Claude Mythos: Release Date, Access, and What Comes Next (2026)

Claude Mythos: Release Date, Access, and What Comes Next in 2026

The most capable AI model in the world is not available for you to use. That's the unusual situation Anthropic finds itself in on May 13, 2026 — and the speculation building across X, Reddit, and developer forums suggests the wait may be approaching an end.

Claude Mythos Preview was announced on April 7, 2026, after being accidentally leaked on March 26. In the weeks since, it has found thousands of zero-day vulnerabilities in every major operating system and browser, a 27-year-old bug in OpenBSD that survived decades of expert review, and prompted the Trump administration to consider government pre-deployment oversight of frontier AI models. Anthropic's response was to not release it publicly — at all. Instead, they launched Project Glasswing: controlled access for approximately 50 vetted organizations, committing $100 million in model usage credits to defensive cybersecurity work.

Now, six weeks later, posts are building across X speculating about what comes next. A follow-on model labeled "Mythos 1.1 cybersecure" has appeared in speculation threads. Ethan Mollick, one of the most-cited AI researchers on academic use of AI, is publicly questioning how Anthropic plans to navigate government approval pathways while competitors like Google and OpenAI move faster under different safety approaches. The New York Times ran a story on May 12. X made it a trending topic.

This article covers the full picture: what Mythos actually is and what it can do, why the release is so constrained, the exact roadmap Anthropic has described, what "Mythos 1.1 cybersecure" likely means, the competitive dynamics with GPT-5.5-Cyber, and the most accurate timeline estimate for when Mythos-class capability reaches developers.

Claude Mythos: What It Is and What It Can Do

Claude Mythos Preview is Anthropic's most powerful model to date — announced April 7, 2026, after an accidental leak on March 26 exposed internal documents through a misconfigured CMS. Anthropic confirmed its existence and called it "a step change." The formal announcement at anthropic.com/glasswing is the clearest statement of what it is and why it's dangerous.

Mythos sits in a tier above Claude Opus called Capybara — introduced specifically because the model's capabilities are qualitatively different from Opus-class models, not just quantitatively better. Estimated at 10 trillion parameters using a Mixture of Experts (MoE) architecture, not all parameters are active during inference. Glasswing partner API pricing has been confirmed at $25 per million input tokens and $125 per million output tokens.

The three confirmed capability domains where Mythos dramatically outperforms Claude Opus 4.7:

Cybersecurity: The part that has Washington concerned

Mythos has fully autonomously identified and exploited zero-day vulnerabilities in every major operating system and every major web browser. "Fully autonomously" means no human involvement after the initial request. In specific tests documented by Anthropic:

Found a 27-year-old vulnerability in OpenBSD — a system celebrated for security hardening — that survived decades of expert review and millions of automated tests
Identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD (CVE-2026-4747) that allows complete root access from an unauthenticated internet user
On CyberGym benchmarks for vulnerability reproduction, scored 83.1% vs Opus 4.7's 73.1% and GPT-5.4's 66.3%
In Firefox vulnerability testing, developed working JavaScript shell exploits 181 times where Opus 4.6 succeeded only twice
Achieved full control flow hijack on 10 separate, fully patched OSS-Fuzz targets
Engineers with no formal security training could ask it to find RCE vulnerabilities overnight and wake up to complete working exploits

Academic Reasoning and Coding

On SWE-bench Verified, Mythos scores 93.9%, compared to Opus 4.7's 87.6% and GPT-5.4's 71.7%. On GPQA Diamond (graduate-level scientific reasoning), it scores 94.6%. These numbers would top every publicly accessible AI model benchmark as of May 2026 — if Mythos were public. On the Artificial Analysis Intelligence Index, the top publicly accessible models from Gemini and GPT-5.4 are tied at 57. Mythos exceeds both by a substantial margin.

For the full benchmark breakdown of Mythos vs every model released in April 2026 — including Gemma 4, Llama 4 Scout, Muse Spark, and Opus 4.7 — the latest AI models April 2026 guide covers all confirmed scores and the strategic context.

Why Anthropic Is Withholding It — The Safety Calculus

Anthropic's decision to not release Mythos publicly is the first time any major frontier lab has confirmed a model exists and explicitly withheld it from the market on safety grounds. The reason is specific and quantifiable, not vague.

The cybersecurity capability is the bottleneck. An AI model that can find and exploit zero-day vulnerabilities in every major OS and browser, autonomously, in a single overnight session, represents an unprecedented force multiplier for attackers. Anthropic's own internal assessment warns that Mythos "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders."

The World Economic Forum framed the implications plainly: frontier AI systems are becoming more autonomous and powerful, but also harder to control once deployed. The concern is asymmetric: defenders need to patch every vulnerability Mythos finds; attackers only need to exploit one.

Three specific risks drive the restriction:

Lowered barrier to entry: engineers with no security training can request RCE exploits and get them by morning. Skills that took years to develop become accessible to anyone with API access.
Speed asymmetry: Mythos can find vulnerabilities faster than organizations can patch them. The average patch cycle is days to weeks; Mythos finds vulnerabilities in hours.
Unauthorized access already happened: at least one group gained access to Mythos through one of Anthropic's vendors during the controlled deployment. This is the scenario Anthropic's restriction was designed to prevent, and it happened anyway at the partner level.

Critically, CNBC reporting from cybersecurity experts including watchTowr CEO Ben Harris adds important nuance: "What we are seeing across the industry now is that people are able to reproduce the vulnerabilities found with Mythos through clever orchestration of public models to get very, very similar results." The cybersecurity risk Mythos represents is real — but it's not unique to Mythos. It's a frontier threshold the industry was always going to reach. Mythos arrived there first.

For a deep technical review of what Mythos can do and the full Project Glasswing partner list — including how Anthropic confirmed the model after the leak, the Capybara tier architecture, and the OpenBSD discovery in detail — the Claude Mythos 5 full review is the most comprehensive publicly available breakdown.

Project Glasswing: Who Has Access and What They're Doing

Project Glasswing is Anthropic's controlled deployment program that gives preview access to Mythos exclusively for defensive cybersecurity work. Anthropic committed $100 million in Mythos Preview usage credits across the program, plus $4 million in direct donations to open-source security organizations.

Named Glasswing members include:

The scope of what Project Glasswing organizations have been doing is significant. Anthropic has used Mythos Preview to identify thousands of zero-day vulnerabilities across major operating systems and browsers — many of them critical. Over 99% remain unpatched and undisclosed (per responsible disclosure protocols). The 1% that have been patched and disclosed include the OpenBSD and FreeBSD vulnerabilities already detailed publicly.

Goldman Sachs, Citi, and JPMorgan Chase are running internal testing. Mozilla used Mythos to find and patch 271 previously unknown vulnerabilities in Firefox. The pattern emerging from Glasswing partner usage is consistent: every major software system, when scanned by Mythos, has critical vulnerabilities that human experts missed. The scope of the problem is larger than initially estimated.

What Is "Mythos 1.1 Cybersecure"? The Speculation Explained

The label "Mythos 1.1 cybersecure" or "Mythos-cybersecure" that appears in X speculation threads is not a confirmed Anthropic product name. Based on available evidence, it most likely refers to one of two things — and understanding the distinction matters for setting expectations.

Interpretation 1: The safeguarded Opus model (most likely)

Anthropic has explicitly stated it plans to "launch new safeguards with an upcoming Claude Opus model, allowing us to improve and refine them with a model that does not pose the same level of risk as Mythos Preview." Claude Opus 4.7, released April 16, 2026, appears to be this vehicle. It was deliberately trained with lower cybersecurity capabilities than Mythos — scoring 73.1% on CyberGym vs Mythos's 83.1% — and ships with automatic detection and blocking of prohibited cybersecurity uses.

A "Mythos 1.1 cybersecure" would fit this pattern: a follow-on Mythos build that has the full capability of Mythos Preview but with hardened safety rails, tested and refined through the Opus model iterations, that allows broader deployment. This is the pathway Anthropic has described, and "Mythos 1.1" is a plausible naming convention for the first Mythos variant with production-grade cybersecurity safeguards baked in.

Interpretation 2: A Mythos fine-tune for verified security teams

An alternative reading is that Anthropic is developing a Mythos variant specifically for verified cybersecurity professionals — similar to OpenAI's GPT-5.5-Cyber (Trusted Access for Cyber, or TAC) model. This would be a version of Mythos with the full cyber capabilities unlocked but restricted to users who pass the Cyber Verification Program vetting that Anthropic launched alongside Opus 4.7.

This interpretation is supported by the fact that Anthropic's Cyber Verification Program already exists for Opus 4.7 — it gives pen testers, red teamers, and vulnerability researchers access to capabilities that the standard model blocks. A Mythos variant for this verified tier would be a logical next step once safeguards are validated.

For the full context on how Opus 4.7 serves as Anthropic's safeguard testing vehicle — including the Cyber Verification Program for legitimate security researchers — the Claude Opus 4.7 full review covers how Anthropic is deliberately managing the capability gap between Opus and Mythos.

Anthropic's Official Roadmap: The Three Steps to Broader Access

Anthropic has not announced a release date for Mythos. What they have described is a three-step process, and understanding where each step stands tells you how close broader access actually is.

Step 1: Test safeguards on lower-risk Opus models (In Progress)

Anthropic said it will "launch new safeguards with an upcoming Claude Opus model." Opus 4.7 is this vehicle. The automatic cybersecurity use detection, blocking of prohibited outputs, and Cyber Verification Program for researchers are all safeguards being refined through Opus 4.7 in production. Every developer interaction with Opus 4.7's cybersecurity guardrails generates signal Anthropic uses to improve the safety systems.

Status: Active, ongoing. Claude Opus 4.7 launched April 16, 2026. Safeguard refinement from production usage is measured in weeks to months.

Step 2: Expand Project Glasswing defensively (In Progress)

Anthropic's stated goal is to give defenders a "durable advantage" before Mythos-class capabilities proliferate to bad actors. The current Glasswing scope covers approximately 50 organizations responsible for large portions of the world's shared cyberattack surface. Expansion to more organizations — particularly international partners and smaller open-source maintainers — was described as part of the longer-term effort.

Status: Active. The Glasswing consortium is operational. EU access is an open issue — Anthropic has had four to five meetings with the European Commission but access discussions are at a "different stage" than with OpenAI, which has already offered the EU access to GPT-5.5-Cyber.

Step 3: Limited enterprise API access with strict restrictions (Not Yet Started)

The end goal Anthropic describes is enabling users to "safely deploy Mythos-class models at scale." The path to that endpoint runs through restricted enterprise API access with heavily scoped use cases, waitlist rather than open registration, and usage monitoring. This is not general availability — it is a controlled enterprise tier several steps above the current Glasswing preview.

Status: Not yet started. Anthropic has not announced a timeline, waitlist, or pricing beyond the confirmed Glasswing partner rate of $25/$125 per million tokens.

For the full context on how Claude Security (Anthropic's enterprise security product powered by Opus 4.7) relates to Project Glasswing and serves as the "on-ramp" for organizations that aren't in the restricted Glasswing partner list, the Claude Security complete guide covers exactly how enterprises can access Anthropic's AI-powered security capabilities today without waiting for Mythos.

The Government Approval Question: Could Regulation Delay Mythos?

The government angle is the newest and least settled dimension of the Mythos story. It is what's driving the May 2026 trending topic more than any Anthropic announcement.

The Trump administration is reportedly considering an Executive Order that would require pre-deployment vetting of new frontier AI models before public release. The US Commerce Department's Center for AI Standards and Innovation (CAISI) has announced agreements with model companies for pre-deployment evaluations — extending what was previously an informal commitment.

The Mythos scenario created political pressure from multiple directions:

Defense Department angle: The US Defense Department designated Anthropic as a "supply chain risk" in March 2026, and President Trump directed federal agencies to stop using its technology. That designation appears to be under reconsideration following Mythos's demonstrated capabilities.
Intelligence value: The Trump administration is reconsidering its approach to Anthropic specifically because a model that can autonomously find and exploit vulnerabilities in adversary systems has obvious national security value.
Geopolitical pressure: OpenAI has already offered the EU access to GPT-5.5-Cyber. Anthropic's failure to extend similar access to European allies is creating diplomatic friction and creating a narrative that Anthropic's safety-first release process is strategically disadvantageous.

Ethan Mollick's question — how Anthropic navigates government approval while competitors release equivalent models under different frameworks — captures a real structural dilemma. If formal pre-deployment government approval becomes required for Mythos-class models, the timeline could extend by months. If approval is advisory rather than mandatory, Anthropic maintains control of the release schedule.

One additional complication: a group already gained unauthorized access to Mythos through a vendor. If regulatory scrutiny focuses on the security of the controlled deployment rather than the model release itself, Anthropic may face pressure to demonstrate that Glasswing access is actually secure before expanding it.

Claude Mythos vs GPT-5.5-Cyber: The Competitive Pressure

While Anthropic holds Mythos in restricted preview, OpenAI launched GPT-5.5-Cyber as its competitive answer — rolling out in limited preview to vetted cybersecurity teams and, notably, offering EU access while Anthropic has not.

The competitive dynamic is real. OpenAI's willingness to offer EU access while Anthropic holds back is creating a narrative that Anthropic's stricter safety process is creating competitive disadvantages. Whether this is true depends on your view of the risk: if Anthropic is right that the model is genuinely dangerous without adequate safeguards, the caution is warranted. If cybersecurity experts are right that similar capabilities are already achievable through "clever orchestration of public models," the restriction may be more symbolic than protective.

My read: Anthropic is playing a longer game. Their stated strategy — test safeguards on Opus models, expand Glasswing defensively, then roll out enterprise API access — is a structured approach to building the safety infrastructure before unlocking capability. OpenAI moved faster and is capturing developer mindshare. Anthropic has deeper safety credibility with regulators and certain enterprise buyers. Both approaches will attract users, but for different segments.

For the Opus 4.7 regression issues that are creating real developer friction right now — separate from the Mythos question — the Claude Opus 4.7 regression explained covers what changed post-launch and how it affects production teams.

When Will You Actually Be Able to Use It? The Realistic Timeline

No official date exists. Based on everything Anthropic has said, the state of Project Glasswing, the government oversight dynamics, and Anthropic's historical release cadence, here is the most data-grounded timeline estimate available as of May 13, 2026:

The most important signal to watch: Anthropic explicitly said it will announce when it makes any changes to its safeguard processes in advance of doing so. That commitment to transparency means the roadmap will be visible before it happens — you will not be surprised by a Mythos launch.

The honest uncertainty: government oversight could accelerate this timeline (if regulators fast-track pre-deployment evaluation to build AI safety infrastructure) or delay it (if mandatory approval processes add months to each model review cycle). The Trump administration's evolving position on Anthropic — moving from "supply chain risk" designation toward potential strategic partnership — is the wildcard with the most uncertainty.

For developers who want frontier AI security capability today without waiting for Mythos access — including how to start scanning your codebase for vulnerabilities using Claude Opus 4.7's capabilities right now — the Claude Security guide covers the enterprise security product available at claude.ai/security for all Enterprise customers.

Frequently Asked Questions

When will Claude Mythos be released to the public?

Anthropic has not announced a release date. The company has said it does not plan to make Mythos Preview generally available, and the path to broader access runs through three steps: testing safeguards on Opus models, expanding Project Glasswing defensively, and then launching limited enterprise API access. Based on this roadmap and Anthropic's historical cadence, the most realistic estimate for limited enterprise API access is Q3–Q4 2026. Consumer availability is 2027 or later.

What is Project Glasswing and how do I get access?

Project Glasswing is Anthropic's controlled access program for Claude Mythos Preview, restricted to defensive cybersecurity work. Current members include approximately 50 named organizations: AWS, Apple, Microsoft, Google, Nvidia, CrowdStrike, JPMorgan Chase, Cisco, Palo Alto Networks, Broadcom, the Linux Foundation, and roughly 40 additional critical infrastructure organizations. Access is by invitation only and is not accepting open applications. The API pricing for Glasswing partners is $25 per million input tokens and $125 per million output tokens.

What is Claude Mythos 1.1 cybersecure?

"Mythos 1.1 cybersecure" is community speculation, not a confirmed Anthropic product. It most likely refers to either: (1) an upcoming Mythos variant with production-grade cybersecurity safeguards tested through the Opus 4.7 iteration — which would enable broader deployment; or (2) a Mythos fine-tune for verified security professionals, similar to OpenAI's GPT-5.5-Cyber (Trusted Access for Cyber). Anthropic has committed to publicly announcing any changes to its safeguard processes before making them.

Does releasing Mythos put Anthropic at a competitive disadvantage?

This is the central tension in the current debate. OpenAI launched GPT-5.5-Cyber and offered EU access; Anthropic has withheld Mythos from Europe while negotiations continue. Cybersecurity experts point out that similar capabilities are achievable through orchestrated public models, making the restriction partly symbolic. The counterargument is that Anthropic's stricter process builds regulatory and enterprise trust that has long-term strategic value — particularly as governments move toward pre-deployment oversight requirements where Anthropic's established evaluation track record becomes an advantage.

How does Claude Mythos compare to GPT-5.5-Cyber?

On confirmed benchmarks, Mythos leads: 93.9% SWE-bench Verified, 94.6% GPQA Diamond, 83.1% CyberGym — all significantly higher than publicly available models including GPT-5.4. GPT-5.5-Cyber benchmarks are not publicly disclosed. The access model differs: GPT-5.5-Cyber is available to vetted cybersecurity teams through OpenAI's Trusted Access for Cyber program and has been offered to EU partners. Mythos access remains restricted to the Glasswing consortium, and EU access is in negotiation.

Why hasn't Anthropic released Mythos to Europe?

Anthropic has had four to five meetings with the European Commission but access discussions are at a "different stage" than OpenAI's EU engagement. The difference likely reflects regulatory risk assessment — European data protection frameworks and the EU AI Act create compliance considerations that require more thorough preparation than the US rollout. OpenAI chose to move faster on EU access; Anthropic appears to be taking additional time for compliance validation.

What is the Capybara model tier?

Capybara is the internal codename for the new tier above Opus that Anthropic introduced with Claude Mythos. Anthropic's model hierarchy runs: Haiku (fastest/cheapest) → Sonnet (mid-range) → Opus (flagship) → Capybara (above Opus). Mythos Preview is the first model in the Capybara tier. The introduction of a new tier signals that Mythos is not a cleaned-up Opus upgrade but a structurally different model class with different compute requirements and risk profile.

Can I use Claude Security as an alternative to Mythos while I wait?

Yes. Claude Security, launched April 30, 2026, and powered by Claude Opus 4.7, is available to all Claude Enterprise customers at claude.ai/security. It scans GitHub-hosted repositories for security vulnerabilities using Anthropic's AI reasoning capabilities. It is less capable than Mythos Preview on the hardest vulnerability discovery tasks — Opus 4.7 scores 73.1% on CyberGym vs Mythos's 83.1% — but is production-accessible today and has already helped teams discover 500+ vulnerabilities that survived years of expert review.

Recommended Blogs

References

Claude Mythos: Release Date, Access, and What Comes Next in 2026

Claude Mythos: What It Is and What It Can Do

The three confirmed capability domains where Mythos dramatically outperforms Claude Opus 4.7: