What it is: Claude Mythos Preview is Anthropic’s most capable language model to date — a new model tier above Opus 4.6, announced April 7, 2026, with unprecedented offensive-cybersecurity capabilities. Not generally available.
Who it is for: AI safety researchers, security professionals, policy makers, and anyone tracking the frontier of AI capability and risk.
Best if: You want a current, sourced snapshot of what Mythos is, what it found, and why Anthropic is restricting access.
Skip if: You’re looking for a how-to — Mythos isn’t available to use. For the strongest publicly available Claude, see our Claude Opus 4.6 coverage or get the daily AI brief in our free newsletter.
1-on-1 Coaching
Claude AI Crash Course
1-hour private video session with James. Get up to speed on what’s actually happening at the frontier of Claude — what Opus 4.6 can do today, what Mythos signals about tomorrow, and how to design your own workflows around what’s available right now. You leave with prompts and a workflow you can use immediately.
Group Format
AI Workshops for Security & Engineering Teams
Team-format workshops for security, engineering, and policy teams reasoning about frontier AI capability. Covers safe Claude deployment patterns, threat modeling AI-assisted exploit research, and the practical implications of Glasswing-style restricted access for enterprise AI strategy.
What is the bottom line on Claude Mythos?
Claude Mythos Preview is the most capable AI model Anthropic has ever built — capable enough at offensive cybersecurity that Anthropic chose not to release it publicly. Announced April 7, 2026, Mythos sits in its own model tier above Opus 4.6, found a 27-year-old OpenBSD vulnerability and a 16-year-old FFmpeg bug during testing, and demonstrated a roughly 90x improvement over Opus 4.6 at exploit development on the same evaluation. Access is restricted under Project Glasswing, a controlled program serving roughly 50 vetted defensive cybersecurity organizations, backed by a $100 million Anthropic-funded credit pool.
What are the key takeaways?
- Announced April 7, 2026, after a partial accidental leak on March 26 via a misconfigured CMS.
- New model tier above Opus. Mythos is not an Opus upgrade — it is its own tier, larger and more capable than any prior Claude.
- Strikingly capable at cybersecurity. During internal evaluations Mythos developed working exploits 181 times against Firefox’s JavaScript engine, where Opus 4.6 succeeded only twice in several hundred attempts.
- Found a 27-year-old OpenBSD vulnerability and a 16-year-old FFmpeg flaw — bugs that survived decades of expert code review.
- Not generally available. Anthropic has stated Mythos is “not planned to be made generally available.”
- Project Glasswing grants restricted access to roughly 50 vetted defensive cybersecurity organizations, backed by a $100 million model-credit commitment.
- For the strongest model you can actually use today, Claude Opus 4.6 remains Anthropic’s flagship publicly available offering.
What is Claude Mythos exactly?
Claude Mythos Preview is Anthropic’s most capable language model to date. In Anthropic’s own framing: “Mythos is a new name for a new tier of model: larger and more intelligent than our Opus models — which were, until now, our most powerful.”
Mythos is a general-purpose model. It performs strongly across reasoning, coding, writing, and language tasks. But what distinguishes it from Opus 4.6 — and what drove Anthropic’s decision not to release it commercially — is its performance on offensive cybersecurity workloads. Anthropic’s published evaluations describe Mythos’s capability as being “in a different league” compared to Opus 4.6 for exploit development.
Why did Anthropic announce Mythos on April 7, 2026?
The announcement was preceded by an accidental leak on March 26, 2026, when internal documents about the model were exposed through a misconfigured content management system. Rather than wait, Anthropic moved up its planned disclosure timeline and formally announced both the model and the Project Glasswing restricted-access program on April 7. The announcement framed the model’s capabilities directly and made the case for not releasing it widely.
How does Claude Mythos compare to Opus 4.6?
| Capability | Claude Opus 4.6 | Claude Mythos Preview |
|---|---|---|
| Model tier | Opus (flagship) | New tier above Opus |
| Release date | February 5, 2026 | April 7, 2026 (announcement) |
| Public availability | claude.ai, API, AWS Bedrock, Vertex AI, Microsoft Foundry | Restricted — Glasswing only |
| Pricing | $5 / $25 per million tokens (input/output) | Not commercially priced |
| Context window | 1M tokens (beta, API) | Not publicly disclosed |
| Firefox JS exploit success | 2 / several hundred attempts | 181 working exploits |
| Vulnerability discovery | Strong (cybersecurity probes) | “In a different league” |
| Best use today | Coding, agentic tasks, research | Defensive cybersecurity (Glasswing partners only) |
What specific vulnerabilities has Claude Mythos found?
During controlled testing, Mythos Preview identified:
- A 27-year-old bug in OpenBSD that survived decades of expert security review. OpenBSD is one of the most security-audited codebases in existence, so a defect persisting for that long is noteworthy.
- A 16-year-old vulnerability in FFmpeg, one of the most widely-deployed media libraries in the world. FFmpeg ships in essentially every web browser, video player, and streaming pipeline.
- Thousands of high- and critical-severity vulnerabilities across open source projects.
- Working exploits for zero-days in FreeBSD NFS, the Linux kernel, and major web browsers.
- Complex multi-vulnerability chains involving techniques like JIT heap sprays — the kind of multi-step exploit work that has historically required highly specialized human security researchers.
The cost numbers Anthropic published are equally striking: two N-day exploit developments came in under $1,000 and under $2,000 in model usage respectively, and a full OpenBSD test campaign of 1,000 runs cost under $20,000.
What is Project Glasswing?
Project Glasswing is Anthropic’s controlled-access program for Mythos Preview. Rather than releasing the model commercially, Anthropic committed $100 million in model-usage credits to defensive cybersecurity work performed by approximately 50 vetted organizations. Participants include critical-infrastructure operators, open source project maintainers, and selected security research groups. Terms restrict use to defensive cybersecurity work; offensive or commercial use cases are not permitted under the program.
Glasswing is also a research collaboration: Anthropic provides participating organizations with model access in exchange for coordinated disclosure of findings to affected upstream projects before any public capability discussion.
Who has access to Claude Mythos?
Approximately 50 organizations have been selected. Anthropic has not published the full list, but reporting by Fortune, The Ringer, and others indicates Glasswing partners include several large law firms working on cyber-related matters, critical-infrastructure operators, and prominent open source project maintainers. Applications are vetted individually; access is not granted by default to organizations that apply.
Why isn’t Claude Mythos publicly available?
Anthropic’s stated reason is asymmetric risk: a model that can produce working zero-day exploits at the rate Mythos demonstrated represents capability that is far easier to weaponize than to defend against. If broadly available, the same capability that helps defenders harden their systems would also enable mass-scale offensive operations from anyone with API access — including state-affiliated and criminal actors.
By restricting access to vetted defenders working in coordination, Anthropic argues the capability can be applied to harden critical software stacks before equivalent capabilities become widely available through other frontier labs or through technique replication. This is a finite head start: once another lab releases a comparable model, or once the techniques are reproducible, the restricted-access strategy stops providing defensive lead time.
What does Claude Mythos mean for the cybersecurity industry?
Three implications stand out, based on public commentary from the UK AI Security Institute, AI safety researchers, and industry analysts:
- The economics of vulnerability discovery are changing. The cost of finding subtle, decades-old bugs in mature code is collapsing. Defenders who don’t invest in AI-assisted code review are now at a structural disadvantage to anyone who does.
- Open source projects with large attack surfaces face an immediate priority. Browsers, OS kernels, media libraries, and cryptographic libraries are the prime candidates for proactive AI-assisted hardening. Project maintainers should be opening dialogue with frontier AI labs about coordinated review programs.
- Disclosure norms are being stress-tested. The 27-year-old OpenBSD bug means systems running OpenBSD for decades may have shipped with that latent vulnerability. As more multi-decade flaws are discovered, coordinated-disclosure processes designed for individual bugs found by human researchers face scaling challenges.
How does Claude Mythos compare to other frontier AI models?
Direct head-to-head comparisons are limited because Mythos has not been benchmarked against competing frontier models on public leaderboards. But three points are clear from the public record.
First, on offensive cybersecurity, no other publicly-acknowledged frontier model has demonstrated published exploit-development capability at the rate Mythos showed on the Firefox JavaScript engine evaluation. Whether other labs have internal models with comparable capability is not publicly known. The publicly available models from OpenAI, Google DeepMind, xAI, and Meta have all undergone cybersecurity-capability evaluations, and none have been described in terms similar to Anthropic’s “in a different league” framing.
Second, on general capability, Mythos sits above Opus 4.6, which itself leads Humanity’s Last Exam and Terminal-Bench 2.0 among publicly released models. The closest published competitor on those benchmarks is GPT-5.2 from OpenAI, which Opus 4.6 outperforms by ~144 Elo points on GDPval-AA. By transitive reasoning, Mythos is likely the highest-capability model anyone has publicly disclosed — but only on Anthropic’s published evaluations.
Third, on accessibility, Mythos is unique among frontier models in being restricted by policy rather than by waitlist or cost. GPT-5.2 is on a public API. Gemini 3 Pro is in free preview through Google Antigravity. Grok 4 is publicly available with an X Premium subscription. Mythos is the only frontier-tier model whose access is gated by capability-based restriction, not commercial terms.
How is Anthropic deploying Mythos responsibly?
Anthropic’s responsible-deployment approach for Mythos has four components:
- Restricted access via Glasswing only — no public API, no broad commercial release.
- A $100 million defensive-cybersecurity credit grant — making restricted access financially viable for the kinds of nonprofit and academic defenders that would otherwise be priced out.
- Coordinated disclosure to affected projects before any public capability discussion.
- Continued external safety evaluation, including by the UK AI Security Institute (AISI), whose published assessment of Mythos’s cyber capabilities is one of the primary independent sources on the model.
What does Mythos signal about frontier AI policy?
Mythos has prompted active policy discussion. Reporting indicates the Trump administration is considering government pre-deployment oversight of frontier AI models in response to capabilities of this class. Whether that takes the form of voluntary commitments, a NIST-style technical-standards body, or formal regulatory authority is being actively debated. Anthropic itself has publicly supported the idea of frontier-model pre-deployment review under appropriate conditions.
What’s next for Claude Mythos?
Anthropic has stated Mythos is “not planned to be made generally available.” Expected directions:
- Continued vulnerability discovery work with Glasswing partners.
- Coordinated disclosure of findings to affected upstream projects.
- Possible derivative deployments — defensive-only fine-tunes, audit-tool integrations, or specialized inference endpoints that constrain misuse.
- Continued policy engagement with governments on frontier AI deployment norms.
For users who want frontier Claude capabilities today, Claude Opus 4.6 remains the strongest publicly available Anthropic model. For day-to-day Claude work — coding, writing, research, agents — Opus 4.6 on claude.ai or via the API is what you should be using. See our full What’s New in Claude 2026 roundup for the broader release cadence and roadmap.
Frequently asked questions
Is Claude Mythos the same as Opus 4.6?
No. Mythos is a new model tier above Opus 4.6. Anthropic explicitly describes Mythos as a new tier, not an Opus upgrade.
Can I use Claude Mythos right now?
Almost certainly not. Access is restricted to approximately 50 organizations vetted under Project Glasswing for defensive cybersecurity work.
How do I apply for Project Glasswing access?
Anthropic accepts applications from organizations doing defensive cybersecurity work. Applications are vetted individually. Most accepted participants are critical-infrastructure operators, open source maintainers, or established security research groups.
Will Claude Mythos ever be released publicly?
Anthropic has stated it is “not planned to be made generally available.” That may change — but the company’s current posture is indefinite restriction.
What does the “Preview” in Claude Mythos Preview mean?
It indicates this is the first publicly-acknowledged version of the model. Internal iterations and future versions are expected. The “Preview” designation does not imply imminent public release.
Is Mythos available on AWS Bedrock or Vertex AI?
A model card exists on both platforms for Mythos Preview, but it is not generally accessible. Only Glasswing partners can invoke the model.
Did Anthropic leak Mythos by accident?
Yes — partial details leaked on March 26, 2026 via a misconfigured CMS. Anthropic formally announced the model on April 7, 2026.
Why did Mythos find a 27-year-old OpenBSD bug humans missed?
Human reviewers face attention-capacity limits across millions of lines of code, and OpenBSD has been reviewed by many humans many times. An AI model that can hold a large codebase in context, propose mutation-based exploit attempts at scale, and reason about cross-function call graphs is operating at a different scale than human review — not necessarily smarter on any single piece of code, but exhaustively patient across the whole.
Is Claude Opus 4.6 still the best Claude model I can use?
Yes. For all publicly available capabilities — coding, writing, research, agents, document work — Opus 4.6 is the strongest Anthropic model you can actually access.
How is Mythos different from Claude Cowork or Claude Code?
Cowork and Code are products built on top of Anthropic’s released models (currently Opus 4.6). Mythos is the underlying model itself, a new tier above Opus. There is no Mythos-based product layer for end users today.
Does Mythos make Anthropic the most powerful AI lab right now?
By the metric of “highest demonstrated capability on a published benchmark,” arguably yes — but that capability is restricted. Other labs may have internal models with similar capabilities. What’s notable about Mythos is the public disclosure plus restricted-release decision, not necessarily the underlying capability frontier.
Does Mythos use the same architecture as Opus 4.6?
Anthropic has not published architectural details. The framing as a “new tier” rather than an Opus upgrade suggests architectural and scale differences, not just a fine-tune. The published cost-per-exploit numbers ($1k–$2k per N-day exploit development) imply Mythos is more expensive to run per token than Opus 4.6, consistent with a larger model.
Can Mythos be used for anything besides cybersecurity?
Yes — Anthropic describes it as a general-purpose model that “performs strongly across the board.” But Project Glasswing terms restrict its use to defensive cybersecurity work. Participating organizations are not permitted to apply Mythos to product development, content generation, or general research that falls outside the security mandate.
What should I do about Mythos if I’m not in cybersecurity?
For most users the practical impact of Mythos is zero today. Use Claude Opus 4.6 for daily work. The strategic implication — that AI labs are now releasing capabilities under capability-based restrictions, not just commercial terms — is worth tracking but doesn’t change your current workflow. Subscribe to our newsletter below to stay current on what ships next.
Stay ahead of every Claude release
Mythos was a surprise. The next major Claude release will be too. The Beginners in AI newsletter ships one issue every day — what shipped, what it means, and what to do with it. Free, daily, no fluff. Subscribe below.
Sources
- Claude Mythos Preview — Anthropic Red (official announcement, April 7, 2026)
- Project Glasswing — Anthropic
- Introducing Claude Opus 4.6 — Anthropic (February 5, 2026)
- Our evaluation of Claude Mythos Preview’s cyber capabilities — UK AI Security Institute
- Claude Mythos Preview on Vertex AI — Google Cloud Blog
- Claude Mythos Preview model card — Amazon Bedrock
- Could Claude Mythos Actually Destroy the Internet? — The Ringer
Related news
- Glossary: What is Project Glasswing?
- Microsoft is canceling Claude Code licenses for thousands of engineers — news, May 14–15 2026.
- May 2026 AI updates: one-page cheat sheet — the full month at a glance.
- Claude for Legal: 12 open-source plugins, 20+ connectors, and how to use them (May 2026) — news, May 12 2026.
- Claude Mythos cracked Apple’s Mac M5 security in 5 days — news, May 14 2026.
Want a head start? Book a 2-hour live AI crash course
A private, beginner-friendly session across Claude, ChatGPT, Gemini, Grok, and the wider landscape. Walk away knowing which tools fit your work and how to use them.
Book the 2-hour crash course · $125 →