Anthropic previews Mythos model leak

Anthropic appears to have moved its security-focused Mythos model line closer to wider product exposure, after references to a “Mythos 1” preview surfaced on May 23 in parts of the company’s user interface and code strings. The leak pointed to access inside Claude Code and Claude Security, two Anthropic products already aimed at software development and vulnerability response. (testingcatalog.com) Anthropic had already disclosed the underlying model family on April 7, when it announced Claude Mythos Preview and launched Project Glasswing, a program giving selected partners early access for defensive cybersecurity work. (anthropic.com) (testingcatalog.com) In that post, Anthropic said Mythos Preview was a general-purpose model that was “strikingly capable” at computer security tasks and had identified vulnerabilities across major operating systems and browsers. The result is that a model Anthropic initially framed as tightly controlled is now showing signs of product packaging around named enterprise tools, even though the company has not published a broad release announcement for Mythos 1. (testingcatalog.com) ### Where did the Mythos leak show up? TestingCatalog reported on May 23 that some users briefly saw “Mythos 1” in Anthropic’s interface and that source-code strings referred to “Access to the Claude Mythos model in Claude Code and Claude Security.” The same report said Anthropic was building out a Claude Security dashboard with vulnerability views, seven-day and 30-day charts, and triage details. (red.anthropic.com) Anthropic’s own Claude Security product page matches that direction. The page says Claude Security scans code, validates findings, assigns severity and confidence ratings, and proposes patches that can be opened in Claude Code for human review. (red.anthropic.com) ### What has Anthropic publicly said about Mythos so far? Anthropic said on April 7 that Mythos Preview had shown a “substantial leap” in cybersecurity capability and that more than 99% of the vulnerabilities it had found were still unpatched, limiting what the company could disclose. The company said the model had identified and exploited zero-day vulnerabilities in every major operating system and every major web browser during testing. (testingcatalog.com) Anthropic expanded that message on May 22 in an initial Glasswing update highlighted in its newsroom. According to the update cited by TestingCatalog, Anthropic and its partners had found more than 10,000 high- or critical-severity vulnerabilities in essential software and said Mythos-class models could eventually reach general release once stronger safeguards were in place. (anthropic.com) ### Why do Claude Code and Claude Security matter here? Claude Code is Anthropic’s coding product for working across full codebases, while Claude Security is its vulnerability-detection and remediation product. Anthropic has already positioned the two as linked tools: the security product proposes fixes, and those fixes open in Claude Code for review. (red.anthropic.com) That pairing makes the leaked strings notable because they suggest Mythos is being prepared as a model option inside products that already handle scanning, validation, and patch workflows, rather than as a standalone research artifact. That is an inference from Anthropic’s published product descriptions and the leaked references, not a public launch statement from the company. (testingcatalog.com) ### What about the “10,000 vulnerabilities” claim? Anthropic’s Glasswing materials are the basis for that figure. The company’s Glasswing page says Mythos Preview has identified thousands of zero-day vulnerabilities in major software, and the May 22 update cited by TestingCatalog put the total at more than 10,000 high- or critical-severity vulnerabilities found with partners. (anthropic.com) Anthropic has also said the pace of discovery is creating pressure on defenders. In the April 7 technical post, the company said over 99% of the vulnerabilities it found had not yet been patched. ### Did Anthropic confirm the pricing complaints? (testingcatalog.com) X users on May 23 complained about jumps from lower-priced tiers to $100 plans, but Anthropic has not published a Mythos-specific pricing page that confirms those posts. What Anthropic has publicly said is that Claude Code rate limits were raised on May 6 for Pro, Max, Team and Enterprise plans, and that added compute capacity would improve service for Claude Pro and Claude Max subscribers. (anthropic.com) Anthropic’s public materials therefore confirm higher-end subscription tiers and expanded Claude Code capacity, but not the leaked Mythos pricing claims circulating on social media. (red.anthropic.com) ### What should readers watch next? May 22 is the latest date on Anthropic’s newsroom for a Glasswing update, and April 7 remains the date of its technical Mythos Preview disclosure. Any formal Mythos 1 rollout would most likely appear in Anthropic’s newsroom, Glasswing materials, or the Claude product pages for Code and Security. Anthropic also said on May 6 that it had raised Claude Code limits and expanded compute capacity, steps that could support heavier security and coding workloads if Mythos access broadens. (anthropic.com 1) (anthropic.com 2)