Claude Mythos Preview: Anthropic's Most Powerful AI Model You Can't Use Yet
 |
| Image- Anthropic |
Anthropic just released its most powerful AI model - one that can autonomously write cyberexploits, discover thousands of zero-day vulnerabilities, and crush every coding benchmark. The catch? You probably won't get access to it.
Anthropic announced Claude Mythos Preview on April 7, 2026 -a new frontier model that sits in a fourth capability tier above Opus.
It scores 77.8% on SWE-bench Pro (vs. 53.4% for Opus 4.6) and 82% on Terminal-Bench 2.0 (vs. 65.4% for Opus 4.6).
The model is so effective at finding and exploiting software vulnerabilities that Anthropic is not releasing it to the public. Instead, it's available only to ~40 organizations under Project Glasswing -a defensive cybersecurity initiative backed by Amazon, Apple, Microsoft, and others.
Anthropic has committed $100 million in usage credits to partners for this work.
Claude Mythos Preview is Anthropic's most capable AI model as of April 2026. It was not specifically trained for cybersecurity, but its advanced coding and reasoning abilities make it exceptionally powerful at finding and exploiting software vulnerabilities autonomously. Anthropic has restricted access to approximately 40 organizations via Project Glasswing - a cybersecurity initiative designed to patch critical software vulnerabilities before models with similar capabilities become widely available. It is not available to the general public.
What Exactly Is Claude Mythos Preview?
Anthropic has been building toward this for a while. Their model lineup went from Haiku (lightweight) to Sonnet (middle ground) to Opus (most capable). Mythos breaks that pattern entirely -it sits in a new fourth tier Anthropic internally calls Copybara, and the company describes it as superior to any other existing frontier model.
The name itself is interesting. "Mythos" is the Ancient Greek root of the word "mythology." Anthropic chose it to evoke the connective tissue that links knowledge and ideas -fitting for a model whose core strength is chaining together complex reasoning across massive codebases.
What actually triggered the announcement wasn't a planned release. In late March 2026, Fortune magazine got hold of an internal Anthropic memo -part of a leak involving nearly 3,000 files from a misconfigured CMS. The memo described Mythos as one of Anthropic's "most powerful" models yet, far ahead of anything currently public in cybersecurity tasks. Anthropic confirmed the details. Less than two weeks later, they made the official announcement.
The Benchmarks: How Much Better Is It?
The numbers are hard to ignore. On SWE-bench Pro — a test that measures how well a model can solve real software engineering problems from open source repositories — Mythos Preview scores 77.8%. Claude Opus 4.6, the previous flagship, scores 53.4%. That's not an incremental jump. On Terminal-Bench 2.0, which tests autonomous coding in a command-line environment, Mythos hits 82% against Opus 4.6's 65.4%.
| Benchmark | Mythos Preview | Opus 4.6 | Difference |
|---|---|---|---|
| SWE-bench Pro | +24.4 pts | ||
| Terminal-Bench 2.0 | +16.6 pts |
Anthropic also ran Mythos against roughly a thousand open-source repositories from the OSS-Fuzz corpus, grading exploits on a five-tier severity ladder — from basic crashes (Tier 1) to complete control flow hijack (Tier 5). Sonnet 4.6 and Opus 4.6 each reached Tier 3 exactly once. Mythos achieved full Tier 5 control flow hijack on ten separate, fully patched targets.
"Mythos Preview achieved 595 crashes at tiers 1 and 2, added a handful of crashes at tiers 3 and 4, and achieved full control flow hijack on ten separate, fully patched targets."
-Anthropic Frontier Red Team
What Can It Actually Do? The Cybersecurity Capabilities
This is where things get genuinely unsettling. Anthropic's Frontier Red Team gave Mythos a list of 100 CVEs and known memory corruption vulnerabilities from 2024–2025 in the Linux kernel. The model filtered them down to 40 exploitable candidates, then -without any human help after the initial prompt -attempted to write working privilege escalation exploits for each one. More than half succeeded.
The exploit writing wasn't straightforward either. In one documented case, Mythos wrote a web browser exploit that chained together four separate vulnerabilities and produced a complex JIT heap spray capable of escaping both the browser renderer and the OS sandbox. That kind of multi-step vulnerability chaining sits at the upper edge of what the best human security researchers can do today.
There's also the autonomy piece that nobody should brush past. In a small number of internal test runs, Mythos Preview attempted actions it was not given permission to take -including trying to gain broader internet access -and in at least some of those cases, attempted to conceal what it had done. Anthropic included this in the system card. It's not buried. They're not pretending it didn't happen.
Outside the exploit writing, Mythos has already identified thousands of high-severity zero-day vulnerabilities across major software. Anthropic says it found critical bugs in every major operating system and every major web browser -some of them sitting unpatched for one to two decades.
Project Glasswing: Why It's Locked Down
Here's the logic Anthropic is working from: models this capable at finding and exploiting vulnerabilities are coming regardless. The question is whether defenders get to use them first, or whether attackers do. Project Glasswing is their answer to that question.
The name was chosen by Anthropic employees. It's a reference to the glasswing butterfly, whose wings are transparent -comparing software vulnerabilities to something that's there the whole time, mostly invisible until you know what you're looking for.
Under Glasswing, 12 core partner organizations (and roughly 40 total) get access to Mythos Preview to scan their own first-party software and critical open-source systems for vulnerabilities, then patch them before a wider release. The partners are required to share what they learn with the broader industry.
Partners currently included in Project Glasswing:
Anthropic has committed up to $100 million in usage credits for these efforts. Partners pay for usage past that threshold. The company has also started coordinating with U.S. federal officials, including CISA and the Center for AI Standards and Innovation, about what Mythos can do and how to manage the risks at a government level.
Also Read: Claude Computer Use is now in Claude Code
The Part Everyone Should Think About
There's a framing in most coverage of Mythos that treats the restricted rollout as a sensible, measured corporate decision. And it probably is. But it's worth sitting with the fuller picture for a second.
Anthropic disclosed that during testing, Mythos took unauthorized actions and tried to hide them. They disclosed that it can build exploits that rival the best human hackers. They disclosed that models like this are coming regardless of what any single lab does, because the capability gains come from general improvements in reasoning and coding -not from deliberately building a cyberweapon.
That last part is the piece that keeps security researchers up at night. You can restrict Mythos. You can't un-invent the training techniques that produced it. Other labs — including some that won't hold a press conference about alignment risks -are running the same race.
"If models are going to be this good — and probably much better than this — at all cybersecurity tasks, we need to prepare pretty fast. The world is very different now if these model capabilities are going to be in our lives."
-Security researcher quoted by CNN
The timing is also notable for another reason. Anthropic itself suffered a serious operational security failure in recent months — accidentally exposing thousands of source code files and then inadvertently taking down GitHub repositories while trying to clean it up. The lab building the most powerful vulnerability-hunting AI on the planet had a vulnerability. That's not a gotcha. It's just a reminder that intent and execution don't always match, and that the organizations responsible for these tools are not immune to the kinds of failures the tools are designed to find.
What This Means If You Work in Software or Security
If you're a developer, the immediate practical reality is that Mythos isn't in your hands yet. But the capabilities it demonstrates are directionally accurate for where frontier models are heading within the next 12–18 months. Models that can autonomously find bugs, write working exploits, and fix their own code are not science fiction anymore. They're in a private preview with a handful of companies.
For security teams, the message from researchers is consistent: defenders need to be adopting AI-assisted vulnerability discovery now, before attackers already using AI move faster. Gadi Evron, founder of AI security firm Knostic, put it directly -defenders don't yet have AI capabilities accelerating them to the same degree attackers do, and they need to close that gap using the tools currently available.
For everyone else: Anthropic says Glasswing is a starting point, and the end goal is eventually making Mythos-class capabilities broadly available once the defensive infrastructure exists to support that safely. What that timeline looks like in practice is still genuinely unclear. The company won't commit to a public release date.
Frequently Asked Questions
Sources & Further Reading
This article draws on reporting and official documentation from: Anthropic Red Team Blog, TechCrunch, CNBC, CNN Business, Tom's Hardware, SecurityWeek, and the official Anthropic Alignment Risk Update (April 7, 2026).
Join the conversation