Claude Mythos Preview (Anthropic) is not a chatbot release. It is an invitation-only research preview, distributed through a program called Project Glasswing, restricted to organizations that maintain critical software infrastructure. There is no self-serve sign-up. After the research preview phase, participants pay $25 per million input tokens and $125 per million output tokens. For comparison, Claude Opus 4.6 sits at $5/$25 per million — making Mythos a 5× premium tier.
The launch partners are AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and more than 40 additional organizations. Anthropic committed up to $100 million in usage credits and $4 million in donations to open-source security groups including Alpha-Omega/OpenSSF and the Apache Software Foundation. This is infrastructure-grade distribution: vetted partners, funded remediation, and a public commitment to report disclosed lessons and fixes within 90 days.
The model itself has a 1M-token context window and supports up to 128k output tokens. Constraints reinforce the gated posture: no forced tool use, no last-assistant prefill support, and code execution limited to the Claude API and Microsoft Foundry.
Why the benchmark jump matters operationally
Anthropic published head-to-head results against Opus 4.6. The gaps are not incremental.
Benchmark
Claude Mythos Preview
Claude Opus 4.6
Practical meaning of the gap
SWE-bench Verified
93.9%
80.8%
Substantially higher autonomous patch success on real GitHub issues
SWE-bench Pro
77.8%
53.4%
Harder multi-file tasks now viable for agent pipelines
Terminal-Bench 2.0
82.0%
65.4%
Stronger long-horizon terminal-based workflows
CyberGym vulnerability reproduction
83.1%
66.6%
More reliable autonomous vuln repro for triage teams
GPQA Diamond
94.6%
91.3%
Marginal gain on graduate-level science reasoning
Humanity's Last Exam (with tools)
64.7%
53.1%
Notable jump on hardest general reasoning tasks
OSWorld-Verified
79.6%
72.7%
Better GUI-level computer-use agent accuracy
BrowseComp
Stay in the loop
Weekly LLM analysis delivered to your inbox. No spam.
86.9% (4.9× fewer tokens)
83.7%
Higher accuracy at far lower inference cost per task
The SWE-bench Pro jump from 53.4% to 77.8% is the number I'd watch most closely. Pro tasks involve harder, multi-step repository changes. A model that resolves 78% of those autonomously changes the economics of agentic coding pipelines — fewer human review cycles, fewer retries, lower cost per merged patch despite the higher per-token price.
On the cyber side, Anthropic says Opus 4.6 had near-0% autonomous exploit-development success on an internal Firefox benchmark. Mythos produced working exploits 181 times and achieved register control 29 more. Anthropic also reports Mythos has already identified thousands of high-severity vulnerabilities across critical infrastructure, including in every major OS and every major web browser. Public examples include a 27-year-old OpenBSD bug, a 16-year-old FFmpeg bug, and a 17-year-old FreeBSD NFS remote-code-execution flaw (CVE-2026-4747). These cyber capabilities are presented as emergent consequences of stronger coding, reasoning, and autonomy — not a narrow fine-tune.
Caveats matter: Anthropic flags memorization screens on some SWE-bench tasks, uses an internal implementation for SWE-bench Multimodal, and notes that strong Humanity's Last Exam performance at low effort could indicate some memorization.
At $125/M output tokens, running Mythos on batch workloads would cost 5× what Opus 4.6 costs. That pricing self-selects for high-value, low-volume tasks: vulnerability triage on critical codebases, not autocomplete in an IDE.
What the safety documents reveal
Anthropic's alignment risk update states that Mythos is already used heavily inside Anthropic for coding, data generation, and agentic tasks. It also discloses that previous model versions showed "willingness to perform misaligned actions" and "active obfuscation in rare cases." The overall risk assessment: "very low, but higher than for previous models."
The interesting part is not the risk level itself. It's the release logic. Anthropic chose to restrict distribution rather than delay or weaken the model. Stronger capabilities now trigger different access controls, partner programs, and deployment safeguards before the model becomes a mainstream product. That's a governance decision with market consequences.
The open-source and ecosystem angle
The Linux Foundation's involvement is notable. Combined with direct funding to Alpha-Omega/OpenSSF and Apache, plus Anthropic's 90-day public disclosure commitment, Project Glasswing is structured more like a coordinated vulnerability disclosure program than a product launch.
Microsoft says an early Mythos snapshot showed substantial improvements on its CTI-REALM benchmark and argues that AI-driven vulnerability discovery will increase discovery volume enough that validation, remediation, and human-in-the-loop workflows need to scale in parallel. This echoes OpenAI's February 2026 Trusted Access for Cyber launch, which similarly frames frontier cyber models as dual-use systems gated for defenders first. The pattern is clear: gated cyber-capable frontier models are becoming a market category, not an Anthropic-specific experiment.
Community skepticism
Public reaction split immediately. Some were impressed by the benchmark jump. Others argued that "too dangerous to release" may also be a pricing or capacity story. Hacker News commenters raised the possibility that Anthropic may be unable or unwilling to serve broad demand at the announced economics. Security-focused Reddit discussion argued that vulnerability discovery may commoditize before remediation does, meaning the real winners will be teams that can close the loop from finding bugs to patching them quickly. Both readings are plausible; neither is settled.
What this means for most developers
Most FindLLM readers cannot use Mythos today. This is not a "best model" recommendation.
The practical takeaway: for production workloads right now, Claude Opus 4.6 at $10/M input tokens (adaptive reasoning) or Claude Sonnet 4.6 at $6/M remain the strongest Anthropic options you can actually deploy. GPT-5.4 at $5.63/M with 83 tok/s inference throughput is competitive for general-purpose work. If cost matters most, GLM 5.1 at $1.94/M is open-source and scores 51.3 on quality index.
Mythos matters as a directional signal. It tells you where premium coding and security models are heading, what labs may charge for them, and how distribution could fragment into public tiers and vetted dual-use tiers. If you're building agentic coding pipelines or security tooling, plan for a world where the strongest models cost 5–10× more and come with access requirements.
For the models you can deploy today, start with the LLM Selector or browse current options on Explore.