Claude Mythos Preview is Anthropic's gated frontier model for advanced coding and cybersecurity work. It is being used inside Project Glasswing to help trusted defenders find, verify and patch serious software vulnerabilities before similarly capable AI systems become widely available to attackers.
Quick Answer: What Is Claude Mythos?
Claude Mythos Preview is not a public chatbot. It is an unreleased, general-purpose Anthropic frontier model with unusually strong software security capability. Anthropic and selected partners are using it defensively to analyse critical codebases, identify vulnerability candidates, construct proof paths, and accelerate remediation through Project Glasswing.
| Question | Short answer |
|---|---|
| What is it? | A gated Anthropic frontier model preview focused on high-end coding and cyber reasoning. |
| Is it public? | No. Anthropic describes it as unreleased and available through a controlled research preview for Project Glasswing participants. |
| What does it do? | It reads complex code, finds vulnerability candidates, reasons about exploitability, and helps defenders prioritise fixes. |
| Why does it matter? | It suggests frontier AI can shift vulnerability discovery from scarce expert labour to high-scale automated analysis. |
| Biggest caveat | Finding flaws is now easier than verifying, disclosing, patching and safely deploying fixes. |
Claude Mythos in Plain English
A practical way to define Claude Mythos is this: it is a powerful AI security researcher in model form, currently restricted to selected defenders.
The important distinction is that Mythos is not just a scanner. Traditional static analysis tools usually look for known bug patterns. Mythos appears to combine several abilities that are valuable in real security research:
- It can read and reason about large, unfamiliar codebases.
- It can form hypotheses about where vulnerabilities may exist.
- It can evaluate whether a flaw is likely to be exploitable.
- It can produce proof artefacts for security teams to review.
- It can connect low-level bugs into more serious chains when the risk is real.
- It can help teams move from vague suspicion to actionable engineering work.
That combination is why Anthropic has treated Mythos as both a defensive opportunity and a safety concern. The same capability that helps a trusted maintainer harden software could also help an attacker find weaknesses faster if released without controls.
The Key Facts
| Fact | Verified detail | Why it matters |
|---|---|---|
| Model name | Claude Mythos Preview, also described by Anthropic as Mythos Preview | It is a preview model, not a general commercial Claude release. |
| Company | Anthropic | The work sits within Anthropic's frontier model and red-team programmes. |
| Programme | Project Glasswing | Glasswing is the defensive initiative that gives selected organisations access. |
| Access model | Gated research preview | Access is limited to launch partners and additional critical infrastructure organisations. |
| Launch partners | AWS, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks | The partner list shows the focus on systemically important infrastructure. |
| Additional participants | More than 40 organisations according to Anthropic's project page | The project extends beyond the named launch partners. |
| Credits committed | Up to US$100 million in usage credits | Anthropic is subsidising defensive use during the preview. |
| Open-source donations | US$4 million in direct donations | This recognises that open-source maintainers carry major security burden. |
| Price stated for participants | US$25 per million input tokens and US$125 per million output tokens | The preview is priced like a very high-end frontier model. |
| Stated channels | Claude API, Amazon Bedrock, Google Cloud Vertex AI and Microsoft Foundry | Anthropic indicates access through major enterprise AI platforms. |
What Project Glasswing Is Trying To Do
Project Glasswing is the container around Claude Mythos. Anthropic frames it as an attempt to secure critical software before advanced AI cyber capability diffuses more widely.
| Project Glasswing element | Description |
|---|---|
| Goal | Help defenders identify and fix serious vulnerabilities in critical software. |
| Rationale | Frontier AI is getting better at finding and exploiting software flaws, so defenders need early access to comparable capability. |
| Participants | Large platform companies, security firms, open-source organisations and critical software maintainers. |
| Method | Give selected teams access to Mythos Preview, collect lessons, and support coordinated remediation. |
| Public reporting limit | Many findings cannot be disclosed immediately because unpatched vulnerabilities would create risk for end users. |
| Success condition | Faster verification, coordinated disclosure, patching and adoption by users. |
The phrase that matters is defensive head start. Anthropic is betting that giving trusted maintainers access before broad release can reduce the number of latent vulnerabilities that attackers may later exploit.
What Claude Mythos Has Reportedly Found
Anthropic's May 2026 Project Glasswing update reported large early numbers. These figures should be read carefully because some are candidates, some are reviewed findings, and some are confirmed high or critical vulnerabilities.
| Metric | Reported figure | Source context |
|---|---|---|
| Total high or critical vulnerabilities found across Project Glasswing partners | More than 10,000 | Anthropic's one-month Glasswing update. |
| Open-source projects scanned by Anthropic | More than 1,000 | Anthropic's open-source scan programme. |
| Total open-source vulnerability candidates | 23,019 | Includes estimated low, medium, high and critical candidates. |
| Estimated high or critical open-source candidates | 6,202 | Model-estimated severity before complete external review. |
| High or critical candidates carefully assessed | 1,752 | Reviewed by six independent security research firms or Anthropic in a small number of cases. |
| Reviewed findings that were valid true positives | 1,587, or 90.6 per cent | Anthropic's reported post-triage validity rate for reviewed candidates. |
| Reviewed findings confirmed high or critical | 1,094, or 62.4 per cent of assessed candidates | Anthropic's reported high or critical confirmation result. |
| Projected confirmed high or critical findings from current candidates | Nearly 3,900 | Anthropic's projection using current post-triage rates. |
| Cloudflare findings | 2,000 bugs, including 400 high or critical | Reported by Anthropic and discussed by Cloudflare. |
| Mozilla Firefox hardening | 271 vulnerabilities found and fixed in Firefox 150 while testing Mythos Preview | Reported by Mozilla and cited by Anthropic. |
These numbers do not mean 23,019 proven emergency vulnerabilities. They mean Mythos produced a large pipeline of candidates, a significant subset has been reviewed, and the reviewed subset has produced unusually high true-positive and high-severity rates for this kind of work.
Why The Numbers Are Unusual
Most security programmes are constrained by expert time. A high-quality vulnerability report is not just a line of suspicious code. It needs reproduction, severity assessment, affected version analysis, patch design, disclosure handling and deployment.
Claude Mythos changes the first half of that equation:
- Discovery becomes much cheaper.
- Candidate volume increases sharply.
- Security teams receive more plausible leads.
- Verification and patching become the bottleneck.
- Organisations need better triage and coordinated disclosure processes.
| Old bottleneck | Mythos-era bottleneck |
|---|---|
| Finding enough vulnerability candidates | Sorting, verifying and safely disclosing many candidates. |
| Hiring enough elite exploit researchers | Pairing model output with trusted human review and engineering judgement. |
| Running narrow scanners against known patterns | Assessing model-generated chains that may combine multiple subtle weaknesses. |
| Writing isolated bug reports | Managing remediation across dependencies, downstream users and patch windows. |
This is the strategic point in Anthropic's update: software security may no longer be limited primarily by finding bugs. It may be limited by how quickly organisations can turn findings into safe fixes.
How Claude Mythos Works In A Defensive Workflow
Anthropic has not published a complete implementation blueprint for Mythos, and it should not reveal details that would help attackers. But the public descriptions show a rough workflow.
| Stage | What happens | Human role |
|---|---|---|
| Scope selection | A trusted team points Mythos at a codebase or security-relevant component. | Choose authorised targets and set safe boundaries. |
| Code analysis | Mythos reads source, architecture and behaviour to find suspicious paths. | Provide context and remove irrelevant areas. |
| Candidate generation | The model proposes vulnerability candidates and explains why they may matter. | Reject weak leads and prioritise plausible ones. |
| Proof work | The model may generate tests, triggers or proof artefacts to assess exploitability. | Validate safely in controlled environments. |
| Triage | Findings are rated by severity, exploitability and affected users. | Apply security judgement, product context and responsible disclosure rules. |
| Remediation | Engineers patch, test and release fixes. | Own the patch, release and customer communication. |
| Disclosure | Public details are delayed until users have a reasonable chance to update. | Coordinate with maintainers, vendors and affected ecosystems. |
The workflow only works if it is embedded inside a mature security organisation. Mythos may accelerate research, but it does not remove accountability from maintainers, security engineers or vendors.
What Makes Mythos Different From A Normal Vulnerability Scanner?
| Capability | Traditional scanner | Claude Mythos Preview |
|---|---|---|
| Pattern matching | Strong for known classes and signatures | Can reason beyond fixed signatures. |
| Codebase understanding | Usually local and rule based | Can analyse unfamiliar systems with broader context. |
| Exploitability reasoning | Often limited or heuristic | Reportedly stronger at judging whether a bug can be turned into a real chain. |
| Proof generation | Often requires a human researcher | Can produce proof artefacts in some controlled settings. |
| False positives | Can be high, especially for static analysis | Anthropic reports high true-positive rates on reviewed Mythos candidates, but those results are context-specific. |
| Safety risk | Mostly limited by tool permissions and rule design | Higher dual-use risk because advanced reasoning can assist offence as well as defence. |
The simplest interpretation is that Mythos sits closer to an autonomous security researcher than to a conventional scanner. That is powerful, but it also demands stricter access controls.
Why Anthropic Is Restricting Access
Anthropic's own red-team writing is clear that Mythos-class cyber capability is dual-use. In defensive hands, it can harden critical systems. In malicious hands, it can speed up vulnerability discovery and exploit development.
Reasons for restricted access include:
- Many findings are not patched yet.
- Publicly revealing detailed examples could put users at risk.
- Sophisticated exploit reasoning can be misused.
- The model may lower the expertise barrier for advanced vulnerability work.
- Safety controls need to be tested under real defensive use before broader release.
- Industry needs time to improve patch pipelines and coordinated disclosure.
| Risk | Control Anthropic appears to be using |
|---|---|
| Abuse by attackers | Gated preview rather than public release. |
| Harm from unpatched findings | Coordinated vulnerability disclosure and delayed technical detail. |
| Overwhelming maintainers | Partnering with major vendors and funding open-source security. |
| Misleading model output | External review by security firms and partner teams. |
| Public panic over raw counts | Aggregate reporting rather than full exploit disclosure. |
The Open-Source Security Problem
The open-source results are especially important because modern software depends on deep stacks of shared libraries. A flaw in one widely used component can affect products, cloud services, embedded devices and downstream applications.
Anthropic reported scans across more than 1,000 open-source projects. The point is not that open source is uniquely insecure. The point is that open source is uniquely systemic. It is everywhere, and many maintainers do not have security teams large enough to absorb a sudden influx of AI-generated findings.
| Open-source challenge | Why Mythos makes it more urgent |
|---|---|
| Maintainer capacity | AI can create more reports than volunteer teams can process. |
| Dependency reach | A single bug can propagate through many downstream systems. |
| Patch adoption | Fixing upstream code is not enough if users do not upgrade. |
| Disclosure timing | Too much detail too early can help attackers. |
| Funding | Security work is often underfunded despite huge public benefit. |
Anthropic's US$4 million donation commitment helps, but the larger lesson is structural: AI-assisted discovery will force the software ecosystem to invest more in triage, patch automation, dependency hygiene and maintainer support.
Claude Mythos Versus Other Claude Models
| Model or term | Public status | Cybersecurity role |
|---|---|---|
| Claude Mythos Preview | Gated, unreleased research preview | Advanced security research for authorised Project Glasswing participants. |
| Claude Opus 4.6 | Publicly referenced prior frontier model | Anthropic says prior models were useful for identifying and fixing issues, but weaker at autonomous exploitation than Mythos. |
| Claude Opus 4.7 and general public models | Generally available models with stronger safeguards | Useful for defensive coding and security support, but not the same as Mythos Preview. |
| Mythos-class models | Future capability category | A shorthand for models with similar or stronger cyber reasoning capability. |
This distinction matters for readers searching for access. If someone asks, "Can I use Claude Mythos?" the practical answer is: not as a normal consumer or developer product. It is a controlled preview for selected defensive work.
What It Means For Software Teams
Claude Mythos should push software leaders to assume that vulnerability discovery is accelerating. Even if they never touch Mythos directly, they should prepare for a world where AI finds bugs faster than traditional security programmes can handle.
Priority actions:
- Shorten patch cycles.
- Maintain accurate software bills of materials.
- Improve dependency update automation.
- Pre-approve emergency release paths.
- Invest in fuzzing, static analysis and human code review.
- Use AI defensively for patch explanation, test generation and secure coding assistance.
- Measure time from report to verified fix, not just number of reports closed.
| Team | What to do now |
|---|---|
| Product engineering | Treat security fixes as core reliability work, not backlog hygiene. |
| Security engineering | Build triage queues that can absorb more high-quality candidates. |
| Platform teams | Improve dependency visibility and automated rollout tooling. |
| Executives | Fund remediation capacity, not just discovery tools. |
| Open-source maintainers | Define disclosure contacts, security policies and release playbooks before a surge arrives. |
| Procurement teams | Ask vendors how quickly they can patch AI-discovered issues. |
What It Means For Frontier AI Labs
For frontier labs, Claude Mythos is a case study in responsible sequencing. When a model has strong cyber capability, the release question is not simply whether it performs well. It is who gets access, under what conditions, with what monitoring, and with what benefit to defenders.
| Release question | Why it matters |
|---|---|
| Who can access the model? | Broad access can increase defensive reach, but also misuse risk. |
| What safeguards apply? | Cyber policy controls must distinguish legitimate defence from harmful requests. |
| How are findings handled? | Vulnerability disclosure needs operational discipline and trusted reviewers. |
| Who benefits first? | Critical infrastructure and open-source maintainers may need priority access. |
| What gets published? | Public evidence is needed, but exploit details can be dangerous before patches land. |
The likely future is not a simple public launch. It is tiered access, auditable use, partner programmes and stronger evaluation standards for offensive cyber capability.
Limitations And Uncertainties
The public evidence is substantial, but not complete. Responsible analysis should separate verified facts from open questions.
| Area | What is known | What remains uncertain |
|---|---|---|
| Performance | Anthropic reports high true-positive rates for reviewed open-source candidates. | Results may vary by codebase, language, harness and reviewer process. |
| Safety | Access is gated and findings are disclosed carefully. | The long-term release model for Mythos-class systems is not settled. |
| Productivity | Partners report large increases in bug-finding rates. | The net remediation speed depends on human triage and patch capacity. |
| Severity | Over 1,000 reviewed findings were confirmed high or critical. | Many candidates remain under review, so final totals may differ. |
| Reproducibility | Independent partners such as Cloudflare and Mozilla have described useful results. | Public details are intentionally limited until fixes are deployed. |
| Economic impact | Discovery cost is falling. | The cost of verification, engineering and user patch adoption may rise. |
Risks If The Industry Gets This Wrong
The main danger is not that AI finds bugs. Finding bugs is useful. The danger is an imbalance between discovery and repair.
- Attackers may use similar models to discover flaws in unpatched systems.
- Maintainers may be overwhelmed by report volume.
- Vendors may ship rushed patches that create regressions.
- Users may fail to update even after fixes exist.
- Public disclosure may accidentally provide a roadmap for exploitation.
- Security teams may trust model output without adequate human validation.
| Failure mode | Consequence | Mitigation |
|---|---|---|
| Too many unactioned findings | Backlogs grow and attackers may rediscover the same flaws. | Prioritise by exploitability, reach and available mitigations. |
| Poor disclosure practice | Users face risk before patches are available. | Use coordinated disclosure timelines and trusted channels. |
| Blind trust in model output | Teams waste effort or miss context. | Require reproduction, peer review and safe test environments. |
| Slow patch adoption | Known vulnerabilities stay exploitable. | Automate updates and make patching easier for customers. |
| Unequal access | Large firms improve while small maintainers fall behind. | Fund open-source security and shared tooling. |
A Practical Definition For Executives
Claude Mythos is a preview of AI-assisted vulnerability discovery at industrial scale. It shows that leading AI labs can now build models that do more than write code. They can reason about how complex software fails. The business implication is simple: security programmes must budget for remediation speed, dependency visibility and rapid patch deployment.
A Practical Definition For Developers
Claude Mythos is a restricted AI model that can act like a senior security reviewer across large codebases. It can identify suspicious control flow, memory-safety patterns, authentication flaws, parser issues and exploit chains. Developers should not treat it as magic. They should treat it as a source of high-quality leads that still require tests, patches and review.
FAQ
Is Claude Mythos available to the public?
No. Anthropic describes Claude Mythos Preview as an unreleased, gated research preview for Project Glasswing participants and selected critical software organisations.
Is Claude Mythos only for cybersecurity?
Anthropic calls it a general-purpose frontier model with strong coding and agentic capability. Its public significance comes from its unusually strong performance on computer security tasks.
Did Claude Mythos really find more than 10,000 vulnerabilities?
Anthropic says Project Glasswing partners used Mythos Preview to find more than 10,000 high or critical severity vulnerabilities across systemically important software. For open-source scans, Anthropic reported 23,019 total candidates and 6,202 estimated high or critical candidates, with a reviewed subset showing high validation rates.
Are all of those vulnerabilities public?
No. Most details are deliberately withheld while maintainers verify, patch and disclose issues safely. Anthropic cites standard coordinated vulnerability disclosure timelines, including 90 days after discovery or around 45 days after a patch is available.
Why not release Mythos to everyone if it helps defenders?
Because the same capability could help attackers. Anthropic is using restricted access, partner programmes and coordinated disclosure to give defenders a head start while reducing misuse risk.
What should ordinary software teams learn from Mythos?
The lesson is to prepare for faster vulnerability discovery. Teams should improve patch cycles, dependency management, incident response, secure coding practices and remediation capacity.
The Bottom Line
Claude Mythos is best understood as a restricted frontier AI model that shows how quickly cyber capability is advancing. It can help trusted defenders find serious vulnerabilities at a scale that would have been difficult with human labour alone. The hard part is no longer just discovery. The hard part is verification, disclosure, patching and making sure users actually receive the fixes.
About the author
Hi, I'm Jason Futrill.
I'm an tech professional and commentator exploring how intelligent systems are reshaping work, creativity, and society.
More about me
