"Anthropic prioritized safety and security a lot more than other LLMs... As the largest cybersecurity company, that's a big deal for us."
- Gunjan Patel, Director of Engineering
The state of cybersecurity
Where frontier capability stands today
Models can build working exploits, defeat security walls, or help defenders ship fixes at scale. The outcome depends on how they’re used.
From finding flaws to full system control
A year ago, the most capable AI models could spot security flaws but couldn't reliably exploit them. Today, in the wrong hands, they can — and not just in simple software. Mythos Preview is the first model to consistently break through the sandbox protections modern browsers and operating systems rely on; other frontier models still stop at the wall. Defenses built on last year's assumptions are already behind.
Reading the chart
Capability trends downward as tasks get harder. T5 is "the model reaches vulnerable code." Only Mythos passed T1: "the model fully controls the system."
Tipping the scales to defenders
In March 2026, Mozilla shipped fixes for vulnerabilities found by Claude Opus 4.6, the model that found hundreds of bugs in open source software that survived decades of human review. With Mythos Preview, Mozilla shipped an additional 271 fixes in the April release, more than 20 times their monthly average. Says Bobby Holley, CTO of Firefox, “Defenders finally have a chance to win, decisively.”
Inside Mozilla's review process
The model expands what gets reviewed, and humans decide what gets patched.
Project Glasswing
Our approach to dual-use with Claude Mythos models
Claude Mythos Preview, and now Claude Mythos 5, are models with significantly stronger cybersecurity capabilities, especially in exploit reasoning. This capability carries the greatest potential for misuse in security, and we’re rolling out access carefully as we work toward general access. Read the latest
Securing critical software
Glasswing partners maintain critical infrastructure or software the world depends on, where a successful attack would be catastrophic.
Expanding through trusted access
We are working toward steadily expanding access to Claude Mythos 5 through a trusted access program, and will share more soon.
Providing tools for defenders today
Claude Security, the open-source reference tools, and the practices emerging from the preview are available to all security teams.
Insights from defenders
“As we enter a phase where cybersecurity is no longer bound by purely human capacity, the opportunity to use AI responsibly to improve security and reduce risk at scale is unprecedented.”
Igor Tsyganskiy
EVP of Cybersecurity and Microsoft Research, Microsoft
“AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back.”
Anthony Grieco
SVP & Chief Security & Trust Officer, Cisco
“The current moment is a perilous one, but also full of opportunity. Let's work together to secure the internet.”
Brian Grinstead
Distinguished Engineer, Firefox
進化するニーズに対応するセキュリティ
優れた推論と人間並みの品質の回答を取得できます。
Find and fix vulnerabilities with Claude Security
Claude Security reasons about your code like a security researcher: scanning for vulnerabilities, validating findings, and proposing targeted patches.
Deploy security agents with the Claude Developer Platform
Ship defender tools and custom security agents with sandboxed execution, credential isolation, and audit logging built in via the Agent SDK, MCP, and Claude API.
“Claude consistently performed best on complex, agentic workflows, especially multi-step investigations requiring policy adherence and sustained reasoning across multiple tools.”
- Anirudh Ravula, Head of AI
“The industry has always moved too slowly compared to attackers. AI is like giving defenders a jetpack when they've been limited to walking.”
- Martin Holste, CTO of Cloud & AI
● Scanning 247 files across app/, services/, routes/...
● Analyzing auth flows, input validation, file handling...
● Filtering by severity ≥ high...
● Found 4 findings in acme-corp/hookrelay
CRITICAL
Shell command injection via webhook payload
app/services/notifiers/script_runner.py:21 · Command injection
CRITICAL
JWT authentication bypass via "none" algorithm
app/auth/jwt_handler.py:28 · Auth bypass
CRITICAL
Path traversal in export file download endpoint
app/routes/exports.py:39 · Path traversal
HIGH
Server-side request forgery in destination URL validation
app/services/validator.py:36 · SSRF
✓ 12 lower-severity findings filtered out
Ship secure code in your CI/CD workflow
Use the Code Review skill to set up automated PR reviews to catch logic errors, security vulnerabilities, and regressions across your full codebase
Build threat context
Give scanning and response a map to work from. Claude derives a threat model from your codebase and past vulnerabilities, then enriches raw indicators with infrastructure links, attribution, and ATT&CK mapping, so analysts start with context.
Vulnerability detection
Claude reads source code the way a researcher does, reasoning about reachability and exploitability, catching vulnerabilities that static tools often miss. A separate triage pass re-verifies every finding to help reduce false positives.
Patching
Findings now arrive faster than teams can fix them. Claude traces each one to its root cause, hunts sibling call sites with the same flaw, and writes a minimal diff with a regression test for your team to review.
Triage and verify findings
Hand Claude raw findings from any scanner and get back insights. Claude reads the surrounding code to confirm exploitability, deduplicates by root cause, and ranks by precondition and impact, so engineers can focus and work on real issues first.
Security review across the dev loop
Review code for security at every stage of development. Claude checks its own edits as it writes and fixes issues in the same session, then specialized agents re-examine pull requests against your codebase, posting verified findings inline without blocking your review gates.
Secure source code, end to end
As offensive capability accelerates, the find-and-fix loop has to close faster. Claude runs threat modeling, discovery, verification, triage, and patching as one continuous loop on your codebase, carrying context across every stage so each finding arrives at the fix with its full history.
Customer story
Cogent resolves security threats 97% faster with Claude
Claude Opus
500+
high-severity vulnerabilities found that survived decades of scrutiny and automated analysis
Cyber defense powered by Claude Opus, available through our partners
Claude Opus
Leverage powerful models for defense
Opus reads code carefully, understands real risks, and sustains the long workflows that continuous defense requires. Verified practitioners can request adjusted safeguards for dual-use work.
Anthropic’s commitment to cyberdefense
Frontier AI capabilities are advancing faster than any single team can respond to, and developers, vendors, researchers, open-source maintainers, and public-sector defenders all have a role to play.
Supporting open-source security
The internet runs on critical software maintained by people with limited resources. We extend access to capable models, fund the foundations behind them, and disclose vulnerabilities responsibly when Claude finds them.
Defending mission-critical systems
We partner with the organizations responsible for the world's most critical software and infrastructure — from Project Glasswing's work hardening systemically important code, to our research with Pacific Northwest National Laboratory (PNNL) on defending cyber-physical systems.
Advocating for policy that backs defenders
Our Advanced AI Framework proposes policies for binding obligations on frontier labs, Anthropic included, and government authority to block dangerous deployments, alongside investment in open-source hardening and the safeguards that would let frontier cyber capability reach more defenders safely.
Go deeper on cyberdefense
Everything you need to strengthen your defense posture, from research to implementation guides.
Title
Date
Title
content type
Date
Title
content type
Date