Anthropic’s most powerful Claude Mythos AI model, which can quickly spot software flaws, test whether they can be exploited and reason through attack paths that once required elite cybersecurity researchers is now headed for wider release after first being made available to a limited cohort. The industry that was concerned that such powerful models in the hands of malicious users is now wondering what will happen when the model goes outside of the strict boundaries Anthropic had previously put into place.
Reuters reported on May 28 that Anthropic plans to release Claude Mythos “to all customers in the coming weeks,” as it publicly launched its latest Claude Opus 4.8 model. Previously Anthropic had prevented wide release of its model believing that if that power reaches defenders first, banks, cloud companies and open-source maintainers may close dangerous holes faster before attackers get similar tools at scale. The company has kept Mythos inside Project Glasswing, a restricted defensive program that lets major tech firms such as Amazon, Microsoft and Apple use the model for cybersecurity work.
Mythos changes the cost curve
For decades, software security has run on scarcity. There are too few expert researchers, too many code repositories with potential vulnerabilities, too many legacy systems and too many open-source projects maintained by people who already have full-time jobs. Mythos on the one hand could help address those problems by providing expert-level guidance in the hands of the few who can fix the problems, but on the other hand provide that same power to those who can cause harm.
Since Anthropic announced the Mythos model, the company said partners have been using Claude Mythos Preview as part of an exclusive Project Glasswing to find and fix weaknesses in foundational systems that make up a large part of the world’s shared attack surface. The work included local vulnerability detection, black-box testing, endpoint security and penetration testing. Anthropic said partners had already used Mythos Preview for weeks before the broader rollout discussion. AWS said it had tested Mythos in its own security operations against important codebases. Microsoft said the model showed major gains on its CTI-REALM security benchmark compared with prior models.
Cloudflare, a Project Glasswing participant, delivered a write-up that gives the clearest look at why Mythos is so important, and why it is so risky. The company said Mythos Preview can build exploit chains in which real attacks can combine several smaller bugs into one working path. Cloudflare said Mythos could reason through that chain and produce a working proof. It could find a bug, write code to trigger it, compile that code, run it in a scratch environment and revise the hypothesis when the test failed. The loop between identifying a potential issue and creating an actual threat was very short.
Cloudflare said one of the hardest parts of using AI models for cybersecurity triage is deciding which bugs are real, exploitable and urgent. AI tools can swamp teams with speculative reports. Mythos appears better than generic coding agents at producing proofs of concept and cleaner reproduction steps, but the queue still requires humans, process and patch pipelines.
Cloudflare said Mythos Preview did not have the extra safeguards present in generally available models such as Opus 4.7 or GPT-5.5. The model sometimes pushed back on cyber requests, but Cloudflare found those refusals inconsistent. The same task could receive different treatment when framed another way. Cloudflare’s conclusion was that those refusals are not enough as a safety boundary for any broadly available frontier cyber model.
The Timing Of The Broader Release
Because of that significant power and potential for damage, Anthropic’s earlier posture was to be cautious and slow in general model release. Anthropic had previously said it did not plan to make Claude Mythos Preview generally available, but wanted users to safely deploy Mythos-class models at scale once better cyber safeguards were ready. It also said it planned to launch new safeguards with an upcoming Claude Opus model before expanding higher-risk capabilities.
But now, the Reuters report now points to a wider release in the coming weeks. The reality is that market forces are pushing Anthropic to move faster and more broadly than they had planned. Other powerful models are showing that cyber threats might come from models not controlled by Anthropic. If offensive capability is spreading anyway, then keeping the best defensive tools inside a small club may leave the rest of the ecosystem exposed. Open-source maintainers, regional banks, hospitals, software vendors and government suppliers do not have the same access to elite security talent as hyperscalers. A model like Mythos could give them leverage they cannot hire.
So a broader release might make sense to provide protection from models that come from other places. However, that logic has limits. More access means more risk and so the answer is not a public free-for-all. Anthropic will likely put controls over who gets access to the model with tiered access, customer vetting, logging, abuse review, rate controls, strict policies around exploit generation and disclosure channels that do not bury maintainers under thousands of machine-generated reports. Of course, Anthropic will also be charging a lot more for the Mythos model so that only those who truly want and need it will get it. At least for now.
The competitive angle is impossible to ignore. In many ways, Anthropic’s restricted rollout helped make Mythos look powerful, but it also created an opportunity for rivals. Reuters reported on May 29 that OpenAI gave some Japanese financial institutions access to its similarly powerful GPT-5.5 model to help prevent cyberattacks, according to Japan’s finance minister Satsuki Katayama. She called the access a major step for bank cyber defense.
This matters for Anthropic’s business since banks do not buy cybersecurity infrastructure casually. Once a model becomes part of vulnerability triage, red-team exercises, code review and regulator-facing risk workflows, it can become difficult to displace. The provider that gets inside those controls first may shape the operating system for AI-assisted defense.
The same pressure is visible in Europe. BNP Paribas has expanded work with Mistral, a European-based AI model provider, to bolster AI-driven cyber defense, according to Reuters. European banks fear lagging U.S. peers in access to the newest cyber AI systems. For European institutions, concerns over models hosted in an increasingly hostile US market make looking for a local AI partner more attractive when the models touch regulated infrastructure, incident response and sensitive code.
Safety-first Now Means Faster Defense
A safety-first company can no longer argue that the safest move is always withholding capability. In cybersecurity, withholding a defensive tool can make customers less safe when attackers are racing toward similar methods. The safer choice may be a managed release with heavy controls and not indefinite restriction.
That is the business tension behind Mythos. Anthropic must distribute enough capability to make a positive difference, but not so much that it gets into the hands of the wrong users. It must help defenders move faster, but not create a flood of vulnerability reports that exhaust the people who maintain the internet’s plumbing. It must compete with OpenAI and Mistral and soon to be powerful models from China and other places, but not let the race define its risk appetite. With Anthropic’s accelerated rollout, the question is whether the institutions around them can fix flaws faster than AI helps attackers exploit them.
