Few A.I. models have generated as much attention as Anthropic’s Claude Mythos. Since Anthropic announced Project Glasswing and Claude Mythos Preview in April, the model has drawn intense interest for its reported ability to identify vulnerabilities across major web browsers and operating systems. When news broke that cybersecurity giant CrowdStrike was involved in Glasswing, “the phones went crazy,” CrowdStrike president Michael Sentonas told Observer.
“People wanted access to Mythos, which we obviously couldn’t provide. So we’ve been working around the clock advising organizations on how to think about it, and that hasn’t stopped. It’s still the number one topic we’re discussing,” he added.
CrowdStrike is participating in both Anthropic’s Project Glasswing and OpenAI’s Trusted Access for Cyber program. These initiatives give select partners early access to advanced models to test their capabilities, evaluate real-world use cases and provide feedback.
“We get access so we can test the models, use them internally, and understand how they might help customers,” Sentonas explained. “Then we share feedback based on what we’re seeing.”
That feedback is wide-ranging. CrowdStrike is briefing CEOs, CIOs (chief information officers) and CSOs (chief security officers), explaining what Mythos is and attempting to temper inflated expectations. For now, however, the hype shows little sign of slowing. Mythos’ reputation as “too dangerous to release” prompted U.S. export controls, forcing Anthropic to temporarily suspend access last month. The Commerce Department lifted those restrictions this week.
The cybersecurity industry is now mobilizing. CrowdStrike is one of the largest vendors in the space, with a market cap of over $194 billion and $1.4 billion in quarterly revenue. Its Falcon platform uses A.I. to detect and respond to threats across endpoints and cloud environments. The company also drew widespread attention two years ago following its role in a global computer outage.
Sentonas says much of the urgency is driven by confusion and misinformation. “A big part of our role has been explaining what Mythos is, how it works, how to use it effectively, and what risks actually matter,” he said. That includes practical guidance on scanning for vulnerabilities and managing costs—Mythos is priced at $50 per million output tokens.
So far, Mythos has not revealed major surprises for CrowdStrike internally. The company already uses models like Opus for vulnerability scanning. For now, these models have not significantly increased risk for most organizations, largely because they are not widely available. That is expected to change. As access expands, attackers could use similar tools to identify and exploit vulnerabilities faster than defenders can patch them.
“Imagine a world where 200 vulnerabilities are discovered every day. That’s not far away,” Sentonas said. “Now, imagine those vulnerabilities being exploited almost immediately. A CSO would have to decide, every day, which zero-day threat they need to mitigate.”
With export controls lifted, it is unlikely that frontier A.I. systems like Mythos will remain restricted for long, especially as China develops its own cyber-focused models. For now, companies still have a window to prepare through programs like Project Glasswing, but that window may be closing.

