Anthropic’s Claude Mythos cybersecurity model reportedly discovered more than 10,000 high or critical software vulnerabilities — and the company decided to keep it behind a strict access gate. This post explains what Mythos actually is, why it’s restricted, and what Project Glasswing means for software security going forward.
🔍 What Is Claude Mythos Preview?
Claude Mythos Preview is not a product you can sign up for. It is an unreleased frontier model from Anthropic, currently available only to vetted partners through the Project Glasswing initiative. It does not appear in the standard Claude API. It is not the same as Claude Haiku, Sonnet, Opus, or Claude Code.
The name creates real confusion because Anthropic uses “Claude” across multiple distinct products. Mythos sits in a completely separate capability tier — one that Anthropic has determined requires restricted access based on its own internal safety policy.
🏗️ The Claude Capability Stack
Understanding Claude Mythos cybersecurity requires understanding where it sits relative to Anthropic’s other offerings:
| Model / Product | Access | Purpose |
|---|---|---|
| Claude Haiku, Sonnet, Opus | Public API | General reasoning and coding |
| Claude Code | Public | Agentic software development |
| Claude Enterprise | Org-level access | Business deployments |
| Claude Mythos Preview | Gated — partners only | Autonomous cybersecurity research |
The hard line between Claude Enterprise and Mythos Preview is not a pricing tier. It is a safety threshold defined in Anthropic’s Responsible Scaling Policy.
🛡️ What Is Project Glasswing?
Project Glasswing is Anthropic’s coordinated defensive security initiative. Vetted organizations gain controlled access to Mythos and use it to audit their own codebases, generate findings, and report vulnerabilities through a coordinated disclosure process. The goal is straightforward: find critical vulnerabilities in widely deployed software before malicious actors do.
Partner organizations include AWS, Microsoft, Google, Apple, NVIDIA, Cisco, CrowdStrike, the Linux Foundation, and Cloudflare. The workflow runs five stages: Mythos generates findings, human security reviewers validate each one, validated findings go to vendors under embargo, vendors develop patches, and coordinated public disclosure follows after fixes ship. Human reviewers are load-bearing at every stage — not optional.
⚡ Why Mythos Behaves Differently Than a Scanner
Traditional vulnerability scanners match code against known patterns. They are fast and reliable for finding known issues. They cannot find what they have not been told to look for.
Claude Mythos operates differently. It reads a codebase architecturally, builds a model of how the system works, generates hypotheses about how it could be attacked, and traces multi-step exploit chains through the architecture. The Cloudflare engineering team described it this way: it does not behave like a scanner — it behaves like a senior security researcher who understands the whole system.
That distinction matters because the hardest vulnerabilities are compound paths: a misconfigured permission here, an unchecked input there, combined in a sequence that grants access no scanner would flag. Mythos is specifically designed to find those chains.
📊 What the Reported Numbers Actually Mean
Glasswing has reportedly produced more than 10,000 high or critical severity findings across major software projects. The UK AI Security Institute — a government-backed organization whose mandate is assessing AI risk — conducted an independent evaluation and concluded that Mythos outperforms other frontier models on advanced cyber tasks, including multi-step attack simulations.
These numbers should be read carefully. Not every finding is immediately exploitable. The validation pipeline exists precisely because AI-generated findings require human judgment to triage. “Reported” is not the same as “confirmed” or “exploited.”
⚠️ Why Anthropic Is Restricting Access
Anthropic’s Responsible Scaling Policy defines capability thresholds — called ASL levels — that determine how a model must be deployed. ASL-3 applies when a model could provide serious uplift toward widespread harm. Mythos is the first model Anthropic has assessed as crossing the ASL-3 cybersecurity threshold.
The restriction is not an ad hoc product decision. It is a pre-committed policy consequence: Anthropic published the RSP framework before Mythos existed. The underlying concern is dual-use risk — the same capability that generates a proof-of-concept finding for a defender can, in principle, generate it for an attacker. Glasswing’s access controls and human-in-the-loop validation are designed to preserve the defensive benefit while limiting offensive misuse.
🔮 The Future of AI-Powered Security
The most significant change Mythos represents is not the raw number of vulnerabilities reported. It is where the bottleneck moves.
A skilled senior security researcher might complete around 50 thorough code reviews in a year. Glasswing has reported over 10,000 findings. Once AI handles discovery at that scale, human engineers become the rate-limiting factor — not in finding bugs, but in verifying, triaging, and patching them fast enough. Security workflows become agentic. Patch engineering becomes the scarce resource.
If AI can discover vulnerabilities at scale on the defensive side, similar models will eventually be available on the offensive side. The future of cybersecurity may involve AI systems on both sides — which makes coordination, access controls, and disclosure infrastructure more important than any individual capability leap.
FAQ
What is Claude Mythos Preview?
Claude Mythos Preview is an unreleased frontier AI model from Anthropic with specialized cybersecurity reasoning capabilities. It is not publicly available. Access is restricted to vetted partners participating in Project Glasswing. It is the first model to cross Anthropic’s ASL-3 cybersecurity capability threshold.
Can I access Claude Mythos?
No. Claude Mythos Preview is not available through the public Claude API, Claude.ai, or Claude Enterprise. Access requires a vetted partnership agreement through Project Glasswing. Anthropic has not announced any timeline for broader access.
What is Project Glasswing?
Project Glasswing is Anthropic’s coordinated defensive security initiative that deploys Claude Mythos among vetted partners — including AWS, Microsoft, Google, Apple, NVIDIA, Cisco, CrowdStrike, and the Linux Foundation — to discover and responsibly disclose software vulnerabilities before attackers can exploit them.
How is Claude Mythos different from regular Claude models?
Standard Claude models are general-purpose reasoning and coding assistants. Claude Mythos is specifically evaluated for autonomous security reasoning — analyzing entire codebases architecturally, constructing multi-step exploit chains, and generating proof-of-concept vulnerability findings. It reasons about systems the way a senior security researcher would, rather than matching known patterns.
What is ASL-3 in Anthropic’s Responsible Scaling Policy?
ASL-3 is a capability threshold in Anthropic’s Responsible Scaling Policy. It applies when a model could provide serious uplift toward widespread harm in a specific domain. Mythos is the first model Anthropic has assessed as crossing the ASL-3 threshold for cybersecurity tasks, which requires restricted deployment and independent evaluation before any broader release.
Is Claude Mythos dangerous?
The dual-use risk is real: the same capability that finds vulnerabilities for defenders can, in principle, help generate exploits for attackers. This is why Anthropic restricts access, requires human validation at every pipeline stage, and operates under the Responsible Scaling Policy. The current Glasswing deployment is explicitly defensive in mandate.
✨ Key Takeaways
- 🔒 Claude Mythos Preview is gated and not publicly available — it requires a vetted Glasswing partner agreement
- 💡 Mythos reasons about systems architecturally rather than pattern-matching — that is the qualitative difference from traditional scanners
- 🛡️ Project Glasswing channels Mythos through a coordinated disclosure model with major infrastructure partners including AWS, Microsoft, and Google
- ⚠️ ASL-3 restriction is a pre-committed policy outcome, not an ad hoc product decision
- ⚡ The real shift: AI accelerates vulnerability discovery so much that human patch engineering becomes the new bottleneck
- 📊 Over 10,000 high or critical findings reportedly produced, with independent evaluation by the UK AI Security Institute
The future of software security is not just about smarter discovery tools — it is about building the coordination infrastructure to act on what those tools find.
