Anthropic’s Mythos AI: From 27-Year-Old Zero‑Days to a $965 Billion IPO

The new partners represent a strategic shift from the initial Big Tech focus to critical infrastructure. Operators in the power, water, healthcare, communications, and hardware sectors are now included—industries that were not well-represented in the first round . Named participants reportedly include NATO, Samsung, and the European Union Agency for Cybersecurity (ENISA), which is the first EU body to join the project .

The expansion follows several weeks of close collaboration with the U.S. government, which had previously expressed concern about widening access to such a powerful offensive-security AI tool . Since its launch, Project Glasswing partners have collectively discovered more than 10,000 high- or critical-severity security flaws .

Unearthing a 27-Year-Old Zero-Day in OpenBSD

The most striking example of Mythos's autonomous capabilities remains its discovery of a 27-year-old integer overflow vulnerability in OpenBSD's TCP stack. The bug, present since 1999, could crash any affected server with just two packets. It had survived nearly three decades of human security audits and automated fuzzing tools . A single model run to surface the flaw reportedly cost under $50 in compute resources .

This finding was part of a broader autonomous sweep that uncovered thousands of zero-day vulnerabilities across every major operating system and web browser. In one benchmark, Mythos generated 181 working Firefox exploits, while Claude Opus 4.6 managed just two .

Anthropic Files for a Confidential IPO

On June 1, 2026, Anthropic confidentially submitted a draft registration statement on Form S-1 to the U.S. Securities and Exchange Commission for a proposed initial public offering . This filing gives the company the option to go public after the SEC completes its review, with timing contingent on market conditions .

The filing comes less than a week after the company closed a $65 billion Series H funding round that established a post-money valuation of $965 billion, briefly eclipsing rival OpenAI's valuation . Media reports suggest the public listing could push the company's value past the $1 trillion mark .

From Restricted to Wide Release: A Shifting Strategy

Anthropic's stance on public access has evolved rapidly. When Mythos Preview was unveiled in April, the company restricted it to just 12 defense-oriented partners and explicitly stated it was too dangerous for general release due to its ability to autonomously find and exploit zero-day vulnerabilities .

By early June, the controlled expansion to 150 organizations had already occurred, and just days earlier, on May 29, 2026, the company signaled plans to widely release Mythos-level AI models to the public within weeks—only seven weeks after deeming the technology too powerful to deploy broadly .

Broader Industry Implications

• Competitive AI Landscape: As Anthropic scales, European AI lab Mistral AI is developing models specifically positioned to counter frontier capabilities like Mythos, aiming to be a sovereign European alternative. Anthropic itself is also expanding its European office presence to support its growing partner base across the continent .
• Cybersecurity Job Market: The discovery of thousands of novel vulnerabilities has spurred a sharp increase in demand for AI-augmented security roles. Industry job postings for professionals skilled in AI vulnerability discovery are rising rapidly.
• Developer Integration: With the promise of a wider public release, developers are already anticipating the integration of Mythos-level code analysis into CI/CD pipelines, potentially automating a new tier of continuous security scanning for everyday software development .