Claude Mythos Preview

Anthropic has a habit of careful, measured product launches. Claude Mythos Preview breaks from that pattern, not because the release was loud, but because there wasn't really a release at all.

Quietly announced on April 7, 2026, Mythos Preview is Anthropic's most capable model to date, surpassing Claude Opus 4.6 by a margin the company itself describes as a meaningful leap. It achieves 93.9% on SWE-bench Verified, 83.1% on CyberGym, and 97.6% on USAMO 2026, numbers that, in isolation, would be the centerpiece of any frontier lab's biggest product announcement of the year.

Instead, Anthropic put it behind a locked door. And the reason they give is more interesting than the benchmarks.

The model that found a 27-year-old bug

What makes Mythos Preview genuinely different isn't any single benchmark, it's what happens when the model is given an agentic harness and pointed at real-world codebases. In internal and red-team evaluations, the model autonomously discovered thousands of previously unknown vulnerabilities across major operating systems and browsers. Among them: a 27-year-old flaw in OpenBSD, a 16-year-old issue in FFmpeg, and a privilege-escalation chain in the Linux kernel, all of which had survived years of expert human review.

This isn't a model that scores well on curated datasets. It's a model that, given the right setup and minimal steering, can operate like a highly skilled security researcher, finding and demonstrating real exploits in authorized environments at a pace no human team could match.

That capability is exactly what forced Anthropic's hand.

Why the public doesn't get access

The 244-page System Card Anthropic published alongside Mythos Preview is unusually candid. The company acknowledges that the model represents their best-aligned system to date, but that its autonomous offensive cybersecurity capabilities crossed a threshold that made broad public release irresponsible. Handing that kind of zero-day discovery engine to the open market, the reasoning goes, would accelerate the offense side of an already lopsided arms race in ways that couldn't be walked back.

So instead of a general release, Anthropic built a framework to put the capability exclusively in the hands of people trying to defend the systems that the rest of the internet runs on.

Project Glasswing: defenders first

The vehicle for that framework is Project Glasswing, a new, invitation-only defensive cybersecurity consortium with 12 named launch partners: Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Beyond those 12, approximately 40 additional vetted organizations have been brought into the program.

Access to Claude Mythos Preview flows through Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry, priced at $25/$125 per million input/output tokens. To accelerate the work, Anthropic is putting $100 million in usage credits behind the effort, alongside $4 million in direct donations to open-source security infrastructure, $2.5 million to Alpha-Omega and the Open Source Security Foundation, and $1.5 million to the Apache Software Foundation.

Early results from Glasswing partners are already surfacing previously undetected vulnerabilities in large codebases. Whether that translates into a measurably smaller global attack surface over the coming months remains to be seen, but the scale of the commitment suggests Anthropic is treating this as more than a PR move.

What changes for everyone else

For the vast majority of Claude users, developers on the public API, teams on Claude.ai, nothing changes today. Mythos Preview stays firmly inside the Glasswing program. The public-facing Claude models will continue to evolve, and learnings from this work will filter through eventually, but the full capability set is not coming to a consumer tier anytime soon.

For enterprise security teams and organizations connected to Glasswing's partner network, the calculus is different. Autonomous, high-precision vulnerability discovery at scale could meaningfully compress the window between when a flaw exists and when it gets patched, which is one of the most persistent structural weaknesses in software security today.

A harder question about what comes next

The more interesting story here isn't about Mythos Preview specifically. It's about what it represents for how frontier AI gets deployed going forward.

Anthropic has essentially demonstrated that capability can advance to a point where a lab's best model isn't their most publicly available one. That's a different kind of moment than we've seen before. Most of the past few years of AI development were defined by the race to get the most powerful model into the most hands. Mythos Preview suggests we're entering a phase where the most powerful models might be permanently out of reach for most users not because labs are holding back, but because the responsible answer to genuine danger might sometimes be no public access at all.

Whether that framework scales, whether it creates new concentrations of power, and whether it actually achieves its defensive goals are all open questions. Anthropic's transparency on the risk assessment is genuinely notable. The execution is a bet that controlled access in the right hands beats uncontrolled access in all hands.

That's a reasonable bet. It's also a precedent worth watching closely.