Claude Mythos: The AI Model Built for Security Research

⚠ Update — June 12, 2026: Both Fable 5 and Mythos 5 have been suspended globally by US government directive, effective 5:21 PM ET today. The government cited a claimed jailbreak method involving asking the model to analyze codebases for vulnerabilities. Anthropic disputes the severity, calling it a “narrow, non-universal jailbreak” with capabilities “widely available from other models,” but is complying. All other Anthropic models remain available. The access guidance in this article — getting on the Mythos partner list or waiting for Fable 5 commercial availability — is no longer actionable pending resolution. Watch Anthropic’s official statement for updates.

Most AI models are built for broad utility. They handle writing, coding, customer service, and a hundred other tasks with acceptable competence across all of them. Claude Mythos is different. Anthropic built it specifically for high-stakes specialized domains — cybersecurity, biology, and healthcare — and the results are significant enough that it is worth understanding what it is, what it can actually do, and what access looks like.

What Mythos Is

Claude Mythos 5 is Anthropic’s most capable model, optimized for domains where reasoning depth, technical precision, and complex judgment matter more than general-purpose versatility. Anthropic describes it as seeing specific gains in cybersecurity, biology, and healthcare benchmarks compared to their standard model lineup.

The pricing signals the positioning immediately: $10 per million input tokens and $50 per million output tokens. That is a premium tier price point — roughly five to ten times more expensive than standard Claude API access. Anthropic is not pricing this for casual use. It is priced for organizations where the output has direct commercial or operational value.

Access is currently limited to a small set of initial testing partners. This is not a product you can sign up for today — it is an early partner program with controlled expansion.

Project Glasswing

The most significant public evidence of what Mythos can do is Project Glasswing — a multi-organization initiative where partners have used Claude Mythos Preview to find more than ten thousand high- or critical-severity vulnerabilities in critical software systems.

Ten thousand high or critical severity vulnerabilities. That number is worth sitting with. For context, a single critical vulnerability in widely deployed software can affect millions of systems. CVE-2021-44228 (Log4Shell) was one vulnerability. Critical vulnerability discovery at the scale Glasswing is reporting suggests AI-assisted security research is not a future capability — it is operational now, at least for the organizations with access.

The details of which software systems and which organizations are involved in Glasswing are not public. The implication is that critical infrastructure and widely deployed software are in scope.

Mythos vs. Fable 5

Anthropic distinguishes between two versions built on the same underlying model:

Claude Mythos is the full-capability version, available to the limited partner set. It is designed for security and research work that requires the model to engage directly with dual-use technical content — vulnerability analysis, exploit research, biomedical modeling.

Claude Fable 5 uses the same foundation but with robust safeguards in place. For cybersecurity and biology queries, Fable automatically routes to Claude Opus 4.8, allowing broader availability while restricting the dual-use capabilities that make Mythos specifically useful for security research. Fable is the version that will likely see broader commercial availability.

The architecture reflects a serious attempt to solve the dual-use problem: give researchers access to a genuinely capable tool while preventing the same capabilities from being misused at scale.

What This Means for Security Researchers

The access constraint is real but the capability signal is important regardless. A few implications worth tracking:

AI-assisted vulnerability research is maturing. The Glasswing numbers suggest that LLM-assisted code analysis can find vulnerabilities at a scale and consistency that manual review cannot match. The bottleneck is model access and researcher skill in working with the model effectively — both of which are solvable problems.

The skill set is shifting. Researchers who can effectively prompt and work with AI models for security analysis will find the tools multiplying their output. This is not replacing security expertise — the model does not understand context, business logic, or real-world exploitability without a researcher’s guidance. It is amplifying what a researcher can cover.

The access tier matters. If you are working in a security organization and doing vulnerability research at scale, getting on the partner list for Mythos is worth pursuing. Anthropic has indicated they plan to expand through trusted partner programs.

How to Get Access

Anthropic is expanding Mythos access through trusted partner programs. If you are doing security research at an organizational level — particularly anything involving critical infrastructure, large codebases, or coordinated vulnerability disclosure — the path is through direct engagement with Anthropic’s enterprise team.

For individual researchers and smaller operations, Fable 5 will likely be the relevant version when it reaches broader availability. Watching Anthropic’s announcements on partner expansion is the practical next step.

The Broader Context

Mythos is not an isolated development. Google DeepMind, OpenAI, and others are all building models with specialized capability profiles. The security research community is at the early stage of integrating these tools into workflows that were previously constrained by human bandwidth.

The researchers who understand how to work with these models — how to structure queries, validate outputs, and combine AI analysis with human judgment — are going to have a significant capability advantage over those who treat LLMs as general-purpose chat interfaces.

Mythos is the clearest signal yet of where that capability is heading.

2026 Developments: What Changed Since Launch

Significant events have occurred in the Mythos/Glasswing story since this article was first published:

Specific vulnerability examples made public. Anthropic disclosed specific examples of what Mythos found during Glasswing testing: a 27-year-old vulnerability in OpenBSD and a 16-year-old flaw in FFmpeg — both missed by years of human review and automated tooling. In benchmark testing, Mythos converted known Firefox JavaScript engine vulnerabilities into working shell exploits 72.4% of the time, without human intervention.

Program expansion. Glasswing expanded to approximately 150 organizations across more than 15 countries by June 2026, including critical infrastructure operators in power, water, healthcare, and telecommunications. Anthropic committed $100 million in usage credits for Mythos Preview and $4 million in donations to open-source security organizations as part of the program.

Claude Security launched. Anthropic released a separate, commercially available product called Claude Security — powered by Claude Opus 4.7 (a less capable model than Mythos Preview) — for production codebase vulnerability detection. It includes built-in guardrails that prevent generation of actual exploit code, positioning it as an enterprise security tool rather than a research capability.

NSA red team test and U.S. government directive. A red team test conducted with the NSA on June 11, 2026 reportedly saw Mythos breach “almost all” classified systems within hours. This led to a U.S. government directive requiring Anthropic to disable access to Mythos-class models due to national security concerns. The directive does not affect Glasswing partners under controlled conditions, but it signals where the regulatory and national security conversation around frontier AI capabilities is heading.

Access status update. The “How to Get Access” section of this article describes the partner program as of early 2026. The post-NSA-directive status is that Anthropic is navigating significant government scrutiny around Mythos access, and the expansion timeline for individual researchers is less clear than it was at launch. The Claude Security product (Opus 4.7-based) is the accessible path for organizations that need AI-assisted vulnerability detection without restricted-access frontier model requirements.

Further reading: AI and machine learning for security on Amazon covers the foundational skills needed to work effectively with models like Mythos — prompt engineering, output validation, and integrating AI into security workflows.

Sources:

  1. Anthropic Claude Mythos — anthropic.com/claude/mythos
  2. Project Glasswing vulnerability discovery figures — Anthropic
  3. Anthropic model pricing and access documentation
Scroll to Top