Anthropic’s Claude Mythos AI model preview can find a 27-year-old vulnerability in OpenBSD, a 16-year-old exploit in FFmpeg that had survived five million automated scans without detection, and a multi-flaw chain in the Linux kernel. It can do all of this autonomously. And you cannot have access to it.

That restriction is deliberate. Anthropic announced on April 7, 2026 that Claude Mythos Preview was its most powerful model yet, outperforming every earlier Claude iteration on coding, reasoning, and cybersecurity benchmarks by margins that security practitioners are calling a generational leap. The company simultaneously announced that it would not be releasing the model publicly.

Instead, Mythos has been reserved for a closed network of 11 founding partners and over 40 additional vetted organizations under a new initiative called Project Glasswing. The logic is straightforward and the stakes are extraordinary: a model this capable in the hands of the wrong actor could automate exploitation of critical infrastructure at a scale and speed that no human security team could outrun.

This analysis breaks down what Mythos actually is, what the benchmarks reveal, how Project Glasswing is structured, who already has access, and what every CISO, CTO, and security engineer needs to do before the end of 2026 regardless of whether they ever get near the model.

What is the Anthropic Mythos AI Model Preview?

Claude Mythos Preview is Anthropic’s description of it as “the most powerful AI model we’ve ever developed.” It supersedes Claude Opus 4.6 as Anthropic’s flagship frontier model and was developed with a specific focus on advanced code reasoning, agentic workflows, and cybersecurity vulnerability discovery.

The model operates autonomously across multi-step technical tasks. It can be given a codebase, binaries, or a system specification and it will scan for weaknesses, generate exploit proof-of-concept code, and propose patches without requiring a human to guide each step. That level of agentic capability distinguishes Mythos from earlier language models that could discuss security topics but could not execute against them.

Anthropic first began using Mythos internally in large-scale vulnerability hunts before the April announcement. The results were significant enough to warrant both a formal partner program and a decision not to release the model to the public. According to the Project Glasswing announcement, Mythos has already identified thousands of high-severity vulnerabilities across every major operating system and web browser. Those findings have been reported to software maintainers in a coordinated disclosure process.

The model carries an internal codename of “Capybara” according to community tracking, and details about its architecture first became public in March 2026 through a content management system misconfiguration that exposed pre-release documentation. The official announcement in April aligned with that leaked framing.

Benchmark Dominance: The Numbers Behind the Hype

Vendor benchmark claims deserve scrutiny, and Anthropic’s case for Mythos rests on a suite of evaluations that covers coding, cybersecurity, general reasoning, and agentic task performance. The numbers, drawn from Anthropic’s Glasswing announcement and confirmed by the Mythos system card summary at NxCode, represent double-digit gains over the previous flagship in most categories.

Benchmark	Mythos Preview	Claude Opus 4.6	Delta
CyberGym (vulnerability reproduction)	83.1%	66.6%	+16.5 pts
SWE-bench Verified	93.9%	80.8%	+13.1 pts
SWE-bench Pro	77.8%	53.4%	+24.4 pts
Terminal-Bench 2.0	82.0%	65.4%	+16.6 pts
SWE-bench Multimodal	59.0%	27.1%	+31.9 pts
GPQA Diamond	94.6%	91.3%	+3.3 pts
Humanity’s Last Exam (no tools)	56.8%	40.0%	+16.8 pts
USAMO 2026	97.6%	N/A	New benchmark
BrowseComp (4.9x fewer tokens)	86.9%	83.7%	+3.2 pts
OSWorld-Verified	79.6%	72.7%	+6.9 pts

The most striking figures are in the coding categories. The 31-point lead on SWE-bench Multimodal and the 24-point jump on SWE-bench Pro reflect Mythos’s capacity to understand and act on code at a level that earlier models could approximate but not reliably execute. SWE-bench Pro targets professional-grade software engineering tasks, which maps more directly to real security work than sanitized benchmark conditions.

The CyberGym score deserves attention specifically because it measures vulnerability reproduction rather than theoretical knowledge. A score of 83.1% means that in four out of every five cases, Mythos was able to independently reproduce a known vulnerability from minimal starting information. At Opus 4.6’s 66.6%, that figure was already impressive for an AI system. The Mythos gap represents a fundamentally different operational posture.

These benchmarks were run by Anthropic on its own infrastructure, which means independent replication has not yet occurred. That is a legitimate methodological caveat. But the case studies accompanying the Glasswing announcement, including the 27-year OpenBSD bug and the 16-year FFmpeg vulnerability, provide concrete evidence beyond benchmark scores. The FFmpeg flaw in particular had survived five million automated scans by existing tools without being flagged.

Project Glasswing and the Partner Coalition

Project Glasswing is the governance structure Anthropic built around Mythos to enable defensive use while limiting offensive exposure. Named after a transparent-winged butterfly, it functions as a vetted-access program that grants qualifying organizations the ability to run Mythos against their own codebases and infrastructure.

The 11 founding partners represent a cross-section of the technology and critical infrastructure landscape:

Beyond those 11, more than 40 additional organizations that build or maintain critical software have received access for scanning their own first-party and open-source code. Anthropic has also committed up to $100 million in Mythos usage credits for Glasswing participants and $4 million in direct financial support to open-source security organizations, including $2.5 million to Alpha-Omega and the OpenSSF through the Linux Foundation, and $1.5 million to the Apache Software Foundation.

Partners can access Mythos through four channels: the Claude API directly, Google Cloud Vertex AI, Amazon Bedrock, and Microsoft Azure Foundry. After the credit period ends, pricing is set at $25 per million input tokens and $125 per million output tokens. Anthropic has committed to publishing a formal progress report within 90 days, covering vulnerabilities fixed and security improvements that can be publicly disclosed.

Why Anthropic Is Keeping Mythos Locked Down

The decision not to release Mythos publicly is not primarily a product strategy. It reflects a specific risk calculation that Anthropic describes explicitly in the Glasswing documentation: a model this capable at finding and exploiting software vulnerabilities is also a model that attackers would pay to access.

The threat model is not abstract. If a nation-state or ransomware syndicate had access to Mythos-class capabilities, they could automate zero-day discovery across widely deployed infrastructure at a scale that currently requires teams of elite researchers months to replicate manually. The FFmpeg vulnerability that survived 16 years of human and automated scanning is precisely the kind of target that AI-accelerated offense would identify faster than defenders could patch.

Anthropic’s Dianna Penn, Research Product Management Lead, described the decision to CNBC as “a preliminary move to provide numerous cyber defenders with an advantage on a subject that will grow increasingly vital.” That framing matters. The restriction is presented as temporary. Anthropic has indicated it is working on model-level safeguards that would allow a future Opus-class model to incorporate Mythos-level capabilities with guardrails sufficient to permit broader deployment.

What Anthropic is not doing is pretending that access controls alone solve the problem. The company acknowledged in its system card that Mythos presents a risk profile it considers too high for general release under current safety frameworks. That admission is more candid than typical vendor safety language and suggests that the internal debate about releasing the model was significant.

There is also an arms race logic buried in Glasswing’s structure. If defenders do not have access to the best available AI tools, attackers with equivalent or near-equivalent capabilities will find vulnerabilities faster than they can be patched. The partner coalition represents Anthropic’s attempt to get the most capable defenders access to the most capable tools before that gap opens.

The Enterprise Adoption Roadmap: A Five-Step Framework

Most enterprises are not in the Glasswing partner list. That creates a strategic planning question: what should you actually do now, and what should you be prepared for when Mythos-class capabilities become more broadly available?

Before any of the above steps, verify these prerequisites:

• Complete inventory of critical software assets and open-source dependencies
• Existing vulnerability management process with ticketing and SLA structures
• Data-sharing agreements that permit code analysis by external AI services
• IAM policies and network segmentation capable of sandboxing AI model access
• Legal and compliance review completed, especially for finance, healthcare, and energy environments
• Executive alignment on AI-augmented security as a budget priority for 2026

Risk Matrix: What Could Go Wrong

The “defense-first” framing of Project Glasswing is a policy choice, not a technical guarantee. Four risk categories deserve serious planning attention.

Who It Affects and What They Should Do

The Mythos announcement touches every major stakeholder in the enterprise technology stack differently. The action items are not uniform.

Stakeholder	Immediate impact	Key decision in 2026	Risk of inaction
CISO / CTO	New frontier defensive capability; AI-accelerated threats regardless of access	Whether to pursue Glasswing access and restructure vuln management budget	Increased breach risk from AI-enabled attackers
Security engineers	Access to autonomous vuln discovery that outperforms existing tooling	How to integrate safely into workflows and maintain human oversight	Tool sprawl, misuse, and missed efficiency gains
Cloud / platform teams	Need to offer Mythos-level capabilities through managed platforms	Investment in AI-augmented security product offerings	Competitive loss to providers with better AI-security integration
Open-source maintainers	New funding and AI tooling for security without requiring large security teams	Whether to apply for Glasswing access via Linux Foundation or Apache programs	Continued under-resourced security in widely deployed packages
Policymakers and regulators	Concrete evidence of dual-use danger from frontier models	How to classify, oversee, and export-control Mythos-class capabilities	Regulatory lag and uncoordinated national responses to AI-aided attacks

For open-source maintainers specifically, the Linux Foundation’s Jim Zemlin framed the Glasswing funding as a structural shift: AI-augmented security as “a trusted sidekick for every maintainer, not just those who can afford expensive security teams.” The $2.5 million directed to Alpha-Omega and OpenSSF signals that Anthropic is treating the open-source supply chain as a specific attack surface that requires dedicated attention, which aligns with the FFmpeg and Linux kernel findings. These are libraries that underpin billions of deployments.

For NeuralWired readers who are early-stage founders or investors, the Glasswing structure points toward an emerging category that might be called defensive AI as a platform: the combination of AI-powered vulnerability discovery, automated patch generation, and continuous CI/CD security scanning as a unified product layer. The companies that build on top of Mythos outputs, including automated patch pipelines, attack surface intelligence feeds, and compliance verification tools, represent a significant market opportunity that is only beginning to take shape. For further context on AI investment patterns in 2026, see our AI investment landscape report.

The Skeptics Are Not Wrong

The “defense-only” framing around Mythos should be treated as a current policy position, not a permanent technical guarantee. Several lines of criticism deserve attention before any organization makes strategic decisions based on Anthropic’s assurances.

First, the leakage risk is real and has already occurred once. The March 2026 CMS misconfiguration that exposed Mythos documentation demonstrates that even well-resourced AI companies are not immune to the operational security failures that enable competitive intelligence and capability replication. If the architecture or training methodology behind Mythos-class vulnerability discovery becomes sufficiently well understood, competitive replication by less safety-conscious actors is plausible within two to three years.

Second, the benchmarks, while impressive, are vendor-run. Anthropic’s CyberGym, SWE-bench configurations, and Terminal-Bench evaluations are conducted on internal infrastructure with internal filtering. Independent replication has not yet occurred. That is not a reason to dismiss the findings, particularly given the case study evidence of specific, patched vulnerabilities. But it is a reason to weight the absolute numbers less heavily than the directional signal they represent.

Third, the economic reality of Mythos deployment may constrain its reach more than Anthropic’s access controls do. At $25 per million input tokens and $125 per million output tokens, scanning a large enterprise codebase continuously at the level required to capture long-lived vulnerabilities before attackers do could become expensive quickly. Organizations that lack the engineering maturity to integrate AI scanning into CI/CD pipelines will not realize the value, regardless of access.

Finally, community discussion in spaces like r/Anthropic has raised alignment concerns about a model with Mythos-level offensive capability that is deliberately kept from broad safety review. The 244-page system card indicates Anthropic’s internal risk assessment is thorough. Whether it is sufficient is a question that independent researchers and regulators will need to answer over time.

None of these objections invalidate the core strategic reality: AI-accelerated exploitation is coming regardless of what Anthropic does with Mythos. The question for every security-conscious organization is not whether to engage with AI-augmented defense. It is how to do so without creating new vulnerabilities in the process. For a broader view of how AI is changing the threat landscape, see our ongoing coverage at NeuralWired Cybersecurity.

The realistic timeline runs roughly as follows. From 2026 through 2027, Mythos remains restricted to the Glasswing coalition while Anthropic develops the model-level safeguards intended to enable a broader Opus-class release. From 2027 through 2028, Mythos-level capabilities, whether from Anthropic or from competitive models, will become more widely available with better governance frameworks. Over a five to ten year horizon, AI-augmented vulnerability discovery becomes standard in large enterprises and the offense-defense balance shifts to whoever deploys these capabilities more effectively and more responsibly.

What the Glasswing Moment Actually Means

The pattern across what Anthropic has revealed about the Anthropic Mythos AI model preview points to a more significant structural shift than a single model announcement. The combination of autonomous vulnerability discovery, agentic code analysis, and cross-industry partner governance represents the first serious attempt to operationalize frontier AI as critical security infrastructure rather than as a productivity layer. The distinction matters enormously for how organizations plan, budget, and staff their security functions over the next three years.

Anthropic’s choice to restrict Mythos rather than release it broadly is not a setback for defenders. It is a recognition that the offense-defense balance in AI-augmented security is genuinely fragile and that deploying the most capable tools requires proportionally capable governance. Every organization that waits for the public release before engaging with this question will find itself two or three cycles behind when that release arrives.

Watch for three developments that will define the next phase. First, Anthropic’s 90-day Glasswing progress report, which will be the first empirical evidence of what Mythos deployment at scale actually produces in terms of patched vulnerabilities and prevented exposure. Second, competitive responses from OpenAI, Google DeepMind, and open-source model developers, who will face pressure to match Mythos-class capability in their own security-oriented offerings. Third, the regulatory response in the United States and European Union to the category of intentionally withheld frontier models, which will shape how future access restrictions are governed and what disclosure obligations apply.

Organizations that build the governance infrastructure, vendor relationships, and internal competency to work with AI-augmented security tools now, before the market matures and the regulatory environment solidifies, will hold a durable advantage. Those that treat Glasswing as a story to monitor rather than a signal to act on will find themselves reacting rather than leading when the next wave arrives.

For more on how frontier AI models are reshaping enterprise risk frameworks, see the NeuralWired Enterprise AI Risk series and subscribe to The Neural Loop for weekly frontier intelligence delivered to your inbox.