Overview
Claude Mythos Preview is Anthropic's new general-purpose frontier model, announced on April 7, 2026 and initially offered as a gated research preview through Project Glasswing. Built on top of Claude's existing code reasoning capabilities, Mythos Preview can autonomously discover zero-day vulnerabilities, write functional exploits, and perform reverse engineering on closed-source binaries.
What makes Mythos Preview notable is that these cybersecurity capabilities were not explicitly trained — they emerged as a downstream consequence of improvements in code reasoning and autonomy. The model represents a significant leap from Opus 4.6, which had a near-zero autonomous exploit success rate, to a system that independently constructs multi-vulnerability exploit chains against fully patched targets.
What's New
Autonomous Vulnerability Discovery
Mythos Preview identifies zero-day vulnerabilities across major software systems without human guidance. It found a 27-year-old bug in OpenBSD, a security-focused operating system that had survived decades of manual auditing. The model detects memory safety violations, logic bugs, and cryptographic weaknesses by reasoning about code at a depth previous models could not sustain.
Exploit Chain Construction
Beyond finding vulnerabilities, Mythos Preview writes functional exploits that chain multiple weaknesses together. It constructs sophisticated attack sequences — combining up to four vulnerabilities into JIT heap spray attacks, building ROP chains, achieving privilege escalation, and executing remote code on fully patched targets. This end-to-end capability (discovery through exploitation) previously required specialized human teams.
Closed-Source Binary Analysis
The model can reverse-engineer exploits involving closed-source software and support offline exploratory work on binaries without source access, according to Anthropic's security writeup. This extends its utility beyond open-source auditing to commercial and proprietary system assessment.
Emergent Security Capabilities
These abilities were not the result of targeted security training. Anthropic reports that vulnerability discovery and exploit development emerged from broader improvements in code reasoning and agentic autonomy — suggesting that sufficiently capable code models develop security research skills as a natural extension of deep code understanding.
Performance Benchmarks
Mythos Preview shows dramatic improvements over Opus 4.6 across security-focused evaluations:
| Benchmark | Mythos Preview | Opus 4.6 |
|---|---|---|
| Firefox JavaScript exploits (successful) | 181 | 2 |
| OSS-Fuzz crashes (tiers 1-2) | 595 | — |
| OSS-Fuzz control-flow hijacks (tier 5) | 10 | 1 (tier 3 only) |
Cost benchmarks (approximate):
- ~$20,000 for approximately 1,000 OpenBSD vulnerability scans
- Under $2,000 for complex Linux kernel exploit chain development
These costs reflect API compute usage during extended autonomous research sessions, not subscription pricing.
Availability & Access
Mythos Preview is available only to invited Project Glasswing participants as a gated research preview. It is not available for general public self-serve access on claude.ai or through an open sign-up flow, but approved participants can access it via the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.
Access requires partnership approval from Anthropic. Anthropic has not published a general eligibility checklist. Public materials describe launch partners and additional participating organizations focused on defending critical software infrastructure. There is no self-serve sign-up. Access is invitation-only through Project Glasswing.
Pricing & Plans
Mythos Preview does not have public self-serve pricing, but Anthropic has published participant pricing for Project Glasswing: $25 per million input tokens and $125 per million output tokens.
Operational costs are usage-based, scaling with the complexity and duration of security research tasks:
- Lightweight scans: Hundreds to low thousands of dollars for targeted vulnerability assessment
- Deep exploit research: $2,000-$20,000+ for comprehensive autonomous analysis of hardened targets like Linux kernel or OpenBSD
For comparison, Anthropic's broadly available models include:
- Claude Pro: $20/month (claude.ai consumer plan)
- Claude API: Pay-per-token pricing for Sonnet 4.6 and Opus 4.6
Best For
- Security research teams conducting large-scale vulnerability assessments across operating systems and browsers
- Government and defense organizations running offensive security evaluations on critical infrastructure
- Bug bounty hunters and vulnerability disclosure programs targeting high-value, hardened software targets
- Enterprises auditing proprietary codebases for memory safety violations and cryptographic weaknesses
- Academic researchers studying emergent AI capabilities in code reasoning and security analysis
FAQ
Is Claude Mythos Preview available to the public?
No. Mythos Preview is currently restricted to partners in Anthropic's Project Glasswing program. There is no public API access, waitlist, or consumer-facing release at this time.
How does Mythos Preview compare to Opus 4.6?
Mythos Preview dramatically outperforms Opus 4.6 on security tasks — achieving 181 successful Firefox JavaScript exploits compared to 2 for Opus 4.6, and 10 full control-flow hijacks in OSS-Fuzz testing versus a single tier-3 crash. These improvements stem from advances in code reasoning and autonomy.
Were these cybersecurity capabilities explicitly trained?
No. Anthropic states that Mythos Preview's vulnerability discovery and exploit development abilities emerged as downstream consequences of improvements in general code reasoning and agentic capabilities, not from security-specific training data or objectives.
How much does it cost to use Mythos Preview?
Costs are usage-based and vary by task complexity. Anthropic reported approximately $20,000 for 1,000 OpenBSD scans and under $2,000 for Linux kernel exploit chain development. No fixed subscription pricing has been announced.
Can Mythos Preview be used for offensive security?
Access is controlled through Project Glasswing, which Anthropic uses to manage dual-use risk. The model is intended for defensive security research, vulnerability disclosure, and authorized security testing — not for unauthorized attacks.



