Amicore

Claude Mythos & Project Glasswing: Anthropic's Frontier AI for Cybersecurity

A new class of AI model with unprecedented cybersecurity capabilities, deployed through a gated industry partnership to secure critical software infrastructure

Last updated: April 8, 2026 Overview

On April 7, 2026, Anthropic announced Claude Mythos Preview — a frontier AI model that represents a fundamental capability discontinuity from previous generations. Mythos sits in a new model tier called Capybara, above Anthropic's existing Opus, Sonnet, and Haiku tiers, and has demonstrated the ability to autonomously discover and exploit zero-day vulnerabilities in every major operating system and web browser. Recognizing both the defensive potential and offensive risk, Anthropic simultaneously launched Project Glasswing — a cross-industry initiative providing gated Mythos access to major technology companies and critical infrastructure maintainers for defensive security purposes. Mythos is not publicly available and has no announced general availability date.

What This Means for Your Organization

  • +Claude Mythos is not a product you can buy today. It is a gated research preview available only to Project Glasswing partners and select organizations maintaining critical software infrastructure. There is no public API, no pricing, and no self-serve access.
  • +Why it matters for legal and business leaders: Mythos signals that AI-driven vulnerability discovery is now operating at a scale and speed that will reshape cybersecurity expectations. Organizations should evaluate their own security posture and vendor security practices in light of these capabilities.
  • +What to do now: Review your firm's cybersecurity practices, ensure your AI vendors participate in responsible disclosure programs, and monitor Anthropic's announcements for eventual Mythos-class model availability with appropriate safeguards.

What Is Claude Mythos?

Claude Mythos is Anthropic's most advanced AI model, representing the first entry in a new Capybara tier — structurally above the existing Opus models that were previously Anthropic's most capable. Anthropic describes it as a general-purpose frontier model whose coding and reasoning capabilities have crossed a threshold where it can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.

New Model Tier: Capybara: Mythos is not a version bump of existing Claude models. Capybara is a new tier — larger and more capable than Opus — representing a structural expansion of Anthropic's model lineup. The current public models (Haiku 4.5, Sonnet 4.6, Opus 4.6) remain available; Capybara sits above them.
General-Purpose with Security Breakthrough: While Mythos excels at cybersecurity tasks, it is a general-purpose model with state-of-the-art performance across coding, reasoning, mathematics, and agentic tasks. The security capabilities emerge from its exceptional ability to comprehend large codebases and reason about complex system interactions.
Gated Availability: Anthropic has deliberately chosen not to make Mythos generally available. Access is restricted to Project Glasswing partners and approximately 40 additional organizations responsible for critical software infrastructure. This is a departure from the typical AI model launch playbook.
Unprecedented Vulnerability Discovery: In just weeks of testing, Mythos identified thousands of zero-day vulnerabilities across major software systems, many of them critical. The oldest was a 27-year-old bug in OpenBSD that had evaded human detection for nearly three decades.

Performance Benchmarks

Mythos holds the top score on record across multiple major benchmarks, with gaps large enough to represent a genuine capability discontinuity rather than an incremental improvement over existing models.

93.9%
SWE-bench Verified

Software engineering — new record

77.8%
SWE-bench Pro

Advanced software engineering

94.5%
GPQA Diamond

Graduate-level science reasoning

97.6%
USAMO 2026

Competition mathematics — near-perfect

83.1%
CyberGym

Cybersecurity tasks — new record

79.6%
OSWorld

Autonomous computer operation

86.9%
BrowseComp

Web navigation and browsing

80.0%
GraphWalks BFS (1M tokens)

Long-context reasoning — nearly 4x GPT-5.4

Project Glasswing: Securing Critical Infrastructure

Project Glasswing is Anthropic's cross-industry initiative to use Mythos Preview for defensive cybersecurity — finding and fixing vulnerabilities in the world's most critical software before attackers can exploit them. It represents a new model for responsible deployment of frontier AI capabilities.

Defensive-First Approach: Rather than releasing Mythos broadly and reacting to misuse, Anthropic is deploying it exclusively for defensive purposes through trusted partners. The goal is to secure critical software infrastructure proactively while developing the safeguards needed for eventual broader availability.
Industry-Wide Coalition: Project Glasswing brings together major technology companies and infrastructure maintainers to coordinate vulnerability discovery and remediation. This cross-industry approach recognizes that software supply chains are interconnected — a vulnerability in one system can cascade across the entire ecosystem.
Responsible Disclosure Integration: Vulnerabilities discovered through Glasswing follow responsible disclosure practices, giving maintainers time to develop and deploy patches before findings are made public. This is critical for zero-day vulnerabilities that could otherwise be weaponized.
Preparing for the Future: Glasswing is also a learning exercise. Anthropic aims to understand how Mythos-class models can be safely deployed at scale, what guardrails are effective, and what industry practices need to evolve to keep pace with AI-powered vulnerability discovery.

Project Glasswing Partners

The founding partners of Project Glasswing represent a cross-section of the technology ecosystem, from cloud providers and hardware manufacturers to cybersecurity specialists and open-source foundations.

Amazon Web ServicesCloud infrastructure provider; Mythos Preview available on Amazon Bedrock for approved partners
AppleConsumer technology; securing operating systems and device ecosystems
BroadcomSemiconductor and infrastructure software
CiscoNetworking and enterprise security infrastructure
CrowdStrikeEndpoint security and threat intelligence platform
GoogleCloud infrastructure; Mythos Preview available on Vertex AI for approved partners
JPMorganChaseFinancial services; securing banking infrastructure
Linux FoundationOpen-source software ecosystem; securing foundational open-source projects
MicrosoftOperating systems, cloud infrastructure, and enterprise software
NVIDIAGPU and AI infrastructure hardware and software
Palo Alto NetworksEnterprise cybersecurity and network security

Cybersecurity Implications for Organizations

Even though Mythos is not publicly available, its existence has immediate implications for how organizations should think about cybersecurity.

Vendor Security Assessment

If AI can discover thousands of zero-day vulnerabilities in weeks, the bar for what constitutes adequate software security has fundamentally shifted. Organizations should re-evaluate their vendor security assessment criteria.

Example: Ask your software vendors: Are you participating in AI-powered vulnerability discovery programs? What is your response time for critical vulnerabilities discovered through automated analysis?

Why it excels: Vendors not actively using AI-powered security tools are increasingly likely to have undiscovered critical vulnerabilities in their products.

Law Firm Data Security

Law firms hold some of the most sensitive data in the economy — privileged communications, M&A plans, litigation strategy. If AI can find vulnerabilities faster than human security teams can patch them, firms need to accelerate their own security practices.

Example: Review your firm's patch management policy. How quickly are critical security updates applied to production systems? Is the cadence fast enough for an era of AI-accelerated vulnerability discovery?

Why it excels: The window between vulnerability discovery and exploitation is shrinking. Firms with slow patching cycles face increasing risk of breaches affecting client confidentiality.

Cyber Insurance Implications

Insurers are likely to factor AI-powered vulnerability discovery into their underwriting models. Organizations that can demonstrate proactive AI-driven security assessments may benefit from better coverage terms.

Example: Contact your cyber insurance provider to understand how AI-driven vulnerability discovery affects your coverage, premiums, and audit requirements.

Why it excels: The cyber insurance market is already conditioning coverage on AI governance. Mythos-class capabilities will accelerate this trend for security practices specifically.

Regulatory Preparedness

Regulators will eventually need to address AI-powered vulnerability discovery — both its defensive benefits and offensive risks. Organizations in regulated industries should prepare for evolving disclosure and security requirements.

Example: Review your incident response plan and disclosure obligations. Are they adequate for a scenario where AI discovers a critical vulnerability in software you depend on?

Why it excels: The SEC, banking regulators, and data protection authorities are already increasing scrutiny of cybersecurity practices. AI-accelerated vulnerability discovery will raise the expected standard of care.

Availability and Access

Claude Mythos is not available through standard commercial channels. Here is the current state of access as of April 2026.

Project Glasswing Partners

Invitation-only

Founding partners (Amazon, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks) have access to Mythos Preview for defensive cybersecurity work.

Critical Infrastructure Maintainers

Invitation-only

Approximately 40 additional organizations responsible for building or maintaining critical software infrastructure have been granted access.

Cloud Platform Previews

Gated access

Available on Amazon Bedrock and Google Cloud Vertex AI as a gated research preview for approved organizations only.

General Availability

Not announced

Anthropic has stated it does not plan to make Mythos Preview generally available in its current form. The goal is to develop safeguards for eventual safe deployment of Mythos-class models at scale.

  • No public pricing has been announced for any Mythos-class model.
  • The Capybara tier is expected to be priced above Opus, which is currently Anthropic's most expensive tier.
  • Organizations interested in Glasswing participation should contact Anthropic directly.
  • Current public Claude models (Haiku 4.5, Sonnet 4.6, Opus 4.6) remain available through standard channels.

How Mythos Compares to Current Claude Models

Model TierCapybara — new tier above OpusOpus — current top public tierSonnet — balanced performance/cost
SWE-bench Verified93.9% (record)~72%~70%
GPQA Diamond94.5% (record)~78%~72%
CybersecurityAutonomous zero-day discoveryCapable security analysisBasic security tasks
AvailabilityInvitation-only (Glasswing)Public API + Claude.aiPublic API + Claude.ai
PricingNot announced$15/$75 per MTok$3/$15 per MTok
Best ForDefensive security, frontier researchComplex reasoning, coding, analysisEveryday tasks, cost-effective AI

Safety and Responsible Deployment

Anthropic's decision to gate Mythos access represents a departure from the typical AI model launch approach and reflects growing industry awareness of dual-use AI capabilities.

Deliberate Restriction: Anthropic explicitly stated it does not plan to make Mythos Preview generally available, citing concerns that the model could increase the likelihood of large-scale AI-driven cyberattacks if deployed without appropriate safeguards.
Dual-Use Capability: Mythos can both find and exploit vulnerabilities. The same capability that makes it invaluable for defense makes it dangerous in offensive hands. Anthropic's approach prioritizes giving defenders a head start.
Industry Coordination: By working through Glasswing partners rather than releasing broadly, Anthropic can ensure vulnerabilities are discovered and patched in coordination with the organizations best positioned to fix them.
Evolving Safeguards: Anthropic has stated that the goal is to eventually deploy Mythos-class models safely at scale. The current restriction is intended as a learning period to develop the safeguards, guardrails, and industry practices needed for responsible broader deployment.

What to Watch

  • +General availability timeline: Anthropic has not committed to a date for broader Mythos access. Monitor their announcements for updates on Capybara-tier model availability.
  • +Glasswing vulnerability disclosures: As partners discover and patch vulnerabilities, expect a wave of critical security updates across major platforms. Prioritize patch management.
  • +Regulatory response: Governments and regulators will need to address AI-powered vulnerability discovery. Expect new guidance on AI in cybersecurity from NIST, the SEC, and international bodies.
  • +Competitive response: Other frontier AI labs (OpenAI, Google DeepMind) will likely accelerate their own cybersecurity-focused model development and responsible deployment programs.

Key Takeaways

  • 1.Claude Mythos is Anthropic's most powerful AI model, sitting in a new Capybara tier above Opus. It holds record scores on SWE-bench (93.9%), GPQA Diamond (94.5%), and CyberGym (83.1%).
  • 2.Mythos has autonomously discovered thousands of zero-day vulnerabilities across every major operating system and web browser, including a 27-year-old bug in OpenBSD.
  • 3.Mythos is NOT publicly available — access is restricted to Project Glasswing partners and approximately 40 critical infrastructure organizations. There is no public API, pricing, or general availability date.
  • 4.Project Glasswing partners include Amazon, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
  • 5.The cybersecurity implications are immediate: AI-powered vulnerability discovery raises the bar for vendor security practices, patch management speed, and cyber insurance requirements.
  • 6.Anthropic's gated deployment model is a deliberate choice to give defenders a head start before Mythos-class capabilities become widely available.
  • 7.Organizations should review their security posture, vendor assessment criteria, and incident response plans in light of AI-accelerated vulnerability discovery.
  • 8.Current public Claude models (Haiku 4.5, Sonnet 4.6, Opus 4.6) remain available through standard channels for everyday AI tasks.

References

  1. [1]Anthropic, "Project Glasswing: Securing critical software for the AI era."Link
  2. [2]Anthropic, "Claude Mythos Preview," red.anthropic.com.Link
  3. [3]TechCrunch, "Anthropic debuts preview of powerful new AI model Mythos in new cybersecurity initiative," Apr. 7, 2026.Link
  4. [4]Fortune, "Anthropic is giving some firms early access to Claude Mythos to bolster cybersecurity defenses," Apr. 7, 2026.Link
  5. [5]CrowdStrike, "Anthropic Claude Mythos Preview."Link
  6. [6]VentureBeat, "Anthropic says its most powerful AI cyber model is too dangerous to release publicly — so it built Project Glasswing," Apr. 7, 2026.Link
  7. [7]The Hacker News, "Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems," Apr. 7, 2026.Link
  8. [8]SecurityWeek, "Anthropic Unveils Claude Mythos — A Cybersecurity Breakthrough That Could Also Supercharge Attacks," Apr. 7, 2026.Link
Back to Research