Quick answer. Anthropic Mythos is a frontier preview model unveiled April 7, 2026, that finds and exploits software vulnerabilities at a level above most human experts. It scored 55.3 percentage points higher than Opus 4.6 (Mythos 97.6% vs 42.3%) on USAMO 2026 and discovered thousands of zero-days. Anthropic withheld public release and is shipping it only through Project Glasswing to ~50 defensive-security partners.
On April 7, 2026, Anthropic published a research post titled Claude Mythos Preview and, for the first time, declined to ship one of its frontier models to paying customers. Mythos is the most capable model the company has trained. It is also the first one Anthropic has decided is too risky to put behind a public API. Instead of a Claude.ai launch, the company stood up Project Glasswing — a limited-access program for roughly fifty defensive-security organizations.
This guide is what we wish we had when we first read the Mythos preview post: a plain-English walkthrough of what the model actually is, what it can do, what it scored, who has access, and what it means if you build with Claude today.
What is Anthropic Mythos?
Mythos — full codename Claude Mythos Preview — is a general-purpose frontier model that Anthropic positions a tier above the public Opus and Sonnet lines. It is not a cybersecurity-only model. In Anthropic's own framing, it operates like a senior software engineer: it spots subtle bugs in unfamiliar code, self-corrects mistakes mid-task, and chains long sequences of reasoning without losing the thread.
Two things make it different from anything Anthropic has previously released:
- It is materially smarter than Opus 4.6 on hard reasoning. On the 2026 USA Mathematical Olympiad, Mythos scored 55.3 percentage points higher than Opus 4.6 (Mythos 97.6% vs 42.3%). That gap is not an incremental tick — it is the kind of jump that usually marks a generational change.
- It is dangerously good at offensive security work. The UK AI Security Institute evaluated Mythos on expert-level hacking tasks and reported a 73% success rate — on tasks that, until April 2025, no AI model could complete at all.
The model was first hinted at last year, reportedly codenamed "Capybara" after fragments leaked in a data-security incident. The official April 7 post confirmed it as Mythos and made the deployment policy explicit: "we do not plan to make Mythos Preview generally available."
How is Mythos different from Claude Opus 4.7?
If you're building on Claude today, you're almost certainly using Opus 4.7 or Sonnet 4.6. So the practical question is: how much further does Mythos go?
The short version: Opus 4.7 is the best model the public can actually call. Mythos is the best model that exists, and you can't call it. For Codersera's perspective on the publicly available frontier, see our Claude Opus 4.7 complete guide.
Here is how the three sit on Anthropic's ladder as of mid-2026:
| Model | Release | Public access | Headline capability |
|---|---|---|---|
| Sonnet 4.6 | Late 2025 | General availability (Claude API, Bedrock, Vertex) | Fast, cheap, default workhorse for agentic coding |
| Opus 4.7 | Early 2026 | General availability | State-of-the-art public model for code, reasoning, long-horizon tasks |
| Mythos Preview | April 7, 2026 | Project Glasswing partners only | Tier above Opus 4.7 on math + security; held back from public deployment |
The capability gap shows up most starkly in security work. On a benchmark of roughly 7,000 open-source repository entry points, Mythos achieved tier-5 control-flow hijacks in 10 cases. Sonnet 4.6 and Opus 4.6 each managed a single tier-3 result. Opus 4.6 was, in Anthropic's words, "far better at identifying and fixing vulnerabilities than at exploiting them." Mythos can do both, end-to-end, without human guidance.
For everyday application development, Opus 4.7 is still the right tool. Mythos's lead matters most when the task is adversarial — finding bugs in complex real-world codebases, chaining vulnerabilities, or reasoning across attacker and defender perspectives simultaneously.
What is Project Glasswing and who has access?
Project Glasswing is the deployment vehicle Anthropic built specifically because it didn't want to ship Mythos broadly. It is a limited-access program for organizations that operate critical software infrastructure, with the stated goal of letting defenders find and patch vulnerabilities before attackers with similar AI capabilities can exploit them.
The launch partner list is unusually heavyweight:
- Amazon Web Services
- Apple
- Broadcom
- Cisco
- CrowdStrike
- JPMorganChase
- The Linux Foundation
- Microsoft
- NVIDIA
- Palo Alto Networks
- Anthropic itself
Beyond the twelve named launch partners, Anthropic has extended access to over 40 additional organizations that build or maintain critical software infrastructure — bringing the total to roughly fifty. Pricing inside the program is published: $25 / $125 per 1M tokens (input/output) — roughly 5× Opus 4.6's $5/$25, reflecting the restricted-access tier. Mythos is available through the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.
Anthropic's May 2026 initial-update post reported what those partners found in the first month:
- Over 10,000 high- or critical-severity vulnerabilities identified across systemically important software
- 6,202 estimated high/critical vulnerabilities across 1,000+ open-source projects
- 1,587 of 1,752 assessed open-source vulnerabilities confirmed valid — a 90.6% true-positive rate
- 530 high/critical bugs disclosed to maintainers; 75 patched with 65 public advisories issued
Cloudflare reported finding 2,000 bugs (400 high or critical) with false-positive rates comparable to human testers. Mozilla found 271 vulnerabilities in Firefox 150 — more than ten times what Opus 4.6 surfaced in the previous Firefox release.
How does Mythos compare to GPT-5.5 and Gemini 3.1 Ultra?
Because Mythos isn't in the public benchmark pool, head-to-head comparisons against OpenAI's GPT-5.5 or Google's Gemini 3.1 Ultra are limited to what Anthropic and independent evaluators have published. A few directional points:
- Math reasoning. The USAMO 2026 jump (+55.3 points over Opus 4.6 — Mythos 97.6% vs 42.3%) puts Mythos clearly ahead of where any publicly tested model sat at the start of 2026. GPT-5.5 and Gemini 3.1 Ultra both improved on math benchmarks this year, but neither has published a USAMO result in this range.
- Offensive security. The UK AISI's 73% success rate on expert-level hacking tasks is the most striking number in the entire Mythos report. AISI's prior evaluations of frontier models from other labs reported single-digit or low-double-digit success rates on the same task set. This is the gap that drove Anthropic's decision to withhold.
- Long-horizon agentic work. Mythos chains up to four vulnerabilities autonomously and constructs sophisticated exploits including JIT heap sprays and sandbox escapes. Public agentic-coding benchmarks (SWE-bench Verified, Terminal-Bench) haven't been re-run with Mythos because it's not available, but the underlying multi-step reasoning is clearly above Opus 4.7.
The fair summary: where benchmarks exist, Mythos is ahead. Where they don't, we're relying on Anthropic's descriptions plus partner reports — which is exactly why the security community has spent the last few weeks debating what the model means rather than what it scores.
Why is Mythos a cybersecurity concern?
The phrase you'll see in most coverage is dual-use. The same capability that lets Mythos find a critical bug in Firefox lets it weaponize that bug into a working exploit. Both sides of the line are now within the model's reach.
The concrete findings that made experts nervous:
- Mythos discovered critical flaws in every widely used operating system and web browser tested.
- It found bugs ranging from 16 to 27 years old in heavily audited codebases — meaning code that had been reviewed by humans for decades still contained exploitable issues a model could surface in hours.
- Over 99% of vulnerabilities discovered during testing remained unpatched at the time of disclosure. The asymmetry isn't finding bugs — it's patching them at the rate Mythos finds them.
- In one test, Mythos took over a simulated corporate network in 3 of 10 attempts. Multistep attacks that typically require weeks of expert work were completed overnight.
- Against Mozilla Firefox specifically, the model identified 271 vulnerabilities and produced working exploits for 181 of them.
That said, the cybersecurity research community has been measured in its response. Mohammad Ahmad, a cybersecurity researcher quoted in The Conversation, argued Mythos represents acceleration rather than innovation: the vulnerabilities it finds are mostly variations of well-understood bug classes, and the procedures it uses — scanning, pattern identification, exploit testing — are the same ones offensive security professionals already follow. The model's edge is speed, not new ideas.
Ciaran Martin, the former CEO of the UK National Cyber Security Centre, captured the consensus view: "It's a big deal, but it's unlikely to prove to be the end of the world." Peter Swire noted that "a large fraction of the cybersecurity professors believe this is pretty much what was expected."
One caveat worth keeping in mind: the UK AISI assessment that produced the 73% number was conducted against deliberately weakened software defenses lacking real-world protections. One expert compared it to "a soccer forward scoring a goal against the world's worst goalkeeper." The headline number is real, but the operating environment was favorable.
Why did Anthropic withhold Mythos from public release?
Anthropic's reasoning, as laid out in the April 7 post, comes down to a defender-first deployment policy. The argument runs like this:
- A model with Mythos's capabilities will exist publicly within twelve to eighteen months — if not from Anthropic, then from a competitor or an open-weights release.
- If that capability arrives evenly to attackers and defenders simultaneously, defenders lose. Defenders have to be right every time; attackers only need to be right once.
- Therefore the responsible move is to give defenders a head start. Ship the model first to organizations that maintain critical infrastructure. Let them patch the worst issues before the same capability lands in adversaries' hands.
Project Glasswing is the operational expression of that thesis. The partners get exclusive access; they share findings with the broader industry; the patches go out before the capability becomes commodity. Anthropic also built specific safeguards into the program: professional security contractors validate bug reports, and the company uses SHA-3 cryptographic commitments to prove vulnerability possession without revealing details prematurely.
The framing is consistent with Anthropic's broader Responsible Scaling Policy, which commits to gating deployment of models that cross specific capability thresholds. Mythos is the first model the company has classified at a level where general availability would create more risk than it offsets.
What does Mythos mean for developers building on Claude today?
The honest answer: in the short term, very little. You can't call Mythos, you can't fine-tune it, you can't get on a waitlist as an individual developer. If you're shipping product on Claude, your stack is Opus 4.7 and Sonnet 4.6 for the foreseeable future.
Where Mythos does matter for your roadmap:
- Security posture review. If your product touches critical infrastructure or holds sensitive data, the Glasswing findings imply your dependencies have unpatched issues. Assume your open-source supply chain has been scanned by something Mythos-class; budget for patch turnaround.
- Capability forecasting. The Mythos benchmarks are a leading indicator of what the next public Opus release will be able to do. Anthropic explicitly states it "plans to develop safeguards for eventual Claude Opus releases" — meaning the capability will eventually ship behind guardrails.
- Hiring and team composition. Senior engineers who can validate AI-generated security findings, triage bug reports at volume, and integrate model-discovered issues into existing disclosure workflows are now in shorter supply than they were three months ago.
- Procurement. If you sell software to Glasswing partners or their downstream customers, expect questions about your own vulnerability-disclosure process. The bar is moving.
For most teams, the right move is to keep building on the public Opus 4.7 surface and treat Mythos as a signal about what's six to twelve months away rather than a tool to plan around today.
When will the public get access to Mythos?
Anthropic has not committed to a public release date. The official line is that Mythos Preview will remain restricted to Project Glasswing partners, and that the company is developing safeguards for eventual public Claude releases that will incorporate Mythos-class capabilities.
Realistically, there are three paths the capability could reach broader availability:
- A safeguarded Opus successor. The most likely path. Anthropic adds usage monitoring, refusal policies for offensive-security prompts, and rate limits, then ships the underlying capability in a future Opus release. This is the route the April 7 post hints at.
- Continued limited-access expansion. Glasswing already grew from 12 launch partners to roughly 50 organizations. Further expansion to additional categories of defender (government agencies, academic security researchers, larger enterprises) is plausible without a true public launch.
- Competitive pressure. If OpenAI, Google, or an open-weights project releases comparable capabilities publicly, Anthropic's withholding becomes harder to justify. The model's public release timeline is partly a function of what the rest of the field does.
None of those paths has a published date. The most honest answer to "when will I get Mythos?" is: you won't get this exact model. You'll eventually get a successor that carries similar capabilities under tighter deployment controls.
How does Mythos fit Anthropic's overall roadmap?
Step back from Mythos specifically and the broader arc clarifies. Anthropic has been running two parallel tracks: a public release cadence (Sonnet, then Opus) and an internal frontier track that occasionally surfaces as a research preview.
The 2025-2026 sequence looks like this:
- Sonnet 4.6 — the workhorse, optimized for cost and latency, default for agentic coding
- Opus 4.6 — the previous flagship; still good at finding bugs, weak at exploiting them
- Opus 4.7 — the current public flagship; meaningful improvements on long-horizon agentic tasks
- Mythos Preview — the frontier; held back; deployed via Glasswing
The pattern is that public releases stay roughly one generation behind the internal frontier. That gap is closing in capability terms but widening in deployment terms — Anthropic seems more willing to acknowledge what it has built without shipping it. Mythos is the first model where that gap was made explicit policy rather than left implicit.
For Codersera's view on how this affects technical hiring and team design, the practical takeaway is that the senior-engineer capability ceiling is moving up faster than the public model surface suggests. Teams that calibrate their AI strategy purely against what they can call via API are working with stale information.
Frequently asked questions
Is Anthropic Mythos available to the public?
No. Mythos Preview is restricted to Project Glasswing participants — roughly fifty organizations that maintain critical software infrastructure. Anthropic has stated it does not plan to make Mythos generally available. The capability will likely ship in a future Opus release with additional safeguards, but no date has been announced.
What was Mythos's score on the USAMO 2026?
Mythos scored 55.3 percentage points higher than Claude Opus 4.6 on the 2026 USA Mathematical Olympiad (Mythos 97.6% vs 42.3%). The 55.3-point gap is unusually large for a single generation and is one of the headline benchmarks in the April 7 announcement.
What is Project Glasswing?
Project Glasswing is Anthropic's limited-access deployment program for Mythos Preview. It launched April 7, 2026 with twelve partners — Amazon, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic — and has since expanded to roughly fifty organizations. Partners use the model for defensive vulnerability research and share findings with the broader industry.
How many vulnerabilities has Mythos found?
Anthropic's May 2026 initial-update post reported over 10,000 high- or critical-severity vulnerabilities discovered across partner software in the first month of Glasswing. Of those, 530 had been disclosed to maintainers and 75 patched with public advisories. The open-source true-positive rate on assessed findings was 90.6%.
Should I switch from Opus 4.7 to Mythos?
You can't. Mythos isn't available through the public Claude API, Bedrock, or Vertex AI for non-Glasswing customers. Opus 4.7 remains the right choice for production application development. Read our Claude Opus 4.7 complete guide for the publicly available frontier.
How does Mythos compare to GPT-5.5 and Gemini 3.1 Ultra?
Direct head-to-head benchmarks are limited because Mythos isn't in public testing pools. On math reasoning (USAMO 2026) and offensive security (UK AISI evaluation), Mythos is ahead of where any publicly tested model sits in mid-2026. For general-purpose agentic coding, Opus 4.7 is the publicly available comparison point and is broadly competitive with GPT-5.5 and Gemini 3.1 Ultra.
Why didn't Anthropic release Mythos publicly?
Anthropic's stated reason is responsible deployment. The model's ability to find and exploit software vulnerabilities outstrips most human experts, and a broad public release would arm attackers and defenders simultaneously. Because defenders have to succeed perpetually while attackers need only one success, Anthropic chose to give defenders a head start through Glasswing.
What does Mythos cost?
Inside Project Glasswing, Mythos Preview is priced at $25 per million input tokens and $125 per million output tokens. It is accessible via the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry — but only to authorized Glasswing participants. There is no public pricing because there is no public access.
What's the codename "Capybara" about?
Capybara was reportedly Mythos's internal codename. Fragments leaked in a data-security incident before the official announcement, which is why the model surfaced briefly in early-2026 reporting under that name. Anthropic confirmed the connection when it published the Mythos Preview post on April 7, 2026.
Will Mythos's capabilities show up in future Claude releases?
Anthropic has said it plans to develop safeguards for eventual Claude Opus releases that incorporate Mythos-class capabilities. The likely path is a safeguarded Opus successor with usage monitoring, refusal policies for offensive-security prompts, and rate limits — not a direct Mythos public launch. No release date has been announced.