The AI model keeping security researchers up at night in 2026 is called Claude Mythos. What it does is simple, and genuinely unsettling: point it at a piece of software, ask it to find vulnerabilities, and it does — then writes working exploit code on top of that.
This article breaks down what Anthropic’s Claude Mythos actually is, why it’s too powerful to sell publicly, and how it connects to Claude Fable.
What Claude Mythos Is
Claude Mythos (full name: Claude Mythos Preview) launched on April 7, 2026. Anthropic describes it as “next-generation intelligence for high-difficulty tasks,” with three stated strengths: security, autonomous coding, and sustained long-running tasks.
It’s a general-purpose model that’s strong across the board, but security is what put it on the map.
This isn’t a consumer product. Anthropic positioned it as a research preview, available only to a small set of institutions. You can’t switch to Mythos on claude.ai.
What It Does Best: Finding Vulnerabilities on Its Own
Mythos’s most talked-about capability is discovering zero-day vulnerabilities.
A zero-day is a security flaw that hasn’t been found yet — so it also hasn’t been patched. Defenders don’t know it’s there. That’s what makes them so dangerous.
According to Anthropic’s published tests, Mythos finds these vulnerabilities across every major operating system and every major browser, including bugs that have been sitting undetected for 27 years. It doesn’t stop at discovery — it can also write working exploit code. One frequently cited comparison: in Firefox testing, Mythos produced 181 functional exploits. The previous-generation Opus model produced 2. Worth noting: this was run in a simulated Firefox environment with browser protections stripped out, not against a fully protected browser on your actual machine.
One detail Anthropic flagged as significant: the vulnerability-finding capability wasn’t something they explicitly trained for. It emerged as a side effect of the model getting better at coding, reasoning, and autonomous task completion overall.
Mythos also cleared Anthropic’s own vulnerability reproduction benchmark (CyberGym) by a clear margin over the previous Opus generation:
Not Just Anthropic’s Word: Independent Verification
Reasonable to wonder whether this is just Anthropic talking up their own model. Two independent data points make the claims more credible:
- The UK’s AI Safety Institute (AISI) ran its own tests and confirmed a meaningful capability jump. Mythos was the first AI to complete the institute’s 32-step “enterprise network attack-and-defense” challenge end-to-end (3 successes out of 10 attempts).
- Mozilla patched 271 vulnerabilities in a single Firefox release — Firefox 150 — that an early version of Mythos had surfaced.
Neither of those numbers came from Anthropic. So “Mythos is genuinely capable” holds up. AISI also added an honest caveat: Mythos got stuck on certain scenarios (like industrial control system challenges), so it’s not unlimited.
Finds More Than Anyone Can Fix
Mythos exposed an uncomfortable gap: AI finds vulnerabilities far faster than humans can patch them. Anthropic says over 99% of the vulnerabilities Mythos found remained unpatched at the time of disclosure.
The bottleneck shifted. The problem used to be finding vulnerabilities. Now it’s having the engineering capacity to close them all.
Why Anthropic Doesn’t Sell It
An AI that finds vulnerabilities and writes exploits is a classic dual-use tool. Defenders use it to close gaps and make systems safer. The same capability in the wrong hands is a ready-made attack weapon.
Anthropic’s answer was to skip public sales entirely and run everything through Project Glasswing — a program that gates Mythos access to institutions committed to using it defensively.
Project Glasswing (named after the glasswing butterfly, whose wings are nearly transparent) is Anthropic’s defensive initiative: use Mythos to scan critical codebases and find vulnerabilities before attackers do. It launched in April 2026 with around 50 partners. By June 2, 2026, Anthropic expanded it to roughly 150 institutions across 15+ countries, covering critical infrastructure sectors including power, water, healthcare, telecommunications, and hardware. Participants include Apple, Nvidia, Microsoft, CrowdStrike, and Palo Alto Networks.
From April through the program’s expansion, Anthropic says partners found over 10,000 high-severity or critical-level vulnerabilities using Mythos.
Anthropic also published an official video introducing the program:
▶️ Project Glasswing official video (YouTube)
Specs at a Glance
Compiled from Anthropic’s official model card and AWS/Google cloud platform listings:
| Spec | Details |
|---|---|
| Release date | April 7, 2026 |
| Positioning | Research preview (security / autonomous coding / long-running tasks) |
| Context window | 1 million tokens |
| Max output | 128K tokens |
| Reasoning | Adaptive thinking (automatic depth adjustment) |
| Knowledge cutoff | December 2025 |
| Vision input | Supported |
| Access | Not publicly sold; institutional access through Project Glasswing only |
How It Connects to Claude Fable 5
On June 9, 2026, Anthropic released Claude Fable 5 alongside Claude Mythos 5. Same underlying model — Fable 5 adds safety guardrails and is available to the general public; Mythos 5 relaxes those constraints and is restricted to authorized security and biomedical professionals, making it the production release of the Mythos Preview covered here.
For the publicly available, top-of-the-line version, see What Is Claude Fable 5.
Penchan’s Take
I don’t have access to Mythos — it’s institution-only — so this is drawn from public information, not hands-on testing. A few things worth keeping in mind:
- AI vulnerability discovery has already surpassed most human experts. That’s good news for defenders who can move faster, and a real concern because attackers are chasing the same capability.
- “Too powerful to sell” is itself a signal. When a model gets locked behind institutional gates, it means the capability has reached the point where it shifts the offense-defense balance in a measurable way.
- This is the context you need to understand Fable. How Anthropic handles the safety tradeoffs as it pushes these capabilities toward general availability will be one of the more consequential AI decisions of the second half of 2026.
Further Reading
— Penna / Penchan