Claude Mythos: Anthropic's Most Powerful Model — And Why Most People Can't Access It

When AI companies release a new model, the standard playbook is straightforward: announce the benchmarks, open the API, watch the adoption curve. Anthropic broke from that playbook entirely with Claude Mythos Preview. They announced the model, published what it can do, described its partner program — and declined to make it generally available. Not because it isn't ready, but because they believe the risks of broad access outweigh the benefits at this stage.

That decision, and the reasoning behind it, tells you more about the current state of frontier AI than any benchmark table could.

Mythos Preview is general-purpose in its architecture — it performs strongly across the full range of language model tasks. But it's strikingly capable at one domain in particular: computer security. In pre-release testing, the model identified thousands of previously unknown zero-day vulnerabilities across every major operating system and every major web browser. Flaws that had survived decades of human security review and millions of automated tests. Found, methodically, by a language model.

What Mythos Can Actually Do

The cybersecurity capabilities of Mythos Preview are not incremental. They represent a qualitative shift in what AI can do in the security domain — which is precisely why the model's release has drawn more attention from security researchers and policymakers than from the typical AI community.

Zero-day discovery at scale. Zero-day vulnerabilities — previously undiscovered security flaws with no existing patch — are among the most valuable assets in offensive security. Finding them requires deep technical knowledge, creative reasoning about edge cases, and the ability to hold complex system state in mind while exploring attack surfaces. These are exactly the capabilities that large language models, when sufficiently advanced, are well-positioned to bring to bear. Mythos Preview doing this across every major OS and browser simultaneously is not a marginal improvement over prior models. It's a different category of capability.

Project Glasswing: the defensive bet. Recognizing that a model capable of finding vulnerabilities could either destabilize or strengthen security infrastructure depending on how it's deployed, Anthropic launched Project Glasswing alongside the Mythos announcement. Twelve partner organizations — Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, Palo Alto Networks, and others — will deploy Mythos Preview specifically for defensive security work: finding and patching vulnerabilities before adversaries do. The bet is that at this stage, concentrated defensive deployment produces more net benefit than broad access.

The proliferation timeline. Anthropic's own team has estimated that similar capabilities will emerge from other AI labs within six to eighteen months. This is the honest acknowledgment that the decision not to release Mythos broadly is a delay, not a permanent restriction. The capability exists. The question is whether the security industry — and the software world more broadly — can harden its infrastructure fast enough to absorb the defensive benefits before the offensive risks become widely accessible.

What This Means for the Security Industry

The AISI (UK AI Safety Institute) has published its evaluation of Mythos Preview's cyber capabilities, and the Centre for Emerging Technology and Security has analyzed what it means for the cybersecurity field. The consensus is that this represents a genuine watershed — not a scare story, but a serious indicator that the tools available to both defenders and eventual adversaries have changed materially.

For security teams, the most immediate implication is that AI-assisted vulnerability discovery should now be part of offensive security programs. Red teams running Mythos-class models against their own infrastructure before adversaries do is no longer a speculative future practice — it's the current standard that Project Glasswing partner organizations are operating at.

For software organizations outside the Project Glasswing consortium, the clock is ticking in a specific way: the six-to-eighteen month proliferation window Anthropic cites is the window in which security teams need to integrate AI-assisted vulnerability scanning into their standard practices. Not as a nice-to-have, but as an assumption about the baseline capability available to both their security team and their adversaries.

The Responsible Release Question

Anthropic's approach to Mythos Preview will become a reference case study in how to handle capability advances that have significant dual-use implications. The framework they've used — concentrated defensive deployment, explicit proliferation timeline acknowledgment, public transparency about the capability and the reasoning — is more thoughtful than the alternatives: either broad release without restriction or no release at all.

What it signals about the broader AI industry is that capability and safety aren't separate tracks that can be managed independently. The most capable model Anthropic has built is also the one requiring the most careful deployment decisions. That correlation is likely to hold as capabilities continue to advance.

For organizations building AI-enabled workflows and products, Mythos is a useful signal about the trajectory of what's coming. Models that can autonomously find software vulnerabilities today are models that will, in adjacent future versions, be able to autonomously execute many other complex knowledge-work tasks with similarly high reliability. The security domain is the leading edge because the benchmarks are clear and the stakes are high. The pattern will extend.