Claude Mythos: the model you can't use

Anthropic built a frontier model, then said it won't sell it. Here's what Mythos Preview is, and why it's locked away.

By the benchr team · · View changelog · Figures verified against official sources, 13 June 2026

Almost every model we cover comes with a price and a signup link. This one comes with a closed door. Anthropic calls it Claude Mythos Preview, describes it as a general-purpose frontier model and its most capable yet for coding and agentic tasks, and then says, in its own words, that it does not plan to make it generally available. No API tier for you. No app. No waitlist that ends in access. That restriction isn't a footnote. It's the entire story.

So read this as a review of something you can't buy, because understanding why Anthropic would build a frontier model and lock it away tells you more about where this technology is heading than another benchmark would.

Vulnerabilities found 10,000+ High- or critical-severity, in about a month
Partners with access ~50 Started as a dozen, expanded
Anthropic's commitment $100M In Mythos usage credits

What Project Glasswing is

Mythos Preview lives inside Project Glasswing, which Anthropic launched on April 7, 2026 as an initiative to secure the world's most critical software for the AI era. The logic behind it is simple and a little unsettling: a model good enough to deeply understand and rewrite complex software is, by the same skill, good enough to find its security holes. Anthropic decided that capability was too sharp to hand out, and too useful to sit on, so it built a program around supervised use instead of open release.

The launch cohort was a dozen organizations, counting Anthropic itself: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. That's a roster of the companies whose code underpins much of the internet. Access later widened to roughly 50 organizations, adding names like Cloudflare, Mozilla, and Oracle. Anthropic backed it with up to $100 million in Mythos Preview usage credits and $4 million in donations to open-source security groups.

What it found

The results are the reason this is news rather than a policy memo. Over roughly its first month, Anthropic and its approximately 50 Glasswing partners collectively used Mythos Preview to find more than 10,000 high- or critical-severity software vulnerabilities, thousands of them previously-unknown zero-days. That phrasing matters, so hold onto it: the 10,000-plus figure is high- and critical-severity bugs, and the zero-days are a large subset, not the whole number.

10,000+ High- or critical-severity vulnerabilities found by Anthropic and ~50 partners in about a month, thousands of them zero-days

The specifics land harder than the total. The effort surfaced a 27-year-old vulnerability in OpenBSD and a 16-year-old bug in FFmpeg, flaws that had sat unnoticed through decades of human review, plus a now-patched issue assigned CVE-2026-5194. At one disclosure point, Anthropic reported 1,596 vulnerabilities across 281 open-source projects, the large majority still unpatched when found. A model reading old, battle-tested code and pulling out decades-old holes is exactly the capability Anthropic decided not to ship to everyone.

Why lock it away

The restriction is a bet about asymmetry. A tool that finds zero-days at this rate helps defenders patch, and it helps attackers exploit, and the same weights do both. By keeping Mythos Preview inside a vetted program aimed at securing critical infrastructure, Anthropic is trying to put the capability in defenders' hands first, at scale, before the same class of model is widely available to everyone else. Whether that holds is an open question, but the intent is coherent.

Anthropic has signaled that Mythos-class models, ones with similar capabilities, are meant to become more broadly available over time. It has not committed to a firm public date on its own pages, so any specific "coming soon" timeline you read elsewhere is best treated as press speculation rather than an Anthropic promise. For now, the model that found ten thousand vulnerabilities is one almost no one can run.

That bet just got a real-world stress test from an unexpected direction. On June 12, 2026 — three days after Fable 5 put a leashed version of this capability on sale — a U.S. Commerce Department export-control directive barred Mythos-class models from use by any foreign national, inside or outside the country. Rather than fence off a swath of users that would have included its own foreign-born staff, Anthropic pulled both Fable 5 and Mythos 5 entirely. It disagrees with the recall — its position is that a narrow potential jailbreak shouldn't ground a commercial model deployed to hundreds of millions — and says it is working to restore access. Whichever way it resolves, it sharpens the thesis: a model this capable doesn't stay freely available for long, whether Anthropic gates it or a government does.

Where it sits in Anthropic's lineup

It helps to place Mythos against the models you can use. The flagship you can buy is covered in the Claude Opus 4.8 review, which is Anthropic's most capable generally available model. Mythos sits above that as a restricted research-and-security instrument, not a consumer tier. The agentic skills that show up in Glasswing's vulnerability hunting are the same lineage powering Anthropic's desktop agent, which we cover in the Claude Cowork explainer, and the broader arc of where autonomous code-reading agents are heading is in AI agents, eighteen months in.

The takeaway is unusual for a review: the verdict isn't "buy it" or "skip it," because you can't do either. It's that one of the most capable models of 2026 exists specifically so most people can't touch it, and that decision is the most interesting thing about it.

Frequently asked

Can the public use Claude Mythos?

No. Anthropic states plainly that it does not plan to make Claude Mythos Preview generally available. It's invitation-only, with no self-serve signup, released to a limited group of critical-industry partners and open-source developers through Project Glasswing. If you're not in that program, you can't use it.

What is Claude Mythos for?

Cybersecurity. Anthropic describes Mythos Preview as a general-purpose frontier model, its most capable yet for coding and agentic tasks, and is using it through Project Glasswing to find and fix vulnerabilities in critical software. The reasoning: a model that can deeply understand and modify complex code can also find its security flaws.

What has Mythos found?

A lot. Anthropic and around 50 Project Glasswing partners collectively used Mythos Preview to find more than 10,000 high- or critical-severity vulnerabilities in about a month, thousands of them previously-unknown zero-days. Notable cases include a 27-year-old bug in OpenBSD and a 16-year-old bug in FFmpeg, plus a flaw assigned CVE-2026-5194.

Who are the Project Glasswing partners?

The launch cohort was a dozen organizations including Anthropic itself: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Access later expanded to roughly 50 organizations, with added names including Cloudflare, Mozilla, and Oracle.

Will Mythos-class models ever be public?

It briefly happened, then reversed. On June 9, 2026 Anthropic shipped Claude Fable 5, a Mythos-class model with safety classifiers, to the general public. Three days later a U.S. Commerce Department export-control directive barred Mythos-class models from use by any foreign national, and Anthropic suspended both Fable 5 and Mythos 5 for all customers while it works to restore access. So a public Mythos-class model now exists, but as of June 13, 2026 you still can't reliably use one.

Changelog

  • June 13, 2026 — A U.S. Commerce Department export-control directive barring Mythos-class use by any foreign national led Anthropic to suspend both Claude Fable 5 and Claude Mythos 5 for all customers on June 12; all other Claude models are unaffected and Anthropic says it is working to restore the two. Updated the snapshot, the closing analysis, and the public-availability FAQ — the "model you can't use" thesis now covers the public version too. Verified against Anthropic's statement, the AWS access-revocation notice, and June 12–13 reporting.
  • June 10, 2026 — Added the June 9 development: Claude Fable 5 brings Mythos-class capability to general availability (with safety classifiers), and Claude Mythos 5 supersedes Mythos Preview inside Glasswing. The unrestricted model remains gated, so the analysis here stands.
  • May 30, 2026 — Originally published. The restricted status, Project Glasswing details, partner list, vulnerability figures, and pricing verified against Anthropic's own Glasswing and research pages; the 10,000+ figure framed as high- or critical-severity vulnerabilities, not zero-days alone.

References

  1. Anthropic, "Project Glasswing," anthropic.com/glasswing, accessed May 2026.
  2. Anthropic, "Glasswing initial update," anthropic.com/research, accessed May 2026.
  3. Anthropic, "Claude Mythos Preview," red.anthropic.com, accessed May 2026.
  4. AWS News Blog, "Anthropic Claude Fable 5 on AWS" (June 12, 2026 update: access revoked to support compliance with the U.S. Government export-control directive), aws.amazon.com, accessed June 13, 2026.
  5. "Anthropic disables Claude Fable 5 and Mythos 5 after U.S. export order," Yahoo News, June 13, 2026. Source for the Commerce Department directive, the foreign-national restriction, and Anthropic's stated objection and intent to restore access.