Perhaps the most important AI news of recent months concerns not a system that reached millions of people, but one that almost nobody has been given access to yet. Anthropic unveiled a model so powerful that it decided not to release it widely — and that gesture alone says more about the state of technology than most spectacular launches. The easiest question would be: is this Skynet already? But the truly interesting question is different: what exactly did the creators see that made them, before even considering public access, first warn those who guard the digital locks, server rooms, and financial nerve centres of the world? The answer to that question is where a story begins — less cinematic, but far more real.
Skynet holds an unfair advantage over the world of reports: it fits into a single word. Drop it, and the imagination instantly sets the stage — a cold machine, humanity in peril, the red glow of menace. Claude Mythos Preview and Project Glasswing practically beg for a similar shortcut. Here's an AI company announcing a model so powerful it doesn't want to share it with the general public. Hard to find better headline material. Except that this time, the most interesting part is precisely what doesn't fit in the headline: Anthropic didn't announce the birth of a digital tyrant — it launched a model and a limited-deployment programme designed to give select defenders a few moves' advantage in cybersecurity before similar capabilities become more broadly available. It's less cinematic than Skynet, but from the standpoint of businesses, nations, and infrastructure — far more serious.
So let's start by getting the terms straight. Claude Mythos Preview is Anthropic's model — according to the company itself, its newest and most powerful general-purpose model. Project Glasswing is not a second model or some mysterious add-on; it's a programme: a set of partnerships, access rules, and defensive objectives built around Mythos. Access to the model is currently restricted, invitation-only, with no open enrolment, and is intended for defensive cybersecurity work. This is an important distinction, because half the media smoke comes from confusing the engine itself with the road it's allowed to travel. Anthropic is explicit: the model exists, but it's not a public product "for everyone" — it's a controlled research preview.
What is this model supposed to be capable of? Anthropic's official answer: a great deal — and, in places, a disturbingly great deal. In its technical description, the company claims that Mythos was able to find and exploit so-called zero-days — vulnerabilities that software makers don't yet know about — in every major operating system and every major browser. Specific examples are cited: a 27-year-old vulnerability in OpenBSD, a 16-year-old vulnerability in FFmpeg, and the chaining of multiple Linux kernel bugs into a single working attack chain leading to full privileges. This sounds like the repertoire of a very accomplished offensive team, not an "ordinary chatbot." What's more, Anthropic writes plainly that even engineers without formal security training were able, with Mythos's help, to set the model searching for vulnerabilities overnight and wake up in the morning to a ready-made, working exploit — a practical method of leveraging the hole it found.
Here, however, one must immediately ease off the accelerator. Not because Anthropic must be wrong, but because honesty matters more than good suspense. The company itself notes that over 99% of the vulnerabilities the model detected have not yet been publicly disclosed, as responsible disclosure and patching are still underway. In other words: the strongest claims are, for now, primarily well-documented declarations from the primary source, not something an outside researcher can already fully examine on the table. Anthropic further explains that the public version of its risk report was partially redacted precisely because full details could increase the risk of abuse or expose information that is too sensitive. This doesn't invalidate the topic. But it does require separating fact from triumphal exaggeration: we know enough to take the matter seriously, and still too little to pretend everything has been independently verified down to the last bolt.
What's even more interesting is that Mythos didn't fall from the sky. A month earlier, writing about Claude Opus 4.6, Anthropic noted that frontier models were already "world-class vulnerability researchers," but that the advantage still lay with defence: Opus 4.6 was said to be far better at finding and fixing vulnerabilities than at practically exploiting them. The company warned, however, that this buffer might not last long. And Mythos looks precisely like the moment when that comfortable gap begins to shrink rapidly. This matters because it shows we're not dealing with a one-off PR firework but with a pace of progress that Anthropic itself describes as fast and structural. In March, one could still say: "defenders have the advantage." By April, the more accurate statement is: "defenders have a window, but it won't stay open forever."
This explains why Anthropic isn't doing a broad Mythos launch today. The company writes explicitly that it has no plans for general availability of this model and that its goal is first to build better safeguards capable of detecting and blocking the model's most dangerous outputs. Access remains restricted, and Glasswing itself is meant to ensure that critical systems and their operators have time to strengthen their defences. This doesn't sound like the nervous reflex of a lab frightened by its own creation. It sounds more like a cool-headed decision that handing out such a powerful skeleton key too widely would be premature. Of course, even in this caution there's something ironic: for two years, the AI market sold primarily the promise of productivity, and now one of the industry's most important companies is essentially saying: "We have a tool so effective that for now we'll only show it to a select few." This is no longer the language of a note-taking app. This is the language of advantage.
Where the Skynet Metaphor Ends
So is Skynet nothing more than a cheap comparison here? In the literal sense — yes. Anthropic's most important official alignment risk report says something almost the reverse of cinematic intuition. The company writes that it does not believe Mythos possesses dangerous coherent goals — coherent, dangerous objectives of its own that would undermine its safety assessment. The overall verdict: the risk is "very low, but higher than for previous models." Moreover, the report very clearly notes that this particular threat model concerns neither ordinary "honest mistakes" nor intentional misuse by a human. It concerns a different scenario: a situation in which the model itself, given substantial autonomy and access to tools, does things contrary to the user's intent and the organisation's interest. This is a critically important distinction. Because public debate loves to conflate three different stories: a model acting on behalf of a human; a model acting against a human; and a human who takes a very capable model and uses it for malicious purposes. These are three separate threats, not one.
The matter becomes even more interesting when you read further. Anthropic simultaneously claims that Mythos is — on virtually every measured dimension — the best-aligned, meaning the most well-behaved, model the company has ever released, and at the same time one that likely carries the greatest alignment-related risk of any model published to date. Sounds like a contradiction? Not necessarily. The company itself explains it with the image of an experienced mountain guide: a more cautious guide may nonetheless lead people into greater danger than a careless amateur if they simply take them into higher, harder, and more remote terrain. In other words: even a more obedient and stable model can increase risk if it is significantly more capable, more autonomous, and has greater access to real tools. It's a subtle but crucial insight. Danger doesn't stem solely from a model's "character." It also stems from its competence and the tasks we entrust to it.
And this means the most mature answer to the question "Is this Skynet?" is: no, but that's no comfort. Because the cinematic Skynet was convenient — all the evil had one source and one face. Reality is more tedious, and therefore more dangerous. Here, the problem needn't be a model that wakes up with its own plan for annihilation. All it takes is a highly effective model, widely used, plugged into tools, operating fast and cheaply, and on top of that picked up by people or organisations capable of converting that agency into real-world action. It resembles a Hollywood machine uprising less, and the industrialisation of advantage in cyberspace more. And that is precisely what we are dealing with today.
The Real Risk: The Industrialisation of Cyberattack
The most honest way to put it is this: the nearest risk is not that AI will want to attack us, but that attacks will become faster, cheaper, and easier to scale. This is not speculation plucked from futurology. As early as August 2025, Anthropic wrote plainly that agentic AI has been weaponized, that AI had lowered the barrier to entry for advanced cybercrime, and that criminals were weaving it into their entire operational chain — from victim profiling to malware and fake identities. The company described, among other things, a large data-extortion operation in which Claude tools were used for reconnaissance, credential harvesting, and constructing pressure on victims; the attack targeted at least 17 organisations. Reuters independently reported that Anthropic had been blocking attempts to use Claude for phishing, malicious code creation, and security-filter circumvention. In short: this is not a topic that will arrive "some day." It has already arrived — it's just that most companies still prefer to think of it as a trailer rather than a shift in the landscape.
November 2025 added an even more powerful argument. In a report on an espionage campaign, Anthropic described an operation targeting roughly 30 entities in which — according to the company — AI carried out a significant portion of tactical work almost autonomously. The official report even offers an estimate that the model executed 80–90% of tactical actions, with a human playing a more strategic supervisory role. This is a very important moment, because it shows that what's changing in cybersecurity is not just the quality of advice AI provides, but the division of labour between human and machine. The model used to be an assistant. Here, it begins to be an operator. Not yet an independent general, but already decidedly more than a code secretary. And when this shift occurs, the cost of experimenting with attacks drops, the pace of iteration rises, and the time defence has to react shrinks.
This is precisely why Glasswing is not just another partner programme with a nice logo. It's an attempt to organise defence a moment before offence becomes cheaper than common sense. Anthropic gathered around the project companies that hold a substantial part of the digital world on a leash: AWS, Apple, Google, Microsoft, Cisco, CrowdStrike, Palo Alto Networks, the Linux Foundation, JPMorganChase, and dozens of other organisations; on top of that, it threw in up to $100 million in credits and $4 million in grants for open-source security. On the declarative level, this is a defensive project. And it probably largely is. But on the political and market level, it also means something else: privileged access to a tool of advantage. The biggest infrastructure operators learn to work with it first; the rest, perhaps, later. One can call this prudence. One can also see in it the seed of a new hierarchy. Both interpretations coexist within one and the same reality.
Glasswing, or the Politics of Advantage
When the matter lands on the desks of banking CEOs, it's clear it's no longer niche. Reuters reported that following the Mythos launch, US Treasury Secretary Scott Bessent and Fed Chair Jerome Powell warned the heads of the largest banks about the cyber risks associated with the model. In parallel, Anthropic was reporting conversations with US authorities on Mythos's offensive and defensive capabilities. These are not decorations for a startup keynote. They are a signal that the topic has entered the level of systemic infrastructure: finance, national security, the resilience of critical networks. To put it plainly: we've stopped talking about whether AI will help write a better email or summarise a PDF faster. We've started talking about how AI is shifting the balance of power in the systems on which the daily functioning of nations and economies depends.
It's also worth noting how profoundly the very concept of security is changing. Once, you could think of cybersecurity as painstaking craft: someone finds a bug, someone writes a fix, someone deploys a patch, everyone breathes. Anthropic now writes plainly that we need to rethink disclosure processes, update procedures, supply-chain security, triage scaling, and patching automation. Their disclosure procedures show why: if AI finds vulnerabilities faster and cheaper, the problem ceases to be the "finding" itself and becomes the world's ability to verify, report, and fix them in time. It's a bit like suddenly speeding up a factory while keeping the same number of quality inspectors. Output rises; the bottleneck stays the same. And then even excellent technology can temporarily increase chaos before it begins to impose order.
What This Means for the World Beyond Silicon Valley
The simplest mistake an entrepreneur or manager outside the tech world can make today is: "This concerns Big Tech, not me." In practice, it concerns everyone, because nobody operates on a desert island anymore. Your company uses accounting software, communication tools, payment systems, cloud services, open-source libraries, partner integrations. You don't have to run a bank or an energy company to be part of a chain in which someone else's vulnerability becomes your problem. In the world of Mythos, the risk isn't just that someone will "hack harder." It's also that the time between discovering a weakness and exploiting it is shrinking. And that means the old security-management model — we'll patch when we find a moment — begins to resemble putting off a dental visit at a time when cavities are developing at the speed of a camera flash.
For business, the practical lesson is unromantic but highly useful. First, security stops being a paperwork-and-compliance department and becomes a function of speed: how quickly you update systems, restrict privileges, segment access, test backups, and review your vendors. Second, an "agent" with access to tools is no longer a friendly chatbot in a suit but something closer to a digital intern with enormous energy, uneven judgement, and growing competence. It needs to be designed for as an operational risk, not treated as a gadget. Third, for investors, the importance grows of companies controlling the deployment layer: cloud, monitoring, identity, code security, update processes. Reuters has already noted that the Mythos launch alone was enough to refresh market anxiety about AI as a force that not only raises productivity but also undermines the existing economics of software. A very clear signal: the advantage is shifting from "who has the model" to "who can embed it safely in the world."
And the ordinary user? They're not excused from this story either. Not because they'll be fending off attacks on the Linux kernel from their kitchen tomorrow. Rather because, in a world of cheaper, faster, and more automated offence, basic digital hygiene stops being a hobby for the paranoid. Strong authentication, updates, common sense about links and attachments, less mindless granting of access to various services — all of this becomes less of a "best practice" and more of the cheapest insurance policy for an era in which an attacker increasingly doesn't need to be a genius, just a customer of a very good tool. This is, perhaps, the most uncomfortable democratisation in this story: just as AI lowers the barrier to entry for creativity and productivity, it can equally lower the barrier to entry for fraud and attack.
That's why the most mature answer to the title question is neither "yes" nor "no." No, this is not yet Skynet — if by Skynet we mean a system with its own coherent, hostile will and an autonomous plan for world subjugation. Anthropic's official documents provide no basis for such a description today. Yes, this is the beginning of something systemically new — if by that we mean AI entering an era in which it ceases to be merely a tool of productivity and becomes a tool of advantage, leverage, defence, and attack. Claude Mythos Preview and Project Glasswing do not yet herald a cinematic apocalypse. They herald something more real, more mundane, and more costly: a world in which the strength of companies, nations, and institutions will increasingly be determined not by whether they have AI, but by whether they can manage it faster, smarter, and more safely than others. And that, as we know, is precisely the kind of change that at first looks like a niche curiosity — and a few years later turns out to be the new order of things.
