You Have About 7 Months Before Mythos-Level Hacking Is Open Source

Here is the short version. Anthropic's Mythos Preview is the strongest frontier cyber-capable model currently fenced behind an API. On the price-performance curve that Epoch AI tracks, fixed-performance inference gets roughly 40x cheaper per year, with a 90% confidence interval from 10x to 900x. Push that curve forward from today's Mythos-class capability, and an open-weight model at the same level lands around October through December 2026, with a Sonnet-4.6 price-per-token point hitting around November 2026. That is about seven months.

That window is when Anthropic's Project Glasswing stops being the only thing between frontier offensive capability and the rest of us. After it, every script kiddie on the internet will have an autonomous hacker more capable than any top human hacker alive today. This post is the timeline, the numbers behind it, and the concrete things to lock down before then.

Where the numbers come from

Three inputs feed the estimate.

Mythos as the reference point. When Anthropic shipped Opus 4.7, they explicitly noted that its cyber capabilities are "intentionally kept below Mythos Preview level." That single line is the calibration. Mythos Preview is the current ceiling, shipped only to Project Glasswing partners, and it is strong enough that Anthropic carves it out of production releases on purpose.

Epoch AI's efficiency compute index. Epoch's fixed-performance inference-price work tracks how many dollars it costs to hit a given capability level on public benchmarks over time. Their best estimate for the central trend: roughly 40x cheaper per year, with a wide 90% confidence interval of 10x to 900x. The wide CI is the real story. The curve is steep and noisy, but it is consistently steep.

Open-source lag. Open-weight models historically trail the frontier by 12 to 18 months at capability parity, and closer to 6 to 9 months at the price-per-intelligence frontier. The gap has been compressing as open-weight labs catch up on post-training technique.

Stack those three facts. Today, Mythos-class cyber capability exists but is closed. In 6 to 9 months, a similar capability is very likely available from an open-weight lab at API prices. In 12 to 18 months, it is trivial to run locally on rented GPUs at under a dollar an hour of inference. The seven-month figure is the sharp edge of a three-input estimate, and the honest version is "midpoint end of 2026, hard deadline by mid-2027."

Why this class of model changes the threat model

The thing Mythos-class cyber capability buys an attacker is not novel exploits, at least not at first. It is throughput. Here is what that means in practice.

• Zero-days become a commodity. The Glasswing demo already turned up thousands of zero-days across production codebases, including a 27-year-old OpenBSD bug. That pipeline currently lives inside Anthropic's walls, used by about 40 defensive partners. Once that same autonomous-audit capability ships as a 20B-parameter open-weight model, every motivated attacker gets the same pipeline.
• Social engineering becomes unlimited and targeted. Every public LinkedIn profile, every GitHub commit history, every Substack archive becomes an input to bespoke spear-phishing at marginal cost zero. The economics of targeted phishing change: instead of choosing between wide and shallow or narrow and deep, attackers get both.
• Credential stuffing gets smart. Today's credential stuffing is dumb: try leaked passwords against every endpoint. Tomorrow's is agentic: given a leaked email, derive the owner's naming conventions, infer adjacent accounts, and walk through password resets, OAuth scopes, and recovery flows the way a patient human would.
• Personal attack surface suddenly matters. For most people, personal security hygiene is protected by anonymity-in-the-crowd. You are not worth a human attacker's hour. Drop that cost to a cent, and the math changes.

What to actually lock down

The useful framing is not "panic by November." It is "harden the things that break easily when attacker throughput goes up 1000x." In rough order of priority, per hour of your time spent:

The one-hour sprint

• Turn on hardware-key 2FA everywhere that supports it. YubiKey or Passkey. Not SMS, not TOTP apps. SMS is trivially phishable by an agentic attacker who can spin up SS7 intercepts or SIM swap socially. TOTP is phishable via realtime MITM. Hardware keys are not.
• Remove SMS as a recovery method on every account that lets you. If you can only pick one thing to change this week, pick this.
• Rotate any password you have reused anywhere. Credential-reuse attacks are the cheapest AI pivot.
• Audit your OAuth grants. Google, GitHub, Atlassian, Slack, Notion. Revoke anything you do not recognize. Revoke anything you do recognize but have not opened in 90 days.

The one-day sprint

• Move your most sensitive accounts to a password manager with a separate master device. Not the browser autofill. The blast radius on a compromised browser session gets a lot worse when the adversary can read, interpret, and act on what is in your autofill in real time.
• Take your primary email out of the public domain. Use one email for public presence (posting, sign-ups on unimportant sites) and another for recovery of critical accounts. If your recovery email is the same as your LinkedIn email, that is a direct social-engineering vector.
• Review your domain's DNS and registrar. Registrar lock, DNSSEC if your provider supports it, 2FA on the registrar account itself. Domain takeovers are low-frequency events today because they require persistent human attention. Agentic attackers have infinite patience.
• Check your API keys for public leaks. GitHub secret scanning catches the obvious ones. The expensive case is keys in a forgotten gist, a deleted branch that still exists in someone's fork, or a public S3 bucket tied to a side project.

The one-week sprint

• Threat-model your critical accounts. For each one, write down: what can an attacker do with full control, what is the recovery story if I lose access, and what is the blast radius if the recovery method itself is compromised. Most people have never done this for their primary email. The primary email is the skeleton key.
• Harden the auto-exploitable surface area on any server you run. Unattended upgrades on. SSH keys only, no passwords. Fail2ban or equivalent. A single VPS on the public internet with a default sshd is a canary for when the curve bites.
• Back up your data assuming both devices and cloud can be compromised. 3-2-1 rule: three copies, two media, one offline. Encrypted offline backups are the honest answer to "what happens if my cloud tenant gets taken over."
• Move high-value on-chain assets to a hardware wallet. Hot wallets will be swept the moment an agentic attacker gets a seed phrase from a phishing hit.

What Glasswing has to do in seven months

The reason Anthropic's timeline matters to everyone else is that Glasswing is asymmetric: it takes a frontier model to find hard-to-find bugs, but the resulting patches are free. Every zero-day Mythos surfaces and gets fixed before open-weight models ship is one less cheap exploit for an agentic attacker in 2027. The race Glasswing is running is a patching race. Every week they ship fixes is a week of extracted value before the offensive mirror opens up.

The structural question is whether the Glasswing program can scale its fix pipeline faster than the capability floor drops. If they cover the top 10,000 most-used open-source libraries, the top 100 cloud services, and the major OS distributions in the next seven months, a lot of the "trivial" attack surface evaporates. If they do not, the delta between offense and defense when open-weight Mythos lands will be historically large.

The honest uncertainty

A 10x-to-900x 90% CI is enormous. If Epoch's slope is at the slow end of the distribution, open-source Mythos might be three years away, not seven months. If it is at the fast end, we are already late.

The reason to act on the midpoint is asymmetric cost. Hardening your accounts, rotating credentials, and moving to hardware 2FA is cheap even if the threat is overestimated. Not doing those things is expensive if the midpoint is right.

The sharp version of the claim is "seven months." The defensible version is "when, not if, inside 18 months." Both versions lead to the same action list.

Read the capability context in Anthropic's Project Glasswing launch notes. Read the inference-price context at Epoch AI. Then spend an hour on the list above.