Mythos and the new coding paradigm
Anthropic released Claude Mythos exclusively to big corporates first. What does that mean for open source?
Theo posted a video about why he doesn’t trust closed source anymore. The argument: open source wins long term because AI levels the playing field. Everyone gets the same tools, open source contributors build faster, ship faster, and compete with billion-dollar companies.
Then Anthropic dropped Claude Mythos. Theo also covered this.
What is Mythos
Anthropic released the Claude Mythos system card and announced Project Glasswing, a cybersecurity initiative built around their new frontier model, Claude Mythos Preview.
This isn’t an incremental improvement. 83.1% on the CyberGym vulnerability reproduction benchmark vs Opus 4.6’s 66.6%. It can find and exploit software vulnerabilities at a level that previously required elite human security experts. This is a real generational jump.
Simon Willison’s writeup has a good breakdown of the security capabilities. The Firefox exploit benchmark is wild, Opus 4.6 managed only 2 successful JavaScript exploits out of several hundred attempts, while Mythos Preview hit 181. And this isn’t just benchmark hype. Greg Kroah-Hartman from the Linux kernel said the quality of AI-generated security reports shifted dramatically recently, they went from garbage to real. Daniel Stenberg (curl maintainer) is dealing with a flood of high-quality AI-generated security reports daily. As Willison puts it: “Saying ‘our model is too dangerous to release’ is a great way to build buzz, but in this case I expect their caution is warranted.”
Who gets access
From Anthropic:
“We do not plan to make Claude Mythos Preview generally available.”
The launch partners are AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and 40+ other organizations maintaining critical infrastructure.
To be clear, this isn’t “no one else ever gets powerful AI.” Open source contributors aren’t locked out forever. But right now, these companies have a massive head start. They get to use the most capable model that exists today while the rest of us are on Opus 4.6 and Sonnet.
The safety reasoning makes sense. As Anthropic put it: “The window between a vulnerability being discovered and being exploited by an adversary has collapsed, what once took months now happens in minutes with AI.” They needed to control this before bad actors could weaponize it. Fair enough.
The asymmetry problem
Theo’s argument is still right, open source does win long term. But Mythos makes the gap between open source and closed source smaller than it used to be. When one side temporarily has access to a model that’s a generation ahead, the playing field tilts.
Google, Microsoft, NVIDIA, JPMorgan, their engineers can use Mythos to find every bug, refactor massive codebases, build features that would take open source teams months. They can pull your open source code, feed it to Mythos, and ship a better version into their product. Not in months. In hours.
That said, this is a temporary advantage. Open source models might still end up better in the long run, they always have the community, the iteration speed, and the sheer number of contributors. But right now, the companies with Mythos access have the more powerful tools, and even a few months of that head start matters in software.
The gap is temporary
Anthropic committed $100 million in model usage credits and $4 million in donations to open-source security organizations through Glasswing. That’s real money and it matters.
This advantage lasts until another lab releases a competitive model publicly, or until Anthropic finds a way to safely broaden access. When every developer gets access to this level of intelligence, the amount of software that gets rewritten, modernized, and shipped will be wild.
Open source isn’t dead. It might not even be losing. But right now the biggest companies have the best tools, and that’s worth paying attention to.