Claude Mythos Preview is Anthropic's most capable model -- a full tier above Opus 4.8 -- currently restricted to roughly 50 vetted critical-infrastructure partners through Project Glasswing. In its first active month, partners surfaced 10,000+ high-severity software vulnerabilities. Anthropic confirmed after the May 28 Opus 4.8 launch that Mythos-class models are coming to all customers "in the coming weeks."
I've tracked every Mythos development since the April announcement. Most coverage is either cybersecurity-focused or pure hype rehash. This is the builder brief: what Mythos actually is, what it has done in controlled testing, who has access now, what it costs, and what the realistic timeline to general API access looks like.
What is Claude Mythos Preview, and how does it differ from Opus 4.8?
Claude Mythos Preview is Anthropic's most capable model -- a new "Mythos-class" tier above Opus 4.8. On benchmarks, it scores 93.9% on SWE-bench Verified, 77.8% on SWE-bench Pro, 82.0% on Terminal-Bench 2.0, and 97.6% on USAMO 2026, per Anthropic's red team announcement.
Opus 4.8 handles most production agentic workflows fine. Mythos is designed for extended autonomous reasoning and multi-step execution -- particularly in security research and complex engineering. The capability gap is significant enough that Anthropic explicitly delayed public release, citing insufficient safeguards to prevent misuse at scale. That's not marketing caution -- that's the stated reason, confirmed by both Anthropic and the UK AI Safety Institute's independent evaluations.
The model has a 1M token context window (200k on Microsoft Foundry) and is available to Glasswing partners via the Claude API, Amazon Bedrock, Google Vertex AI, and Microsoft Foundry -- same infrastructure as Opus 4.8, gated behind Glasswing approval.
What has Mythos actually done in real-world deployments?
Project Glasswing partners found more than 10,000 high- or critical-severity vulnerabilities across systemically important software in roughly five weeks after launch, according to Help Net Security's May 2026 report. The approximately 50-partner cohort includes Cloudflare, Palo Alto Networks, and major financial institutions.
The Firefox numbers are the clearest capability comparison. Mozilla used Mythos Preview to audit Firefox 150 and found 271 vulnerabilities -- more than ten times the number found in Firefox 148 using Opus 4.6, per SecurityWeek. The exploit conversion rate is the more striking figure: Opus 4.6 turned discovered vulnerabilities into working JavaScript shell exploits twice out of several hundred attempts. Mythos developed 181 working exploits across the same class of test -- a roughly 90x improvement.
Mythos also autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD during separate testing, per Anthropic's own writeup. The model found the bug and built a working exploit without human direction.
What did the UK AI Safety Institute's evaluation actually find?
The UK AISI published an independent evaluation of Mythos Preview in April 2026. Their primary test -- called "The Last Ones" (TLO) -- is a 32-step corporate network attack simulation spanning reconnaissance through full network takeover. Human professionals need an estimated 20 hours to complete TLO.
Mythos Preview is the first AI model to solve TLO end-to-end: it completed all 32 steps in 3 out of 10 attempts. Across all attempts, it averaged 22 out of 32 steps. Claude Opus 4.6 averaged 16 steps and never completed the full sequence. Going from 0% to 30% completion rate on the same benchmark is a meaningful threshold jump in autonomous offensive capability.
The AISI included important caveats. Their test ranges lack active defenders, defensive tooling, and alert penalties that real environments have. Their formal conclusion: Mythos "is at least capable of autonomously attacking small, weakly defended and vulnerable enterprise systems where access to a network has been gained." That qualifier matters -- this isn't Mythos cracking well-defended infrastructure. It's Mythos operating at the level of a skilled human attacker against under-protected targets.
The AISI did not call for blocking Mythos deployment. They published this as part of their ongoing research series tracking how fast autonomous cyber capability is advancing across frontier models. The evaluation is context, not a verdict.
Get the AI Agent Briefing
One email per week. The best AI agent news, tutorials, and tools -- written by someone who actually builds with them.
Subscribe Free
What is Project Glasswing and who has access right now?
Project Glasswing is Anthropic's invitation-only defensive security program, announced April 7, 2026 alongside the Mythos Preview reveal. The program launched with 12 founding organizations and expanded to approximately 40 additional vetted critical-infrastructure operators -- around 50 total as of late May. Confirmed partners include Cloudflare and Palo Alto Networks; the rest of the cohort is undisclosed.
Access criteria: organizations that build or maintain software where a breach would have cascading effects beyond themselves -- financial clearing infrastructure, major cloud providers, telecom operators, critical open-source projects. There is no public application queue. Open-source maintainers can submit an inquiry through Anthropic's Claude for Open Source program -- the only semi-public entry point currently available.
If your product doesn't qualify as critical infrastructure, skip the Glasswing angle. The path for most builders is the general access launch Anthropic announced alongside Opus 4.8.
What does Claude Mythos Preview cost for current partners?
Glasswing partner pricing is $25 per million input tokens and $125 per million output tokens, per TokenCost's May 2026 tracker. That's 5x the cost of Opus 4.8 ($5/$25 per million tokens), reflecting both compute requirements and the restricted access status.
Practical math for agent loop planning: a 2,000-token input plus 1,000-token output exchange with Mythos Preview costs approximately $0.175. The same exchange with Opus 4.8 costs about $0.035. Over thousands of agentic iterations, that 5x multiplier adds up fast. Build your unit economics at $25/$125 per million tokens and validate the math before committing to Mythos-powered architecture.
Anthropic hasn't confirmed general availability pricing. Based on historical release behavior, initial GA pricing will stay near the $25/$125 level, with compression over 6-12 months as compute scales and successor models arrive. Don't plan for Opus-level pricing at launch.
When will Mythos reach general availability?
Anthropic's stated timeline from the May 28 Opus 4.8 launch is "in the coming weeks," with Mythos-class models available "to all customers" once cyber safeguards are in place, per Gizmodo and KSL. The framing is deliberately non-committal -- Anthropic won't commit to a date until safeguards pass their own internal bar.
Based on Anthropic's described three-phase roadmap -- validate safeguards on Opus-class first, expand Glasswing defensively, then open limited enterprise API access -- and their historical preview-to-GA cadence of 6-8 weeks, Q3 2026 is the most credible estimate for limited enterprise access. Consumer-facing availability is likely 2027 or later given the safeguard requirements.
What's genuinely unclear: whether the GA release will be a full Mythos model or a capability-constrained variant. Given the AISI evaluation results, there's a reasonable case Anthropic ships Mythos with offensive capabilities rate-limited or disabled for non-Glasswing API users. The system card, when it drops, will tell you what's actually in the box. Watch Anthropic's What's New changelog -- that's where the launch will appear first, ahead of any press coverage.
What should builders do right now to prepare?
Most builders don't need to act urgently. Opus 4.8 handles the overwhelming majority of real-world agentic workflows, and Mythos will be a premium tier at launch -- not a default upgrade path. But if you're building in security research, code auditing, or complex multi-step autonomous workflows, three things are worth doing now.
First, monitor Anthropic's What's New changelog at platform.claude.com/docs. Model availability updates land there first. The GA announcement won't have a press launch cycle -- it'll be a changelog entry.
Second, if your organization builds or maintains critical infrastructure software, an inquiry to Glasswing at anthropic.com/glasswing now puts you ahead of the queue when Anthropic expands the program pre-GA.
Third, audit your current Opus 4.8 agent loops for cost assumptions. A loop that costs $10/run with Opus 4.8 will cost $50 with Mythos Preview at the current 5x price differential. Run the math at $25/$125 per million tokens before you commit to Mythos-powered architecture.
FAQ
Is Claude Mythos the same as Claude Opus?
"Mythos-class" is a new capability tier Anthropic introduced above the Opus line. Claude Opus 4.8 is the most capable publicly available model as of May 2026. Mythos Preview is a separate, more capable model in restricted testing through Project Glasswing. Anthropic has implied Mythos-class will eventually replace Opus as the flagship tier, with Opus continuing as a lower-cost production option.
Can I apply for Claude Mythos access today?
No public application process exists. Access is invitation-only through Project Glasswing, limited to organizations building or maintaining critical-infrastructure software. Open-source maintainers can submit an inquiry through claude.com/contact-sales/claude-for-oss. For everyone else, the path is the general access launch Anthropic indicated is coming in the weeks following the May 28, 2026 Opus 4.8 release.
How much does Claude Mythos cost per million tokens?
Current Glasswing partner pricing is $25 per million input tokens and $125 per million output tokens -- 5x the cost of Opus 4.8. General availability pricing has not been confirmed. Expect it to be near the $25/$125 range at launch, with gradual compression over 6-12 months as compute scales and successor models arrive.
Why did Anthropic delay Mythos's public release?
Anthropic stated that no current safeguards are strong enough to prevent misuse at scale. The AISI's evaluation confirmed Mythos completed a 32-step autonomous corporate network attack in 3 of 10 attempts and developed working exploits at roughly 90 times the rate of Opus 4.6. The delay is specifically to develop and validate safeguards that reduce offensive use risk before broad deployment.
Get the AI Agent Briefing
One email per week. The best AI agent news, tutorials, and tools -- written by someone who actually builds with them.
Subscribe Free
