Anthropic shelves Mythos

Anthropic has decided not to release Claude Mythos Preview to the general public and is limiting access through a gated security program called Project Glasswing. (anthropic.com) Anthropic said on April 7 that Project Glasswing would give Mythos Preview to launch partners including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The company also said more than 40 additional organizations that build or maintain critical software infrastructure would get access for defensive work. (anthropic.com) The company’s technical write-up says Mythos Preview is a general-purpose language model with unusually strong cybersecurity skills, including finding software flaws and turning known but unpatched bugs into working exploits. Anthropic said it found the model could identify and exploit zero-day vulnerabilities across major operating systems and web browsers during testing. (anthropic.com) A zero-day is a software flaw that defenders have had zero days to patch before attackers can use it. Anthropic said more than 99% of the vulnerabilities it found with Mythos Preview were still unpatched, which is why it withheld technical details and kept the model out of a broad release. (anthropic.com) Anthropic’s system card describes Mythos Preview as its most capable frontier model to date and says it posted large gains over Claude Opus 4.6 on multiple benchmarks. The same document says the model’s safety review focused heavily on cyber misuse because the model showed a “striking leap” in computer-security performance. (anthropic.com) The company repeated that release strategy a day later when it launched Claude Opus 4.7. In that announcement, Anthropic said it would keep Mythos Preview limited and test new cyber safeguards first on less capable models, with Opus 4.7 serving as the first public step. (anthropic.com) That means the shift is not a canceled model so much as a controlled deployment model: Anthropic is using Mythos Preview inside Anthropic, with a small external research-access group, and inside Glasswing rather than offering it as a normal product launch. Anthropic’s risk report says the model is already widely deployed internally across research, training, security, and deployment safeguards. (anthropic.com) Outside the company, the limited release has drawn notice in Washington and the security industry because it suggests at least one frontier model maker now sees broad cyber capability as a reason to gate access rather than scale it immediately. The Hill reported this week that the restricted rollout was already prompting policy attention over offensive cyber risk. (thehill.com) Security commentators have split on what the move means in practice. Bruce Schneier wrote that Anthropic is “not releasing it to the general public because of its cyberattack capabilities,” while also noting the company is using the model to help find and patch vulnerabilities before similar capabilities spread more widely. (schneier.com) For now, Anthropic’s public line is narrow and specific: Mythos-class systems are being held behind partner and research gates while the company tries to build safeguards around a model it says can break software as well as secure it. (anthropic.com)