benchr

Review·May 2026

Claude Mythos: the model you can't use

Anthropic built a frontier model, then said it won't sell it. Here's what Mythos Preview is, and why it's locked away.

· View changelog · Figures verified against official sources, 30 May 2026

Almost every model we cover comes with a price and a signup link. This one comes with a closed door. Anthropic calls it Claude Mythos Preview, describes it as a general-purpose frontier model and its most capable yet for coding and agentic tasks, and then says, in its own words, that it does not plan to make it generally available. No API tier for you. No app. No waitlist that ends in access. That restriction isn't a footnote. It's the entire story.

So read this as a review of something you can't buy, because understanding why Anthropic would build a frontier model and lock it away tells you more about where this technology is heading than another benchmark would.

Vulnerabilities found 10,000+ High- or critical-severity, in about a month
Partners with access ~50 Started as a dozen, expanded
Anthropic's commitment $100M In Mythos usage credits

What Project Glasswing is

Mythos Preview lives inside Project Glasswing, which Anthropic launched on April 7, 2026 as an initiative to secure the world's most critical software for the AI era. The logic behind it is simple and a little unsettling: a model good enough to deeply understand and rewrite complex software is, by the same skill, good enough to find its security holes. Anthropic decided that capability was too sharp to hand out, and too useful to sit on, so it built a program around supervised use instead of open release.

The launch cohort was a dozen organizations, counting Anthropic itself: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. That's a roster of the companies whose code underpins much of the internet. Access later widened to roughly 50 organizations, adding names like Cloudflare, Mozilla, and Oracle. Anthropic backed it with up to $100 million in Mythos Preview usage credits and $4 million in donations to open-source security groups.

What it found

The results are the reason this is news rather than a policy memo. Over roughly its first month, Anthropic and its approximately 50 Glasswing partners collectively used Mythos Preview to find more than 10,000 high- or critical-severity software vulnerabilities, thousands of them previously-unknown zero-days. That phrasing matters, so hold onto it: the 10,000-plus figure is high- and critical-severity bugs, and the zero-days are a large subset, not the whole number.

10,000+ High- or critical-severity vulnerabilities found by Anthropic and ~50 partners in about a month, thousands of them zero-days

The specifics land harder than the total. The effort surfaced a 27-year-old vulnerability in OpenBSD and a 16-year-old bug in FFmpeg, flaws that had sat unnoticed through decades of human review, plus a now-patched issue assigned CVE-2026-5194. At one disclosure point, Anthropic reported 1,596 vulnerabilities across 281 open-source projects, the large majority still unpatched when found. A model reading old, battle-tested code and pulling out decades-old holes is exactly the capability Anthropic decided not to ship to everyone.

Why lock it away

The restriction is a bet about asymmetry. A tool that finds zero-days at this rate helps defenders patch, and it helps attackers exploit, and the same weights do both. By keeping Mythos Preview inside a vetted program aimed at securing critical infrastructure, Anthropic is trying to put the capability in defenders' hands first, at scale, before the same class of model is widely available to everyone else. Whether that holds is an open question, but the intent is coherent.

Anthropic has signaled that Mythos-class models, ones with similar capabilities, are meant to become more broadly available over time. It has not committed to a firm public date on its own pages, so any specific "coming soon" timeline you read elsewhere is best treated as press speculation rather than an Anthropic promise. For now, the model that found ten thousand vulnerabilities is one almost no one can run.

Where it sits in Anthropic's lineup

It helps to place Mythos against the models you can use. The flagship you can buy is covered in the Claude Opus 4.8 review, which is Anthropic's most capable generally available model. Mythos sits above that as a restricted research-and-security instrument, not a consumer tier. The agentic skills that show up in Glasswing's vulnerability hunting are the same lineage powering Anthropic's desktop agent, which we cover in the Claude Cowork explainer, and the broader arc of where autonomous code-reading agents are heading is in AI agents, eighteen months in.

The takeaway is unusual for a review: the verdict isn't "buy it" or "skip it," because you can't do either. It's that one of the most capable models of 2026 exists specifically so most people can't touch it, and that decision is the most interesting thing about it.

Frequently asked

Can the public use Claude Mythos?

No. Anthropic states plainly that it does not plan to make Claude Mythos Preview generally available. It's invitation-only, with no self-serve signup, released to a limited group of critical-industry partners and open-source developers through Project Glasswing. If you're not in that program, you can't use it.

What is Claude Mythos for?

Cybersecurity. Anthropic describes Mythos Preview as a general-purpose frontier model, its most capable yet for coding and agentic tasks, and is using it through Project Glasswing to find and fix vulnerabilities in critical software. The reasoning: a model that can deeply understand and modify complex code can also find its security flaws.

What has Mythos found?

A lot. Anthropic and around 50 Project Glasswing partners collectively used Mythos Preview to find more than 10,000 high- or critical-severity vulnerabilities in about a month, thousands of them previously-unknown zero-days. Notable cases include a 27-year-old bug in OpenBSD and a 16-year-old bug in FFmpeg, plus a flaw assigned CVE-2026-5194.

Who are the Project Glasswing partners?

The launch cohort was a dozen organizations including Anthropic itself: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Access later expanded to roughly 50 organizations, with added names including Cloudflare, Mozilla, and Oracle.

Will Mythos-class models ever be public?

Anthropic says it does not plan to release Mythos Preview itself, but it has signaled that Mythos-class models with similar capabilities are intended to become more broadly available in the future. No firm public timeline is confirmed on Anthropic's own pages, so treat any specific date you see as press speculation rather than an Anthropic commitment.

Changelog

  • May 30, 2026 — Originally published. The restricted status, Project Glasswing details, partner list, vulnerability figures, and pricing verified against Anthropic's own Glasswing and research pages; the 10,000+ figure framed as high- or critical-severity vulnerabilities, not zero-days alone.

References

  1. Anthropic, "Project Glasswing," anthropic.com/glasswing, accessed May 2026.
  2. Anthropic, "Glasswing initial update," anthropic.com/research, accessed May 2026.
  3. Anthropic, "Claude Mythos Preview," red.anthropic.com, accessed May 2026.
Related