Claude Mythos is the highest-capability model Anthropic has ever publicly acknowledged — and almost no one can use it. This is the practical explainer: what Mythos actually is, what the benchmarks show, how Project Glasswing gates access, what it costs the partners who do have it, and what the strategy signals about the next 12 months of frontier API access.
What Mythos is, in one paragraph
Mythos is Anthropic's most capable frontier model class as of mid-2026. Announced April 7 as Claude Mythos Preview, it's a general-purpose LLM whose cybersecurity capabilities Anthropic judged dangerous enough to keep out of the standard API tier. Instead of a normal launch, Anthropic gated it behind Project Glasswing — a defensive-security coalition that initially included 12 launch partners and has since expanded to roughly 150 vetted organizations across 15+ countries.
The benchmark gap is real
Anthropic published direct Mythos Preview vs Claude Opus 4.6 comparisons. The deltas are large enough that the security framing isn't marketing dress-up.
| Benchmark | Mythos Preview | Opus 4.6 |
|---|---|---|
| CyberGym (vulnerability reproduction) | 83.1% | 66.6% |
| SWE-bench Verified | 93.9% | 80.8% |
| SWE-bench Pro | 77.8% | 53.4% |
| SWE-bench Multimodal | 59.0% | 27.1% |
| Terminal-Bench 2.0 | 82.0% | 65.4% |
| Humanity's Last Exam (with tools) | 79.6% | 72.7% |
| GPQA Diamond | 94.6% | 91.3% |
On the security benchmark that matters most for defensive work (CyberGym), Mythos Preview is 25% better than Opus 4.6 at reproducing real-world vulnerabilities. On SWE-bench Multimodal — end-to-end software engineering with vision — the gap is 2.2×.
The phrasing Anthropic used to describe Mythos was telling: "performs strongly across the board, but is strikingly capable at computer security tasks." That "strikingly" is doing a lot of work in their internal risk assessment.
Project Glasswing — the access model
Anthropic decided early that putting a model this capable on the self-serve API would be net-negative for global software security. Project Glasswing is the workaround: defensive distribution to organizations that own critical-infrastructure attack surface.
Launch partners (April 2026)
12 organizations got Mythos Preview at launch:
- Amazon Web Services
- Anthropic (internal)
- Apple
- Broadcom
- Cisco
- CrowdStrike
- JPMorganChase
- The Linux Foundation
- Microsoft
- NVIDIA
- Palo Alto Networks
The pattern: hyperscale infrastructure (AWS, Google, Microsoft, Apple), enterprise networking + endpoint (Cisco, Palo Alto, CrowdStrike), silicon (Broadcom, NVIDIA), and the foundational OSS substrate (Linux Foundation). One financial institution (JPMorgan) — likely a template for sector expansion.
Expansion (May 2026)
Anthropic added ~150 more organizations across 15+ countries — power, water, healthcare, communications, hardware. Reported additions include Okta, Samsung, ENISA (the EU cybersecurity agency), and NATO.
Access cost (for partners who have it)
Mythos Preview is billed at $25 / $125 per million input/output tokens on the partner tier — accessible via the Claude API, Amazon Bedrock, Google Vertex AI, and Microsoft Foundry. That's:
- 2.5× more expensive than Opus 4.6 ($10/$50 → roughly comparable)
- ~1.67× more than Opus 4.8 ($15/$75)
Anthropic has committed $100M in usage credits to cover Glasswing through the preview period — meaning vetted partners are largely spending Anthropic's money to find bugs at scale.
What Glasswing has actually produced
The numbers from the May expansion announcement:
- 10,000+ high/critical severity findings in the first weeks
- 23,000+ potential vulnerabilities identified across partner codebases
- 6,000+ confirmed severe flaws (Anthropic estimate)
Mozilla, Palo Alto Networks, and Cloudflare all reported productive results turning Mythos against their own products. That's not a controlled demo — that's working defensive output at industrial scale.
The most prominent independent validation came in late May from outside Glasswing entirely: security researcher Taylor Hornby used Opus 4.8 (not Mythos — just the public flagship) to discover a critical zero-knowledge proof bug in Zcash that had been live since 2022. If Opus 4.8 found that, what Mythos is finding for Glasswing partners isn't hypothetical.
Will Mythos ever be generally available?
Anthropic has been explicit about the answer in both directions:
On Mythos Preview specifically: No. Quote: "We do not plan to make Claude Mythos Preview generally available." This exact model stays in Glasswing.
On Mythos-class capability: Yes, eventually. Quote: "Once we've developed the far stronger safeguards we need, we look forward to making Mythos-class models available through a general release." The path: ship those safeguards first with a lower-risk Opus release, then expose Mythos-tier capability behind them.
The intermediate signal worth tracking: a model identifier
claude-oceanus-v1-p appeared in the Claude Console on June 3, with
red-team access reportedly granted around the same day. Oceanus
appears to be the next preview candidate in the Mythos line — focused
on agentic coding + offensive security rather than chat — moving
through evaluation toward a possible public launch in the second half
of June.
If the pattern holds (red-team access ~1-2 weeks before launch), Mythos-class capability may become buyable by late June or July 2026 — but limited initially to Claude Code, Claude Security, or a new enterprise-only product tier.
What this means for buyers
Three concrete takeaways:
1. The Mythos news doesn't change what you can buy today
If your roadmap depends on Mythos-tier capability, you're waiting. What's buyable today is Opus 4.8 — the public flagship — at $15/$75 list or $10.50/$52.50 effective via Anvat. Opus 4.8 is already strong enough that an independent researcher used it to find a four-year-old ZK proof bug in a major cryptocurrency.
2. The gated-frontier pattern is now mainstream
OpenAI has done private tiers (GPT-4.5 with select labs). Google has done invite-only previews. What's new with Mythos is the explicit "this model is too dangerous for self-serve" framing combined with a formal defensive distribution program.
Expect this to repeat across providers. Frontier capability will arrive at general release deliberately throttled relative to the research frontier. Buyers planning critical workloads should assume the publicly available model is 6-12 months behind what exists.
3. The pricing precedent matters
Mythos Preview's $25/$125 pricing — 67% more than Opus 4.8 for partner access — signals where Anthropic believes premium frontier capability will price. If Oceanus or a successor lands as a generally-available Mythos-class model, expect a similar premium over the standard Opus tier.
A 30% gateway discount (Anvat) on a hypothetical $25/$125 GA model would land at $17.50/$87.50 — still expensive, but the discount becomes more valuable in absolute dollar terms as base prices climb.
What Glasswing isn't
A few myths worth correcting:
- It's not a paid security service. Glasswing partners get Mythos for defensive work on their own codebases. Anthropic isn't running pen tests for hire.
- It's not a competitor to bug-bounty programs. Partner organizations still need to triage, validate, and patch what Mythos surfaces. The model accelerates discovery; humans still do the rest.
- It's not Claude Security (the product). Claude Security shipped to public Enterprise customers in May 2026, but runs on Opus 4.7 — not Mythos. The "Mythos 1" toggle that briefly appeared in Claude Security UI is a placeholder for future Mythos-class capability, not active production.
How to position your stack
If you're building today and might want Mythos-class capability when it ships:
- Build on the OpenAI + Anthropic compatible wire format. That's what every Mythos-class GA release will speak. Avoid SDKs that lock you to a single provider.
- Test with Opus 4.8 today. It's the strongest publicly available model, and the closest analog to where Mythos-class GA pricing will land.
- Add a discount-gateway layer if cost matters. Anvat sits in front of Anthropic-compatible endpoints at 30% off list — applies to Opus 4.8 today, will apply to any Mythos-class release that exposes the standard wire format.
Bottom line
Mythos is real, it's much better than Opus 4.6 on cybersecurity, and it's locked behind Glasswing for safety reasons that look defensible given the benchmark gap. The model itself isn't buyable for normal developers and probably won't be — but Mythos-class capability is coming to the standard API tier within months once Anthropic ships the safeguards. Plan as if Opus 4.8 is what you'll be running for the next 6 months, with a Mythos-class option appearing in the second half of 2026.
How Claude Opus 4.8 found the Zcash bug → Claude Opus 4.8 spec sheet →
Run Opus 4.8 at 30% off list today
The publicly buyable Mythos-precursor. Anvat passes Anthropic's full feature set through (caching, tool use, MCP) with day-0 model launches and 30% off every rate.
Start free → →