities become publicly known or independently rediscovered.
Mission Statement: Described by Anthropic internally as an effort to "patch the world" before malicious actors independently develop comparable autonomous exploit capability.
Excluded: General public, standard API customers, and any organizations without explicit vetted partner status. Public release timeline has not been communicated.
The "patch the world" framing reflects a specific assumption: that Mythos-tier autonomous exploit capability is not unique to Anthropic, and that the primary risk is the time between Anthropic's disclosure and the moment a malicious actor, state-sponsored or otherwise, develops comparable capabilities independently. If that gap is measured in months rather than years, the 40-partner program's patch velocity becomes a race with a defined finish line.
BY THE NUMBERS
40
Glasswing Partners
6,930+
Zero-Days Unpatched
None
Public Release
Project Glasswing is the direct implementation of the Mythos deployment milestone embedded in Google's $40B compute-for-equity deal with Anthropic, announced days earlier. One of the three milestone categories tied to the contingent $30 billion in capital explicitly covered the safety vetting and restricted deployment of the Mythos model family. Glasswing is, in effect, the safety vetting program that must succeed before the next tranche of Google's capital commitment is triggered. For the full milestone structure, see ObjectWire's deep dive on the Anthropic $40B deal milestone categories. For the broader AI security debate that Project Glasswing is entering, see ObjectWire's OpenAI and AI safety coverage hub.
5. The Global Posture | UK Holds, Two Governments Act, and the Regulation Reckoning Begins
The UK's response diverged from India and Japan. The AI Security Institute (AISI), which evaluated Mythos independently, confirmed the model represents a "step up" over prior generations, specifically endorsing the finding that its autonomous exploit-chaining capability is qualitatively different from earlier models. However, AISI stopped short of declaring an emergency preparedness state, maintaining that current well-hardened defensive architectures are sufficient to block autonomous attacks under the conditions observed in the evaluation.
The Incentive Problem
When AI can exploit systems faster than they can be defended
Critics of autonomous exploit AI argue that the existence of a model capable of discovering 7,000+ unpatched vulnerabilities creates a systemic conflict of interest: any organization with access to Mythos-tier capability, whether for offensive or defensive purposes, now holds information asymmetry over every institution whose software contains those unpatched flaws. The question is not malice. The question is whether the information asymmetry itself constitutes a systemic market risk.
The Truth Engine Defense
More accurate than traditional security audits
Proponents argue that autonomous AI vulnerability discovery is more accurate and more comprehensive than any human-led penetration testing program, and that Anthropic's coordinated disclosure model, imperfect as its 1% patch rate suggests, is preferable to the vulnerabilities being discovered and exploited without any disclosure framework at all. On this view, Mythos is a truth engine: it reveals what exists, rather than creating new risk.
This represents a step up over previous models. Well-hardened defenses are currently sufficient to block autonomous attacks.
The divergence between the UK's measured assessment and India and Japan's emergency declarations reflects different underlying risk profiles rather than different interpretations of the Mythos capabilities. India and Japan both operate financial systems with significant legacy infrastructure, real-time settlement dependencies, and regulatory environments that do not yet have specific frameworks for AI-assisted cyberattacks. The UK's major financial institutions have invested more heavily in post-2016 security architecture modernization, which is the specific target of the AISI's "well-hardened defenses" language.
The formal regulatory reckoning for autonomous AI exploit capability has not yet arrived. No G7 government has issued specific legislation governing AI models with demonstrated zero-day discovery capability. The Glasswing access restriction is a voluntary Anthropic policy, not a regulatory mandate. As patch velocity remains below 1% and the gap between disclosure and remediation widens, the policy vacuum that currently governs Mythos-tier models will become increasingly difficult to defend in legislative hearings. For continued coverage of the AI governance and security policy developments intersecting this story, see ObjectWire's reporting on quantum cryptographic threats to financial infrastructure.
Sources & References
- [1] Anthropic Red Team: Mythos Preview Controlled Evaluation Report, April 2026 — Primary internal research report disclosing autonomous zero-day discovery, CTF performance, and the 1% patch rate finding.
- [2] Reuters: India's Sitharaman Convenes Emergency AI Cybersecurity Summit, April 23 — Coverage of the emergency summit with RBI, CERT-In, and the IBA directive for real-time threat intelligence sharing.
- [3] Financial Times: Japan Finance Minister Katayama Launches Task Force Alpha for AI Exploit Defense — Report on the Bank of Japan and Big Three banks task force, the legacy code vulnerability assessment, and the interconnectedness risk analysis.
- [4] UK AI Security Institute: Assessment of Mythos Capabilities, April 25, 2026 — AISI's formal statement confirming Mythos is a 'step up' over prior models and that well-hardened defenses are currently sufficient under observed conditions.
- [5] Wired: Inside Project Glasswing, Anthropic's 40-Partner Program to Patch the World — Reporting on the composition of the 40 vetted organizations, the mission structure, and the timeline for partner access to Mythos for defensive purposes.