Anthropic’s restricted Claude Mythos model is preparing for a limited rollout through Claude Code and Claude Security. References to the model, including the string claude-mythos-1-preview, appeared briefly in the public version of Claude Code before Anthropic pulled them offline, confirming the company is actively building the release pipeline.

The appearance signals a major shift. Anthropic held Mythos back from public release since April 2026 because the model posed severe risks to global digital infrastructure. Now, with the Project Glasswing initiative underway, Anthropic appears ready to give at least some users controlled access to the model through Claude Code and Claude Security.
This article covers what Claude Mythos is, why Anthropic restricted it, what Project Glasswing has accomplished, and what to expect as a Claude Code user.
What Is Claude Mythos?
Claude Mythos is a general-purpose language model Anthropic announced on April 7, 2026. It delivers strong performance across the board, but its most striking capabilities sit in computer security tasks, which far outpace Anthropic’s current flagship model, Opus 4.7.
Anthropic did not explicitly train Mythos for cybersecurity. These capabilities emerged as a downstream consequence of general improvements in code reasoning and autonomy, the same improvements that make the model substantially better at patching vulnerabilities too.
What separates Mythos from every previous Claude model:
- It identifies and exploits zero-day vulnerabilities in every major operating system and web browser when prompted
- It writes multi-step exploit chains that link together four or more vulnerabilities without human intervention
- It develops working exploits from patched CVEs at a success rate that dwarfs previous models
- It uncovered a 27-year-old bug in OpenBSD, an operating system specifically known for its security, that had survived every prior audit
To put the capability gap in concrete terms: Anthropic tested both Opus 4.6 and Mythos Preview against Firefox 147’s JavaScript engine vulnerabilities. Opus 4.6 produced working shell exploits two times out of several hundred attempts. Mythos Preview produced 181 working exploits from the same vulnerability set, and achieved register control on 29 additional attempts.
Internal benchmarks tell the same story. On a corpus of roughly 7,000 entry points into open-source repositories, Sonnet 4.6 and Opus 4.6 each achieved a single crash at tier 3 on a five-tier severity ladder. Mythos Preview achieved a handful at tiers 3 and 4, and reached full control flow hijack on ten separate, fully patched targets.
Why Anthropic Restricted Claude Mythos
Anthropic held back Claude Mythos because it can automatically develop functional cyberattacks at a highly professional level. Releasing it without guardrails would hand attackers a decisive advantage over defenders.
Anthropic warned: “The advantage will belong to the side that can get the most out of these tools. In the short term, this could be attackers, if frontier labs aren’t careful about how they release these models. In the long term, we expect it will be defenders who will more efficiently direct resources and use these models to fix bugs before new code ever ships.”
Engineers at Anthropic with no formal security training have prompted Mythos Preview to find remote code execution vulnerabilities overnight and woken up the next morning to a complete, working exploit. Non-experts can leverage it at that level, which is exactly what makes unsupervised public access dangerous.
The restriction stays in place until Anthropic develops what it calls “far stronger safeguards.” Project Glasswing and the controlled Claude Code integration represent the first structured steps toward that release.
What Is Project Glasswing?
Project Glasswing is Anthropic’s collaborative effort to use Mythos Preview to secure the world’s most critical software before models with similar capabilities become broadly available from other AI companies. Anthropic published an early update on Project Glasswing’s progress covering the first month of results.
The project currently includes approximately 50 organizational partners, among them Cloudflare, Mozilla, Palo Alto Networks, Cisco, and at least one major financial institution. Each partner uses Mythos Preview to scan their own codebases under a coordinated vulnerability disclosure framework.
Results from the first month:
- Partners collectively found more than 10,000 high- or critical-severity vulnerabilities
- Cloudflare found 2,000 bugs across critical-path systems, with a false positive rate Cloudflare considers better than human testers
- Mozilla found and fixed 271 vulnerabilities in Firefox 150, over ten times more than it found in Firefox 148 using Opus 4.6
- Palo Alto Networks released over five times its usual number of patches in its latest update
- At a Glasswing partner bank, Mythos Preview helped detect and prevent a fraudulent $1.5 million wire transfer after a threat actor compromised a customer email account and made spoofed phone calls
The UK’s AI Security Institute confirmed that Mythos Preview is the first model to solve both of its cyber ranges, which simulate multistep cyberattacks, end to end. XBOW, an independent security platform, described it as a “significant step up over all existing models” on its web exploit benchmark.
What Claude Mythos Found in Open-Source Software
Alongside its partner work, Anthropic has used Mythos Preview to scan more than 1,000 open-source projects that collectively underpin much of the internet.
So far, Mythos Preview has identified an estimated 6,202 high- or critical-severity vulnerabilities in those projects, out of 23,019 total vulnerabilities found across all severity levels. Of the 1,752 findings assessed by independent security research firms, 90.6% proved to be genuine vulnerabilities, and 62.4% were confirmed as high- or critical-severity.
Two specific examples Anthropic has disclosed:
wolfSSL (CVE-2026-5194): Mythos Preview constructed an exploit in wolfSSL, an open-source cryptography library used by billions of devices. The exploit allowed an attacker to forge certificates, enabling the creation of fake websites for banks or email providers that appear completely legitimate to end users. This vulnerability has been patched.
FFmpeg (H.264 codec): Mythos Preview found a 16-year-old vulnerability in FFmpeg’s H.264 decoder. The underlying bug dates back to a 2003 commit and was converted into an exploitable vulnerability during a 2010 refactor. Every fuzzer and human auditor since had missed it. Three additional FFmpeg vulnerabilities found by Mythos have been patched in FFmpeg 8.1.
The bottleneck at this stage is no longer finding vulnerabilities. It is human capacity to triage, report, and patch them. Several open-source maintainers have asked Anthropic to slow its disclosure rate because they do not have enough capacity to process the volume of incoming reports. On average, a high- or critical-severity bug found by Mythos Preview takes two weeks to patch.
Claude Mythos Is Coming to Claude Code
According to tracking by @testingcatalog, the string claude-mythos-1-preview appeared in Claude Code and Claude Security for a brief window before Anthropic removed it. Some users also noticed a toggle to enable Mythos within the public version of Claude Code before it went offline.

Anthropic has already released Claude Security in public beta for Claude Enterprise customers. Claude Security is a tool that helps teams scan their codebases for vulnerabilities and generate proposed fixes. In the three weeks since launch, it has patched over 2,100 vulnerabilities using Opus 4.7. Mythos integration would take that capability considerably further.
For broader context on Anthropic’s full security rollout plan and what Mythos Preview can do at a technical level, the official Mythos Preview research paper covers the model’s evaluation methodology, zero-day findings, and exploit construction in detail.
If you already use Claude Code on Windows, watch for a model selector update in the interface. The claude-mythos-1-preview model string follows the same naming pattern as other Claude model releases, suggesting it will appear as a selectable model rather than a separate product.
It is not yet confirmed whether Mythos will be available across all subscription tiers or restricted to enterprise customers and users enrolled in Anthropic’s Cyber Verification Program, which allows security professionals to use Claude models for legitimate purposes such as penetration testing and red-teaming without certain misuse safeguards.
How Claude Mythos Changes Claude Code for Developers
For most Claude Code users, the arrival of Mythos brings stronger code analysis and vulnerability detection built into the same terminal workflow. You do not need to change how you use the tool. The model change would appear as a new option in model selection.
For security teams on enterprise plans, the integration of claude-mythos-1-preview into Claude Security represents a substantial upgrade over the Opus 4.7 baseline that currently powers that tool.
Anthropic has also published a set of resources for security professionals wanting to work at Mythos level without waiting for general availability:
- Custom skills (repeatable instructions for security scanning tasks) that Anthropic and its Glasswing partners have built
- A harness that helps Claude map a codebase, spin up parallel scanning subagents, triage findings, and generate reports
- A threat model builder that maps a codebase to identify likely attack targets and prioritizes scanning accordingly
Cisco has also open-sourced its Foundry Security Spec, giving other defenders a template for building evaluation systems similar to the one Cisco uses in production.
When Will Claude Mythos Be Available?
Anthropic has not set a public release date. The company says a general release will happen “once we’ve developed the far stronger safeguards we need.” The brief visibility of claude-mythos-1-preview inside Claude Code and Claude Security indicates that rollout preparation is active, not theoretical.
Anthropic is also expanding Project Glasswing to additional partners, including US and allied governments. As the safeguard infrastructure matures across those partnerships, broader access will follow.
If you encounter a Claude AI not working error or run into a Claude temporarily unavailable message during the rollout period, those interruptions are likely tied to staged deployment activity rather than a permanent restriction on your account.
Anthropic’s position is clear: models as capable as Mythos Preview will soon exist at multiple AI companies. The window for defenders to get ahead of that shift is narrow, and Project Glasswing is the company’s direct response to that timeline.
