Claude Mythos Preview explained: what it is, why Anthropic limits access, and what it means for you

Anthropic took an unusual step this spring. On April 7, 2026 the company announced Claude Mythos Preview, the most capable frontier model it has built, and put it inside a limited-access program called Project Glasswing. No public chat, no public API. This article walks through what Mythos is, why the rollout looks different, what independent researchers have measured so far, and what it means in practice.

What Mythos Preview is

Claude Mythos Preview is a general-purpose frontier model from Anthropic, positioned a tier above the Opus 4.6 and 4.7 family. Its internal codename during development was Capybara. The design focus is advanced reasoning, planning, code generation, and autonomous tool use, the kind of capabilities you already see in Opus 4.7 pushed a step further.

A few headline numbers from Anthropic's published evaluations: roughly 93.9 percent on SWE-bench Verified, around 97.6 percent on USAMO 2026, about 83 percent on CyberGym, and 100 percent on Cybench. The accompanying model card is 244 pages long, which is unusual for a model that is not generally available.

Why Anthropic chose a controlled release

During internal testing Mythos showed a striking emergent talent. Given a target codebase and asked to look for issues, the model could autonomously locate serious software vulnerabilities. Anthropic reports findings in every major operating system and browser, including a remote code execution bug in FreeBSD NFS (CVE-2026-4747) that had been hiding in the code for about 17 years.

The official position is straightforward. Anthropic does not plan to make Mythos Preview generally available because the company first wants stronger safeguards in place to detect and block the most dangerous outputs. That fits the cautious, transparent style Anthropic has used from the start, and it ties directly into the Responsible Scaling Policy the company has run since 2023.

Project Glasswing in plain words

Glasswing is the program through which Mythos reaches a small set of organisations doing defensive security work. Twelve launch partners are involved: AWS, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Around forty additional organisations have follow-on access.

On top of that, Anthropic committed up to 100 million dollars in usage credits for Mythos work through Glasswing, plus 4 million dollars in direct donations to open-source security, including 2.5 million to Alpha-Omega via the Linux Foundation and 1.5 million to the Apache Software Foundation. Partner pricing sits around 25 dollars per million input tokens and 125 dollars per million output tokens.

What independent testing has shown

The UK AI Security Institute (AISI) ran its own evaluation and reported that on expert-level cyber tasks that no model could complete before April 2025, Mythos Preview succeeds 73 percent of the time. AISI also flagged an important caveat: the test environments did not include modern enterprise defences or active defenders. So Mythos is strong on offence in lab conditions and less proven against hardened, monitored production systems.

Other groups have added nuance. AISLE replicated several of the vulnerability findings with smaller open-weight models, showing that the broader ecosystem is catching up fast. Confirmed CVE counts in independent tallies have so far been in the dozens rather than the thousands. Bruce Schneier and David Lie wrote in The Globe and Mail that long-term security tends to come from openness rather than secrecy. None of that takes away the underlying capability, it simply puts a realistic ceiling on the more dramatic phrasing.

How this fits Anthropic's safety policy

Anthropic has run a Responsible Scaling Policy since September 2023, with AI Safety Levels from ASL-1 to ASL-5. Claude Opus 4 launched under ASL-3 in May 2025 because of CBRN concerns. Mythos sits inside Glasswing while Anthropic builds the next layer of safeguards. The decision to publish a 244 page model card for a model that is not on general release is itself a notable transparency move.

What the European discussion looks like

The European Parliament held a hearing on May 6, 2026 to discuss Mythos and its access policy. Members from several political families asked questions about what controlled access means for European institutions, infrastructure, and critical software. The Dutch National Cyber Security Centre published guidance recommending shorter reaction times, faster patch cycles, and stronger baseline cyber hygiene right now rather than later.

Practical takeaways for everyone else

You will not be using Mythos directly any time soon, and you do not need to. The useful moves are the same ones good security teams already recommend. Keep your operating system and browser fully patched. Watch the CVE feeds that touch your stack and apply fixes quickly. Treat the working assumption that defenders will eventually have the same class of tools as attackers as a planning baseline. And for daily cowork, keep using Claude Opus 4.7, which carries the same safety philosophy in a fully available form.

A moving story

The picture is still evolving. Bloomberg reported a third-party vendor incident on April 21, 2026 that briefly exposed Mythos through an external environment, which Anthropic confirmed it was investigating. Mozilla has published findings that Mythos surfaced 271 issues in Firefox, some latent for years. The Pentagon CTO has confirmed defensive use, and Anthropic continues to negotiate access conditions with public institutions. Expect more updates over the coming months.

Bottom line

Mythos Preview is real, it is powerful, and Anthropic chose a careful release path that fits its Responsible Scaling Policy. Some of the surrounding rhetoric is bigger than the proof so far, and that nuance is worth carrying with you. For Claude Cowork users the takeaway is reassuring: the same lab that built the everyday Claude you work with also took the slower route on its strongest model, and the practical safety habits that protect you against any advanced attacker are the same ones that have always mattered.