Anthropic is preparing to release its most powerful AI model to date — and it can autonomously find and exploit security vulnerabilities at a level that no AI system has achieved before. The model, codenamed Mythos, is currently restricted to roughly 50 defensive-security partners under a program called Project Glasswing, but Anthropic has confirmed it will reach all customers “in the coming weeks.”
Here’s what we know about Mythos, what makes it genuinely different, and what its imminent public release means for cybersecurity.
What Is the Anthropic Mythos Model?
Mythos is a new class of AI model from Anthropic that sits above the Claude Opus line in terms of raw capability. It was reported by The Register in May 2026 based on information from Anthropic’s own security disclosures and partner briefings.
The defining characteristic of Mythos-class models is expert-level performance on offensive cybersecurity tasks. Specifically:
- 73% success rate on expert-level hacking challenges that no AI could reliably complete before April 2025
- 97.6% accuracy on the 2026 USA Math Olympiad — compared to 42.3% for Claude Opus 4.6
- Autonomous discovery of thousands of previously unknown (zero-day) vulnerabilities
- Capability to chain multiple exploits together without human guidance
To put the hacking benchmark in context: these aren’t basic CTF (Capture the Flag) challenges. They’re tasks that previously required senior penetration testers with years of experience and hours of manual work. Mythos completes many of them in minutes.
Why Anthropic Held It Back
Anthropic operates under a self-imposed Responsible Scaling Policy (RSP) that triggers mandatory safety reviews when a model crosses certain capability thresholds. Mythos appears to have triggered the ASL-4 threshold — the highest level currently defined by Anthropic — specifically because of its offensive cybersecurity capabilities.
Before releasing Mythos to the public, Anthropic spent several months testing it with ~50 partner organizations in defensive security roles: red teams at major cloud providers, government cybersecurity agencies, and academic security researchers. The goal was to validate that the model’s capabilities could be meaningfully contained through system prompts, usage policies, and monitoring — and that defenders could benefit from the same capabilities attackers might try to exploit.
The Project Glasswing name is a reference to the glasswing butterfly, whose transparent wings make it nearly invisible — Anthropic’s metaphor for an AI that defenders can use to see threats that are otherwise invisible.
What Mythos Can Do (That Earlier Models Couldn’t)
Previous frontier models including GPT-5.5 and Claude Opus 4.7 could assist with security research — helping write exploit code when given detailed instructions, explaining vulnerabilities from CVE databases, or helping with CTF-style puzzles. What they couldn’t do reliably was autonomously identify vulnerabilities in real systems from scratch.
Mythos changes this in several ways:
- Autonomous recon: Given a target scope, Mythos can enumerate attack surface, identify software versions, correlate them against known vulnerability patterns, and propose exploit chains — all without step-by-step human prompting.
- Zero-day discovery: In controlled tests with partner organizations, Mythos found thousands of previously unpatched vulnerabilities in real codebases. These weren’t in public CVE databases — Mythos reasoned its way to them from first principles.
- Exploit development: For known vulnerability classes, Mythos can develop working proof-of-concept exploits faster than a human expert.
Anthropic has been explicit that these capabilities exist and that they represent a qualitative jump over prior models — not just a marginal improvement.
The Safety Question: What Stops Bad Actors?
This is the obvious question, and Anthropic’s answer is: a combination of Constitutional AI training, runtime monitoring, usage policies enforced at the API layer, and the fact that defenders benefit more from these capabilities than attackers do.
The defensive-security argument goes like this: sophisticated attackers (nation-state groups, advanced criminal organizations) already have significant AI resources and human expertise. Defenders — enterprise security teams, small-to-mid-size businesses, government agencies — are chronically understaffed and under-resourced. Giving defenders access to Mythos-level capability closes that gap more than it opens new attack vectors for already-capable adversaries.
That said, independent security researchers have raised concerns about misuse potential. Even if Anthropic’s own API blocks clearly malicious use, the argument is that once a model capable of autonomous vulnerability discovery is widely available, containment becomes much harder.
When Does Mythos Go Public?
Anthropic said “coming weeks” in late May 2026. Given the context — Anthropic just raised $65 billion at a $965 billion valuation, surpassing OpenAI — a June or July 2026 release seems likely. The company has strong commercial incentive to ship: Mythos will likely be priced above Claude Opus 4.8 and will target enterprise security, government, and research customers.
Expect a tiered release: enterprise API access first, then broader Claude.ai Pro/Max availability, similar to how Claude Code rolled out.
What It Means for the Industry
The Mythos release — whenever it happens — will force a reckoning in the security industry. Vulnerability management workflows that rely on manual pen testing will need to adapt. Bug bounty programs will see floods of AI-assisted submissions. Patch cycles will come under pressure as the time between “vulnerability exists” and “exploit is viable” compresses dramatically.
It also signals that the AI capability frontier is moving faster than most enterprise security teams anticipated. 2025 felt like the year AI became useful for security. 2026 feels like the year it becomes genuinely dangerous — and genuinely essential — at the same time.
Key Takeaways
- Anthropic’s Mythos model can autonomously hack at expert level — 73% success on top-tier security challenges
- It found thousands of real zero-days in partner testing before public release
- Release is imminent: “coming weeks” as of late May 2026
- Anthropic’s case: defenders benefit more than attackers from democratizing this capability
- Context: Mythos was teased alongside Anthropic’s $65B raise and $965B valuation
Whether you work in security or just follow AI, Mythos is the model to watch in June 2026. Nothing released so far has demonstrated this combination of autonomous reasoning and offensive capability at the same time.
