Claude Mythos & Project Glasswing: The AI Too Powerful to

What Is Claude Mythos?

Claude Mythos is Anthropic's general-purpose frontier model, not a narrow cybersecurity tool, but a broadly capable AI that happens to be exceptionally good at finding vulnerabilities. It represents a new tier above Opus, trained with techniques that pushed performance well beyond what Opus 4.6 can achieve.

Key Facts

The honest framing of "Claude Mythos" and the Project Glasswing announcements, as the r/ClaudeAI and r/cybersecurity threads have correctly noted: an AI model that can reliably find zero-days is also an AI model that should not be a consumer product, regardless of the vendor's intentions. Anthropic's choice to hold back Mythos mirrors the AI Safety Institute's evaluation framework and the responsible disclosure norms that have held the security community together for decades. This is not PR theater; it is the first public instance of a frontier lab treating offensive capability discovery as a reason to restrict access, not as a launch feature.

Where the community correctly pushes back on the narrative: "Anthropic found thousands of zero-days" is a claim that deserves the same scrutiny any security finding deserves — independent verification, CVE assignment, coordinated disclosure with affected vendors, and eventual public writeups. The MITRE CVE program and the Project Zero disclosure timeline are the durable standards here. Until those show up, the honest read is that Mythos is plausibly a significant capability, and that the full public story is still being written.

The larger point the community keeps landing on: AI-accelerated vulnerability discovery is inevitable, and the interesting question is not whether it happens, but whether the defensive side (Glasswing, internal red teams, security vendor pipelines) can move at the same pace as the offensive side.

Project Glasswing: Defensive AI Security

Instead of burying Mythos or releasing it recklessly, Anthropic created Project Glasswing, a structured partnership program where vetted organizations use Mythos exclusively for finding and fixing vulnerabilities.

The Discovery That Changed Everything

During internal testing, Mythos found vulnerabilities that human security researchers had missed for decades:

• →A 27-year-old bug in OpenBSD, one of the most security-audited operating systems in history
• →A 16-year-old vulnerability in FFmpeg, the media framework used by virtually every video application
• →Exploit chains in the Linux kernel that could be combined for privilege escalation
• →Thousands of additional zero-days across browsers, operating systems, and critical infrastructure software

Launch Partners

12 organizations have direct Mythos access through Glasswing:

An additional 40+ organizations have applied for access and are in the vetting process.

Benchmark Performance

Mythos doesn't just lead benchmarks, it redefines the scale. The gap between Mythos and the second-best model is larger than the gap between Opus 4.6 and mid-tier models.

What These Numbers Mean

SWE-bench Verified (93.9%), Given a real GitHub issue, Mythos can autonomously write the correct fix 94 times out of 100. Opus 4.6 does it 81 times. That 13-point gap is enormous at the top of the scale.

Terminal-Bench 2.0 (82%), The most demanding agentic coding benchmark, where models must navigate real terminal environments, debug errors, and complete multi-step tasks. Mythos leads by 17 points.

CyberGym (83.1%), Purpose-built for evaluating AI on real vulnerability detection. Mythos scores 17 points above Opus 4.6, confirming its exceptional security capabilities.

Why Withhold a Model?

This is the first time a major AI lab has built a general-purpose frontier model and deliberately restricted public access. Understanding Anthropic's reasoning reveals important lessons about AI safety.

The Dual-Use Problem

Mythos can find vulnerabilities defensively (patching them) or offensively (exploiting them). The same capability that makes it invaluable for security teams makes it dangerous in the wrong hands.

Anthropic's Three-Part Strategy

1. →Restricted access, Only vetted partners through Glasswing. No public API, no consumer access.
2. →Financial commitment, $100 million in usage credits for partners and $4 million for open-source security projects.
3. →Responsible disclosure, All vulnerabilities found by Mythos must be reported to maintainers before any public discussion.

The "Capybara" Leak

In March 2026, a data incident exposed internal Anthropic documents referencing a model codenamed "Capybara" with unusual cybersecurity capabilities. The leak included benchmark scores that far exceeded any public model and references to vulnerability discoveries.

Anthropic initially declined to comment. After independent researchers confirmed the benchmark claims, Anthropic accelerated the Project Glasswing announcement, moving it forward by several weeks.

The incident raised important questions about:

• →Security of AI labs themselves, If an AI company can't protect its own secrets, how do we trust them with society-scale decisions?
• →Responsible disclosure timelines, Should Anthropic have announced Glasswing before the leak?
• →Market dynamics, Competitors may now race to build similar capabilities without Anthropic's caution

Pricing & Economics

Mythos is the most expensive AI model publicly priced:

Financial Commitments

• →$100 million in usage credits distributed across Glasswing partners
• →$4 million in grants specifically for open-source security projects
• →Pricing structured to make extensive scanning economically viable for partners

What This Means for Developers

If You're a Security Professional

Project Glasswing is likely the most significant development in AI-assisted security since the invention of fuzzing. If your organization qualifies, apply for Glasswing access. Even without direct Mythos access, expect the vulnerabilities it finds to generate a wave of patches across major projects in coming months.

If You're Using Claude for Coding

Opus 4.6 remains your model. Its 80.8% SWE-bench score and general availability make it the best choice for day-to-day development. Mythos is not coming to Claude.ai, Claude Code, or the public API anytime soon.

If You're Building AI Products

Mythos proves that frontier models continue to advance rapidly. If your product depends on AI capabilities, plan for models that are 15–25% better at coding, reasoning, and analysis every 3–6 months. The jump from Opus 4.6 to Mythos suggests the next publicly available model will be significantly more capable.

The Bigger Picture: AI and Cybersecurity

Mythos represents a turning point for three conversations:

1. AI Capability Growth Is Accelerating

The jump from Opus 4.6 (February 2026) to Mythos (April 2026) is the largest two-month improvement in frontier AI history. This pace has implications for every industry.

2. The Safety vs. Access Debate Gets Real

For years, AI safety discussions were theoretical: "What if a model could do X?" Mythos makes it concrete: "This model can find zero-days in every major OS. What do we do?" Anthropic chose restriction. Not everyone will agree with that choice.

3. Defense Beats Offense (For Now)

By finding vulnerabilities before attackers, Mythos tilts the cybersecurity balance toward defenders, but only if access stays restricted. If similar capabilities leak or are replicated without safety controls, the advantage reverses.

Final Thoughts

Claude Mythos is the most capable AI model ever built, and the first one deliberately kept from the public. Project Glasswing is Anthropic's bet that some capabilities are better deployed through trusted partners than released broadly. Whether this model becomes a blueprint for responsible AI deployment or an example of excessive caution will depend on what happens next: how many vulnerabilities get patched, whether competitors follow Anthropic's approach, and whether Mythos-level capabilities eventually reach the public in a safer form.

For now, Opus 4.6 remains the most powerful Claude model you can actually use. But Mythos shows where AI is heading, and it's heading there fast.