Claude Mythos Explained: The LLM Anthropic Won't Release (2026)

Claude Mythos is the most interesting AI model of 2026 that you cannot use. Anthropic announced a preview of it on April 7, 2026, then confirmed the details again when they released Claude Opus 4.7 on April 16 and publicly conceded that Opus 4.7 does not match Mythos Preview's capabilities. The model is real, it works, and Anthropic has decided it is too dangerous to release.

This post is a plain-language explainer grounded in verified sources: Anthropic's own Mythos Preview announcement, press coverage from Axios, CNBC, Salesforce Ben, Council on Foreign Relations, and the Opus 4.7 release notes. No speculation, no assumption. If something is uncertain, I'll say so.

What Claude Mythos actually is

Claude Mythos is a large language model developed by Anthropic. It is trained as a general-purpose model but is especially strong at cybersecurity tasks, particularly finding and exploiting vulnerabilities in real software. Anthropic calls the publicly disclosed version "Claude Mythos Preview." It has not been released to the general public, and Anthropic has stated it does not plan to.

The model appears to be the successor to Opus 4.6 in capability terms. Anthropic's own release notes for Opus 4.7 say Opus 4.7 "still falls short of its Mythos Preview model." VentureBeat and Axios both characterize Opus 4.7 as the best generally available LLM while Mythos Preview sits above it, locked up.

The name is also an interesting choice. Anthropic has not explained their naming conventions publicly, but moving away from the Opus number series and onto a proper name signals that Mythos is a different category of release, not the next step in the Opus line.

The timeline, verified

April 7, 2026. Anthropic announces Claude Mythos Preview and Project Glasswing. The announcement includes the key disclosure that Mythos finds zero-day vulnerabilities in every major operating system and every major web browser.

April 16, 2026. Anthropic ships Claude Opus 4.7 and publicly acknowledges it does not match Mythos Preview. The decision to ship Opus 4.7 with intentionally reduced cyber capabilities is directly tied to the Mythos holdback.

April 17, 2026. Claude Design launches, built on Opus 4.7. No Mythos in the design tool. Anthropic appears to be keeping Mythos away from every public-facing product.

Today. Mythos Preview remains in limited distribution. No public API, no Claude app access, no waitlist most individuals can join.

Project Glasswing, explained

Project Glasswing is the initiative Anthropic built around Mythos Preview. The goal, in Anthropic's language, is to "use Mythos Preview to help secure the world's most critical software" before comparable capabilities become broadly available through other labs.

Who is in it. Press reporting from CNBC and others has identified JPMorgan Chase as a named participant, with coverage mentioning around 11 total organizations including major tech companies, cybersecurity vendors, and critical infrastructure holders. Anthropic's own Mythos preview page describes participants as "critical industry partners and open source developers" and does not name them. Do not confuse reporter lists with official lists. The official participant list has not been published.

What participants do. Run Mythos Preview against software they own, maintain, or help secure. Use the findings to patch vulnerabilities before anyone else discovers them. Share findings back with Anthropic in a structured way.

The strategic logic. If Mythos-level capabilities are likely to arrive at other labs in the next 6 to 18 months, giving defenders a head start matters more than keeping the model fully private. Anthropic is effectively saying: we are going to let a handful of defenders use this model now, so that critical software is hardened before similar models proliferate.

Whether this is actually a good idea is contested. The Council on Foreign Relations wrote a piece titled "Six Reasons Claude Mythos Is an Inflection Point for AI and Global Security," suggesting the strategic implications go well beyond Anthropic's internal decision making. Cal Newport's blog has a more skeptical take ("Is Claude Mythos 'Terrifying' or Just Hype?"). Both are worth reading if you want the full texture.

What Mythos Preview can actually do

This is the section you should read carefully, because the specifics are genuinely striking. All numbers below are from Anthropic's official Mythos Preview page.

Ancient bugs, found fast. Mythos has surfaced a 27-year-old vulnerability in OpenBSD SACK (a TCP denial-of-service via signed integer overflow that has been sitting in the codebase since the 1990s) and a 17-year-old FreeBSD NFS remote code execution (CVE-2026-4747) exploitable by unauthenticated users. These are not trivial bugs. They are the kind of defects that specialists have been staring at for decades without finding.

Browser exploit chains. Mythos has produced exploits chaining four or more vulnerabilities together, including JIT heap sprays, sandbox escapes, and cross-origin bypasses. On Firefox JavaScript exploits specifically, Mythos succeeded on 181 of 210 attempts (87%). Opus 4.6 on the same test: 2 successes across hundreds of attempts. That is not an incremental improvement. That is a step change.

OSS-Fuzz performance. On standardized fuzzing benchmarks, Mythos produced 595 tier-1-or-2 crashes and 10 tier-5 crashes (full control flow hijack). Prior Claude models produced a single tier-3 crash in comparable tests.

Cryptography library flaws. Mythos found a certification authentication bypass in Botan, a widely used cryptography library, and weaknesses in TLS, AES-GCM, and SSH implementations.

Media libraries. A 16-year-old FFmpeg H.264 codec vulnerability. This one affects an enormous footprint of real-world software given FFmpeg's ubiquity.

Scale of findings. Thousands of high or critical severity vulnerabilities discovered. 89% agreement with human validators on severity assessment. Over 99% remain unpatched at publication.

Cost. $20,000 to $50,000 per thousand-run scaffold. Individual exploits cost $1,000 to $2,000 to produce. These numbers come directly from Anthropic's disclosure. They are real, but they are also accessible to any well-funded threat actor.

Read those numbers twice. A model that turns weeks of expert vulnerability research into hours, at a cost most state actors and a lot of organized criminals can afford, is not a small thing. The calculus behind holding it back becomes clearer once you sit with the specifics.

Why Anthropic is not releasing it

Anthropic laid out four specific concerns in their Mythos Preview announcement. I am summarizing them, then adding context.

1. Transitional vulnerability. Capabilities could temporarily advantage attackers before defenders adapt. Software security works on ecosystem timescales (months to years). If Mythos-level capabilities hit the internet in a week, the ecosystem has no time to catch up.

2. Ease of use. Non-experts can leverage the model to find sophisticated vulnerabilities. This is the part that breaks the usual "offensive capabilities already exist among experts" argument. If a college student with $2,000 and a weekend can find a FreeBSD NFS zero-day, the threat model is no longer "nation-state adversaries." It is "anyone with a laptop."

3. Speed advantage. Exploits that previously required weeks now take hours. This matters because defender response times are measured in days to weeks. A speed advantage of 10× on the attacker side pushes the defense timeline past the window where patching keeps up.

4. N-day acceleration. Even after patches are published, attackers can reverse-engineer patches to build working exploits. With Mythos, this process itself accelerates. A patch published on Tuesday may be reliably exploitable by Wednesday.

These four concerns, taken together, explain the decision. Any one of them alone might be manageable. Together, they describe an asymmetric advantage for attackers that defenders cannot absorb in short timeframes.

Anthropic's own language: "the transitional period may be tumultuous regardless." Translation: even with the careful rollout, things are going to be rough.

Is this responsible scaling or AI theater?

The skeptical read, covered by Cal Newport and Salesforce Ben among others, is that this could be safety theater. Anthropic benefits reputationally from publicly holding back a model, whether or not the model is as dangerous as described. "We have something so powerful we dare not release it" is a strong marketing position.

The charitable read is that Anthropic is operating their Responsible Scaling Policy as written. Their RSP explicitly commits to not releasing models above certain capability thresholds without corresponding safeguards. Mythos appears to cross cyber uplift thresholds that Anthropic's own RSP flags as requiring additional safeguards.

My honest take: the specifics are too concrete and too operationally risky for this to be pure theater. You do not hand Mythos to JPMorgan Chase and other critical infrastructure partners as a publicity stunt. The number of sophisticated defenders who have reportedly seen the model and signed off on the holdback is not consistent with a bluff. That said, I cannot verify the capabilities directly, and the community should keep pushing Anthropic for external evaluation.

What this means for the AI industry

A few real consequences worth paying attention to.

Other labs are closer than you think. If Anthropic has Mythos, OpenAI, Google DeepMind, and at least one Chinese lab are likely close behind. The Mythos capability threshold is probably not unique to Anthropic, it is an emergent property of sufficiently advanced models trained with reasoning and tool use. Expect similar announcements from competitors in the next 6 to 18 months.

Defender tooling is about to change. The cybersecurity industry has run on the assumption that offensive capabilities are expensive and scarce. Mythos breaks that assumption. Vulnerability research tooling, bug bounty pricing, and patch cycles are all about to get rethought.

Cyber Verification Program. Anthropic has announced a Cyber Verification Program for legitimate security researchers to access capability-restricted tools. This is the pathway forward for the community. Expect the program to expand as Anthropic gains confidence in the screening process.

Regulatory pressure will spike. US and EU regulators have been watching the frontier labs closely. A publicly disclosed model with documented zero-day discovery capabilities is exactly the kind of development that accelerates regulation. Expect compliance disclosure requirements, pre-release evaluations, and possibly cyber-capability licensing regimes within 18 months.

Enterprise procurement will change. Boards are about to ask CISOs: "Which AI tools are we using, and which of them can write exploits?" Having clean answers to those questions will matter.

What Mythos tells us about Opus 4.7

This is the piece I find most interesting. Opus 4.7 is what you can actually use, and it is shaped directly by the Mythos decision.

Cyber capabilities are intentionally reduced. Anthropic said this explicitly in the Opus 4.7 release notes. Opus 4.7 is not "Mythos with the rough edges sanded off." It is a model where certain capabilities were deliberately held below the Mythos threshold during training and post-training.

The rest of the model is still the best publicly available. Opus 4.7 is stronger than 4.6 on agentic coding, vision, instruction following, and long-context reasoning. Those capabilities were not held back. The holdback is surgical, not wholesale.

Future Opus releases will bring safeguards first. Anthropic has signaled that upcoming Claude Opus models will ship with safeguards sufficient to release some Mythos-adjacent capabilities. The pattern will likely be: safeguard infrastructure first, capability release second.

If you want to prompt the current Opus 4.7 for security work that is adjacent to Mythos territory (code review, hardening recommendations, compliance-style analysis), use structured frameworks. The RACE framework and APE framework work well for this: define a clear role (senior security engineer), a specific action, tight context, and explicit expectations. For longer, multi-step security research workflows, the COAST framework gives you the scaffolding to break the work into reviewable stages.

What to do if you want Mythos access

If you are a defender at a critical infrastructure org, a major open source project maintainer, or a vetted security researcher, the pathway is:

1. Anthropic's Cyber Verification Program. This is the long-term channel. Watch anthropic.com for the application form and eligibility criteria.

2. Project Glasswing participation. Not open to general applications. Anthropic appears to be curating the list directly. If you are in a relevant role, expect outreach rather than the other direction.

3. Work with a Glasswing participant. If your org is downstream of a major cloud provider or cybersecurity vendor that has Glasswing access, findings may flow to you through coordinated disclosure.

For everyone else, realistic expectation: you will not have direct Mythos access in 2026. You will benefit from Mythos findings as patches land in the software you run. Update your systems promptly.

What to do next

To round out your understanding of Anthropic's April 2026 launch week:

Read my Claude Opus 4.7 review for a hands-on breakdown of the model you can actually use, including the three developer features (xhigh, task budgets, /ultrareview) that matter most. And my Claude Design review covers the new design tool Anthropic launched on Opus 4.7, the third piece of this week's story.

For broader context on the AI tool landscape that Mythos looms over, my 10 best AI tools for small business roundup gives a view of the tools most people will actually touch.

For primary sources, read Anthropic's own Mythos Preview announcement directly. It is clearly written and the specific capability examples are worth seeing in full.

Final thought

Claude Mythos is the clearest real-world test of a responsible scaling framework we have seen from a frontier AI lab. Anthropic could have shipped it. They chose not to. They described the capabilities in public enough detail that competitors and regulators now know roughly what they are building toward. They put the model in the hands of a small number of defenders who can use it to harden critical systems before comparable capabilities proliferate.

Whether this approach holds up as other labs approach similar capabilities is the big open question. If OpenAI or a Chinese lab ships a Mythos-equivalent without the holdback, Anthropic's decision retrospectively looks like unilateral disarmament. If nobody ships it and the safeguards mature, Anthropic looks prescient. We will know within 18 months.

For now, what you need to know as a builder, an operator, or a curious human: Mythos exists. It is real. It is not for sale. The model you can actually use is Opus 4.7. And the reason Opus 4.7 has the exact shape it has is because Mythos is sitting one floor up, behind a locked door.

Sources:

• Claude Mythos Preview (Anthropic)
• Introducing Claude Opus 4.7 (Anthropic)
• Anthropic ships Opus 4.7 as Mythos stays under lock and key (Brave New Coin)
• Anthropic rolls out Claude Opus 4.7 (CNBC)
• Anthropic concedes Opus 4.7 trails unreleased Mythos (Axios)
• Six Reasons Claude Mythos Is an Inflection Point (Council on Foreign Relations)