Anthropic moves Mythos toward release

Why it matters

Anthropic is moving its restricted Mythos model family closer to day-to-day developer use without opening it to the general public. The company said in May it is keeping Claude Mythos Preview limited because of the model’s ability to identify and develop exploits, while routing parts of that capability through Claude Code and Claude Security. Anthropic paired that rollout with new controls, including human approval requirements, staged access and real-time security tooling. The approach gives security teams a way to use the model’s defensive strengths while Anthropic continues to limit broader distribution. ### Why is Anthropic still restricting Mythos? Anthropic said on May 22 that Mythos Preview showed a “step-change” in exploit-development ability compared with earlier frontier models, and it cited that risk as a reason to avoid a general release for now. In a separate model page, the company said Mythos Preview could identify and exploit zero-day vulnerabilities in major operating systems and web browsers when directed by a user. (anthropic.com) Anthropic also said its eventual goal is to let users deploy Mythos-class models at scale safely, but that it does not plan to make Mythos Preview itself generally available. That distinction matters: the company is testing how much of the model’s security value it can expose through products and controls before deciding on wider access. ### Where is Mythos showing up first? Claude Security is one of the clearest product paths. (red.anthropic.com) Anthropic describes it as a system that scans codebases, validates findings and proposes patches, with nothing applied without human approval. The product is in limited research preview for Team and Enterprise customers, and Anthropic has also described it in public beta materials for enterprise users. Claude Code is the other route. (red.anthropic.com) Anthropic markets Claude Code as an agentic coding system that can read a codebase, make changes across files, run tests and deliver committed code. Third-party reporting this week tied Mythos more directly to Claude Code and Claude Security, but Anthropic’s own product pages already show the two tools as the company’s main controlled environments for cyber-capable models. ### What did Project Glasswing actually find? (anthropic.com) Anthropic said on May 22 that it and roughly 50 partners had used Claude Mythos Preview to find more than 10,000 high- or critical-severity vulnerabilities in “the most systemically important software in the world.” The company said Project Glasswing launched last month to give defenders a head start securing critical software before more capable AI systems can be misused. (anthropic.com) Project Glasswing’s launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks, according to Anthropic. Anthropic also said it extended access beyond those launch partners to more than 40 additional organizations that build or maintain critical software infrastructure. ### What controls is Anthropic putting around rollout? (anthropic.com) Anthropic said Claude Code Security uses multi-stage verification, severity ratings and confidence scores before findings reach analysts. The company also said developers, not the model, make the final call on whether fixes are approved and applied. Anthropic has separately added sandboxing to Claude Code, including filesystem and network isolation, to reduce risk as the coding tool acts more autonomously. (anthropic.com) Taken together, those measures show the company is building release controls around model behavior rather than treating model access as an all-or-nothing decision. That is an inference from Anthropic’s product and engineering materials. ### What happens next? (anthropic.com) Anthropic’s published position as of May 27 is that Mythos Preview remains restricted, while Claude Security and Project Glasswing continue as the main channels for defensive use. The next visible milestones are continued partner testing, wider enterprise use of Claude Security, and any future Anthropic update on when Mythos-class capabilities can move beyond preview under those safeguards. (anthropic.com 1) (anthropic.com 2)

Key numbers

• Anthropic on May 22 said it is keeping Claude Mythos Preview restricted while moving its cybersecurity capabilities into Claude Code and Claude Security.
• Anthropic said about 50 Project Glasswing partners used Mythos Preview to find more than 10,000 high- or critical-severity vulnerabilities in critical software.
• Anthropic said on May 22 that Mythos Preview showed a “step-change” in exploit-development ability compared with earlier frontier models, and it cited that risk as a reason to avoid a general release for now.
• Anthropic also said it extended access beyond those launch partners to more than 40 additional organizations that build or maintain critical software infrastructure.

What happens next

• The company said in May it is keeping Claude Mythos Preview limited because of the model’s ability to identify and develop exploits, while routing parts of that capability through Claude Code and Claude Security.
• Anthropic said on May 22 that Mythos Preview showed a “step-change” in exploit-development ability compared with earlier frontier models, and it cited that risk as a reason to avoid a general release for now.
• In a separate model page, the company said Mythos Preview could identify and exploit zero-day vulnerabilities in major operating systems and web browsers when directed by a user.

Sources

• anthropic.com
• red.anthropic.com
• red.anthropic.com
• anthropic.com
• anthropic.com
• anthropic.com
• anthropic.com 2

Quick answers