The toggle appeared and disappeared within roughly 24 hours. According to developer reporting from May 25–26, a “Claude Mythos Preview” option briefly surfaced inside Claude Code before being removed. Anthropic hasn’t commented publicly. But the CLI is not where you accidentally expose experimental options, it’s a deliberate surface.
That matters because of what Mythos is. It’s not a general-purpose assistant upgrade. It’s a security-focused model that Anthropic has kept behind a purpose-built access structure, Project Glasswing, since at least early 2026. Access is currently limited to approximately 40 critical software organizations operating under that partner program. The model reportedly can identify vulnerabilities and chain exploit primitives into complete attack sequences, per Anthropic’s internal characterization. That capability profile is why the access restrictions exist.
The toggle sighting doesn’t mean Mythos is coming to Claude Code next week. It means Anthropic’s internal tooling infrastructure is building toward a moment where that toggle will stay on. That’s a different kind of signal than a press release.
Prior coverage puts the sighting in context. In mid-May, the UK AISI completed an external evaluation of Mythos against a cybersecurity benchmark. Shortly after, Project Glasswing’s coordination architecture was detailed publicly. Anthropic has also opened Mythos vulnerability data to select third parties. Each step has expanded the circle, carefully, with visible friction. The CLI toggle fits that pattern.
The practical gap worth noting: none of what Anthropic has disclosed publicly addresses latency or throughput at production scale. The model’s security capabilities have been characterized in controlled evaluation contexts. How those hold up under the load of a real developer organization’s codebase, with real-time feedback cycles, remains undisclosed. Security teams evaluating Mythos readiness should treat capability claims as starting points, not deployment specifications.
What to watch for: two things. First, whether Glasswing partner count expands beyond the reported ~40. Second, whether Anthropic’s Coordinated Vulnerability Disclosure dashboard, which reportedly tracks Mythos’s vulnerability scanning activity, becomes publicly accessible. Both would indicate the restriction perimeter is widening intentionally. Right now, it widened briefly and then contracted. That’s meaningful, but it isn’t access.
What to Watch
Don’t expect a general release announcement. Anthropic has stated clearly it won’t make Mythos broadly available until defensive capabilities are stronger. The CLI toggle is evidence that the infrastructure for broader access is being built. It’s not evidence the decision to deploy it has been made.
Practitioners using Claude Code today should note the sighting without updating their access expectations, yet. Security teams outside Glasswing should be mapping what Mythos-level capability would require of their detection and response architecture, not because access is imminent, but because it won’t be imminent forever.