Anthropic released Claude Mythos Preview on April 9, 2026. It isn’t available to you. That choice is the story.
According to Anthropic’s official system card, Claude Mythos Preview is the company’s “most capable frontier model to date” and demonstrates what Anthropic describes as “a striking leap in scores on many evaluation benchmarks” compared to Claude Opus. The model’s security-focused capabilities are the reason for the restricted deployment: according to Anthropic’s internal red team evaluation, Mythos can identify and exploit high-severity software vulnerabilities, including zero-day flaws. Anthropic’s own safety team describes the current situation as revealing “a stark fact: AI models have reached a level of coding proficiency that enables them to conduct advanced cyber operations at machine speed.” (Builders note: exact quote pulled from red.anthropic.com cross-reference excerpt, verify against primary document before publication.)
The deployment mechanism is Project Glasswing, confirmed at T1 on Anthropic’s official pages and red team site. VentureBeat reports the initiative involves approximately 12 partner organizations and carries a $100 million commitment, though Anthropic has not confirmed that figure. The Wire package lists 10 named organizations reported to be part of the consortium – including AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, and NVIDIA – though the complete partner list has not been officially confirmed by Anthropic. The stated purpose is to help vetted partners secure critical software infrastructure using the model’s capabilities.
Mythos didn’t surface quietly. Anthropic’s model reportedly came to wider attention following an accidental data exposure in late March 2026, which multiple outlets described as revealing details about the model’s architecture and unreleased features. The exact nature of what was exposed hasn’t been officially confirmed by Anthropic. Agent Pulse reported on April 8 that a “Claude Code Leak” exposed 500,000 lines of internal AI code, which appears to be the same or a related event. Fortune characterized it as an “accidental data leak” revealing the model’s existence. Whether model weights were exposed is unconfirmed.
On benchmarks: all performance claims come from Anthropic’s own red team evaluation. No independent third-party assessment from Epoch AI or comparable evaluators has published. The `[SELF-REPORTED-BENCHMARK]` caveat applies in full, the capabilities are confirmed as Anthropic’s internal claims, not externally validated findings.
What to watch: which organizations receive Project Glasswing access and what use cases they report; whether Anthropic publishes a broader access roadmap; independent benchmark evaluation when it publishes; and whether the controlled-release framework becomes a reference model for other labs managing dual-use frontier capabilities. The Regulation pillar is worth monitoring here, Project Glasswing raises substantive questions about voluntary versus regulatory controlled-release frameworks that don’t yet have a policy answer.
TJS synthesis: The decision to restrict Mythos access is itself a capability signal. Anthropic is communicating that the model reaches a threshold where broad release creates offensive security risk that outweighs the access benefits, at least for now. That’s a meaningful precedent. Other frontier labs will face the same decision as coding and security capabilities advance. Whether Project Glasswing proves to be a governance model or a stopgap depends on outcomes that haven’t happened yet. For practitioners who want access: the current answer is that you need to be a vetted partner. For everyone else, the more important question is what the existence of a model in this capability tier means for defensive security posture, regardless of who has access. For the comparative picture of how Meta handled the same question on the same day, see our deep-dive analysis and the Muse Spark brief.