Claude Mythos Preview, the frontier AI model by Anthropic, has the unique ability to find bugs and chain them into a severe exploit against software systems, claimed Cloudflare in their recent research report.

Cloudflare ran Claude Mythos Preview against more than 50 of its own internal code repositories as part of Project Glasswing, a restricted research program launched by Anthropic offering preview version of their AI to SaaS/tech/AI companies and research institutions.

In a blog post published May 18, Grant Bourzikas, Cloudflare’s Chief Security Officer, claimed that his organization ran a test on Claude Mythos Preview and other frontier AI models.

Bourzikas claimed that although other frontier AI models were equally efficient in finding bugs in software systems, it was the ability of Claude Mythos to chain several low-severity bugs and exploit them in a combined manner through a working proof of concept is what made it far more dangerous than others.

“A model would identify an interesting bug, write a thoughtful description of why it mattered, and then stop, leaving the actual chain unfinished and the question of exploitability open. What changed with Mythos Preview is that a model can now take those low-severity bugs (which would traditionally sit invisible in a backlog) and chain them into a single, more severe exploit,” said Bourzikas.

Cloudflare provides network infrastructure and security services for more than 20 percent of all websites globally, according to a company filing with the U.S. Securities and Exchange Commission. 

Cloudflare’s security team spent the last few weeks testing Anthropic’s Mythos against fifty of our own repositories. What we learned about offensive AI, why faster patching is the wrong reaction, and what the architecture around vulnerabilities has to look like next.…

— Cloudflare (@Cloudflare) May 18, 2026

Cloudflare informed that the Mythos Preview model used in the test did not carry the additional safeguards present in generally available anthropic models.That made the trial direct read of what the model could do without a production safety layer on top, said Cloudflare. 

Despite the absence of those safeguards , the model pushed back on certain requests but those refusals were not consistent. The same task, presented in a different framing or context, produced different outcomes. In one documented case, the model refused to perform vulnerability research on a project , then agreed to perform the same research on the same code after an unrelated change to the project’s environment, the company found. 

Cloudflare said that the inconsistency was the core finding on safety. The model’s organic refusals are real, but are not consistent enough to serve as a complete safety boundary on their own. The company concluded that any capable cyber frontier model released outside a controlled research setting would require additional safeguards layered on top.

Cloudflare has acknowledged that the same capabilities that helped it find bugs in its own code would in the wrong hands accelerate attacks against every application on the internet. The company said it would share more on what that means for customers in the coming weeks. 

Project Glasswing announced by Anthropic in April 2026 gave access to Mythos Preview to approximately 40 organizations building or maintaining critical software infrastructure. Anthropic committed up to USD 100 million in usage credits for the program and USD 4 million in direct grants to open source security organizations. 

Also Read: Claude Mythos Won’t Stay Rare or in Safe Hands Forever, Warns Anthropic Frontier Red Team Head