Anthropic's Mythos Model Surfaces in Claude Code Ahead of Wider Release
Anthropic's most powerful restricted model, Claude Mythos 1, briefly appeared in Claude Code and Claude Security interfaces on May 25 — signaling the first commercial rollout of the model that found over 10,000 zero-day vulnerabilities under Project Glasswing.
Image by CWA
title: "Anthropic's Mythos Model Surfaces in Claude Code Ahead of Wider Release" date: "2026-05-26" description: "Anthropic's most powerful restricted model, Claude Mythos 1, briefly appeared in Claude Code and Claude Security interfaces on May 25 — signaling the first commercial rollout of the model that found over 10,000 zero-day vulnerabilities under Project Glasswing."
Anthropic appears to be moving its flagship restricted model, Claude Mythos, toward a commercial release — with the model identifier claude-mythos-1-preview surfacing in public Claude Code and Claude Security interfaces on May 25, 2026. Some users briefly spotted a toggle to enable Mythos inside the public Claude Code UI before Anthropic pulled it offline. The same model string appeared concurrently in Claude Security.
The leakage was first flagged by TestingCatalog on May 23, then confirmed by BleepingComputer and CyberSecurityNews on May 26. No formal release announcement has been made. Anthropic has not commented publicly on the UI exposure.
For developers: this is the first sign that Mythos — a model Anthropic has withheld from public access since April 7 due to its advanced autonomous vulnerability-exploitation capabilities — is being staged for integration into the tools you already use.
Background: What Mythos Is and Why It's Been Locked Down
Claude Mythos Preview was formally announced on April 7, 2026, after a March 26 CMS misconfiguration at Anthropic exposed approximately 3,000 unpublished internal assets, including a draft post describing the model as "by far the most powerful AI model we've ever developed." Anthropic confirmed its existence and called it "a step change."
Rather than releasing it, Anthropic launched Project Glasswing: a restricted defensive cybersecurity initiative that gave exclusive access to around 50 partner organizations, including AWS, Apple, Google, Microsoft, NVIDIA, CrowdStrike, and JPMorgan Chase. The model was deployed to scan critical infrastructure. Within weeks it had identified more than 10,000 high- or critical-severity zero-day vulnerabilities across widely used open-source software. Anthropic committed up to $100M in model usage credits for the effort.
The reason for the restriction is direct: Anthropic found that Mythos can automatically develop functional cyberattacks at a professional level. "The advantage will belong to the side that can get the most out of these tools," Anthropic warned. "In the short term, this could be attackers, if frontier labs aren't careful about how they release these models."
What Changed on May 25
On May 25, references to claude-mythos-1-preview appeared in production UI strings across two Anthropic products. BleepingComputer confirmed that some users saw an actual toggle to enable Mythos inside the public version of Claude Code before it was removed. The same string appeared in Claude Security's interface.
The timing aligns with a notable shift in Anthropic's public statements. A May 22 Project Glasswing update posted to Anthropic's X account explicitly stated: "And in the near future, once we've developed the far stronger safeguards we need, we look forward to making Mythos-class models available through a general release." That language — "near future" and "general release" — represents a material change from the original April framing, which implied no public availability was planned.
A redesigned Claude Security dashboard is also reportedly under development, with seven-day and thirty-day historical vulnerability charts and deeper triage result views for enterprise customers.
Scale of What Mythos Has Found
The Project Glasswing vulnerability disclosure dashboard, updated as of May 22, reflects the scope of the model's output: 1,596 vulnerabilities disclosed across 281 open-source projects, with 97 patched to date. Across all scanning runs, Anthropic reports 23,019 total flaws identified, with an estimated 6,202 high or critical severity. Of the 1,752 high or critical vulnerabilities manually verified, 90.6% were confirmed valid — and 62.4% were confirmed high or critical severity.
One critical flaw uncovered by Mythos affected the wolfSSL cryptography library, used by billions of devices. Mythos constructed an exploit allowing attackers to forge certificates, potentially impersonating banks or email providers. The vulnerability, tracked as CVE-2026-5194, has since been patched.
BleepingComputer reports Anthropic described Mythos as showing "major improvements in code reasoning and autonomy" above Opus 4.7, its current publicly available flagship. On a benchmark of roughly 7,000 open-source repository entry points, Mythos achieved tier-5 full control-flow hijacks in 10 separate cases. Sonnet 4.6 and Opus 4.6 each managed a single tier-3 result.
What a Claude Code Integration Would Mean for Developers
Claude Code is currently powered by Opus 4.7, which Anthropic's own release notes describe as offering notable improvements in advanced software engineering — but is intentionally weaker on offensive cyber capabilities than Mythos. A Mythos integration would represent a substantial capability upgrade for:
- Security engineers using Claude Code to audit codebases, triage CVEs, or run vulnerability discovery pipelines
- Application developers who want semantic static analysis that traces data flows across an entire repo rather than pattern-matching against known signatures
- Platform teams managing dependency chains across open-source software at scale
Claude Security, the other product where Mythos strings appeared, is currently in public beta for Enterprise customers. Team and Max subscriber access has been announced as forthcoming. A Mythos-powered version would represent a significant upgrade over the current Opus 4.7-backed scanner, which already reports a false-positive rate below 5%.
What's Still Unconfirmed
Anthropic has not announced pricing, a release date, or the subscription tier at which Mythos access will be available. It is unclear whether the May 25 toggle exposure was an intentional staged rollout or an accidental deployment ahead of a planned announcement.
Rumors of Claude Opus 4.8 in internal evaluation with select Anthropic partners have circulated separately, aligning with the roughly monthly release cadence set by Opus 4.7's April 16 launch. Whether Opus 4.8 is a separate model or a renamed Mythos 1 with commercial guardrails applied has not been confirmed.
For developers building on Claude Code today: watch the official model release notes and Claude API changelog. The first concrete signal will be claude-mythos-1-preview appearing in the model selector or API documentation with documented rate limits and pricing.
