What changed in the last 48 hours
Anthropic's most advanced research model — Claude Mythos — has not been a public artefact. It has been Anthropic's strongest signal that frontier capability in reasoning, code, and offensive cybersecurity exists today but has been deliberately held back. That posture appears to be shifting.
Over the past two days, the model identifier claude-mythos-1-preview has surfaced in user-facing strings inside two shipping Anthropic products: Claude Code (the agentic developer environment) and Claude Security (the vulnerability scanning and patch-suggestion service currently in public beta for Enterprise customers). The string was first noted by TestingCatalog and corroborated by BleepingComputer; it appears alongside the existing claude-opus-4-7 and claude-sonnet-4-6 selectors rather than replacing them.
What that label actually means is the question. Anthropic has not made a formal Mythos 1 announcement. There is no model card, no pricing page, no API note. The naming convention — adding a "1" to the family — and the appearance under preview tagging is the signal. It is the same shape of pattern we saw with the earliest claude-opus-4-7-1m-context rollouts before that capability went public.
- What is confirmed: the
claude-mythos-1-previewstring is present in Claude Code and Claude Security UIs as observed by independent reporters. - What is signalled: Anthropic is preparing a productised path for Mythos-family capability, branded "Mythos 1".
- What is not yet stated: GA date, pricing, supported regions, rate limits, audit posture, model card.
Treat this as a preview signal, not a launch. Until Anthropic publishes a model card and pricing, anything you read about Mythos 1 capabilities is extrapolated from prior coverage of the restricted preview — including this article. The capability story is large; the disclosure story is still incomplete.
What "Mythos 1" capability brief actually looks like
From Anthropic's own preview material at red.anthropic.com and reporting summarised by InfoQ, the Mythos family is described as Anthropic's most advanced model in three axes: reasoning, coding, and cybersecurity. The phrasing in Anthropic's own description places its code reasoning and agentic autonomy "far above its current flagship model, Opus 4.7" — a comparative claim attributed to Anthropic in the coverage of its announcements, not an independent benchmark.
That is a strong claim, and worth pausing on. Anthropic spent the year before this articulating Opus 4.7 — with the 1M context window, the autopilot defaults for Claude Code, the cache-read economics that made long-context agents commercially viable — as the production frontier. Mythos appears to sit above it in capability, but below it in disclosure: fewer published benchmarks, no public pricing, no third-party evaluation suite shipped against it yet.
| Capability axis | Mythos 1 (preview) | Opus 4.7 | Sonnet 4.6 |
|---|---|---|---|
| Reasoning posture | Described as "far above" Opus 4.7 (Anthropic-reported, not benchmarked publicly) | Current flagship; SOTA on most public reasoning suites at launch | Strong; tuned for cost-sensitive routing |
| Coding + agentic autonomy | Significant improvements claimed (no public number) | Public benchmark holder; default in Claude Code autopilot | Production-grade for short-turn coding |
| Cybersecurity (offensive / vulnerability discovery) | Core Mythos differentiator; powers Project Glasswing | Not the focus axis | Not the focus axis |
| Context window | No public number | 1M tokens | 200k tokens |
| Public model card | Not yet published | Available | Available |
| Pricing | No public number | $5/MTok input · $25/MTok output | $3/MTok input · $15/MTok output |
The honest read: this table has more "no public number" cells than buyers should be comfortable with. That is the nature of a preview signal. The decision to ship a frontier model into two production surfaces with this much information still withheld is itself the news.
Path one — Claude Code: what changes for builders
Claude Code is the surface where Mythos 1 will be felt first by developers. The autopilot defaults that landed earlier this year — covered in our piece on Claude Code autopilot and Opus 4.7 as default — already pushed long-context, multi-file agentic editing into the standard developer loop. Mythos 1 raises the ceiling on how aggressive that loop can be.
For teams already shipping on Claude Code, three practical changes are worth modelling now:
- Bigger refactor passes. If Mythos 1 holds the agentic-write quality at higher token counts than Opus 4.7's 300k-ish drift point we documented in the 1M-context piece, repo-wide refactors that today need to be chunked could be issued as single sessions. The economic question becomes pricing; the engineering question becomes whether your agent loop has the patience for longer single-shot edits.
- Higher-autonomy task framing. Anthropic's framing of Mythos as "significantly more autonomous" implies the model will take more open-ended instructions and produce more cohesive multi-step outputs. That is a double-edged sword. Builders who have invested in tight, low-instruction prompts may need to relax those constraints to get the upside; those running narrow tool-call ladders may not see much change.
- Background-task economics. Claude Code's background sessions — the kind you fire and forget while you go and review a PR — get materially more useful when the underlying model is stronger on long-horizon planning. That is exactly the axis Mythos 1 is claimed to raise.
Do not migrate default routing to claude-mythos-1-preview on a production codebase. Pin Opus 4.7 as the default in your agent config and route specific high-value sessions — large refactor branches, gnarly migration tickets — to Mythos 1 once it is selectable. That gives you a measurable A/B before you commit, and it shields the rest of your loop from any preview-tier rate-limit surprises.
Path two — Claude Security: vulnerability scanning + patch suggestion
Claude Security is the other surface where Mythos 1 has appeared. The product is currently in public beta for Enterprise customers — we covered the launch context in our piece on Anthropic's Claude Security beta and vulnerability scanning. The pitch is straightforward: point Claude Security at a repository or a deployed service, and it returns a ranked list of vulnerabilities along with proposed patches as merge-ready diffs.
Mythos 1 is the natural backend for this. The model family's cybersecurity capabilities are what made the original Project Glasswing work — and it is precisely the workload where stronger reasoning translates directly to commercial value, because every additional true-positive finding is a CVE your customer did not ship.
Three practical implications for security and platform teams:
- False-positive economics shift. A scanner that finds ten times more issues but mostly noise is a worse product than one that finds five with high confidence. Mythos 1's claimed reasoning gains have to translate into precision, not just recall, for Claude Security to be deployable inside a stretched AppSec team.
- Patch-suggestion quality is the differentiator. Finding a vulnerability is table stakes; producing a patch that compiles, passes existing tests, and respects the codebase's conventions is the harder problem. This is where stronger code reasoning has the most leverage.
- Audit trail becomes non-negotiable. The moment Claude Security suggests a patch that ships into production, you need a defensible trail: which model version produced the suggestion, on what inputs, with what tool-call sequence. Mythos 1 being "preview" means this trail is going to be harder to produce — keep that in mind before turning it on against regulated workloads.
Project Glasswing: how to read the 10,000 zero-day number
Per Anthropic's Glasswing update, the Mythos preview "surfaced more than 10,000 high- and critical-severity zero-day vulnerabilities during early runs". That is an enormous number, and the headline that will travel furthest in the next 48 hours. It deserves a careful read.
The 10,000+ zero-day claim comes from Anthropic's own Glasswing update and reflects early internal runs. Independent verification by third-party security researchers is not yet possible because Anthropic has not released the underlying dataset, scope, or methodology in full. Treat it as a capability indicator, not a settled fact.
Several questions are worth asking before that number gets cited in board decks:
- Scope: across how many distinct codebases? A scanner pointed at the long tail of public open-source can surface thousands of issues in days; the same scanner pointed at a hardened enterprise codebase produces a very different number.
- Severity calibration: who decided what counts as "high or critical"? Anthropic's internal calibration may or may not match CVSS-style scoring used by enterprise security teams.
- Duplicates: at this scale, how many of the 10,000 are variants of the same underlying class of bug? A model that finds 10,000 instances of an unsafe string handling pattern in different shapes is impressive, but the fix is one PR, not ten thousand.
- Disclosure status: have these been responsibly disclosed to the affected maintainers? The number is only a public good once the issues are patched.
None of this is to dismiss the claim. The capability of an AI system to discover novel vulnerabilities at industrial scale is the most important capability change in offensive security in years, and Mythos appears to demonstrate it. The point is that "10,000 zero-days" needs the methodology to come with it before it stops being a marketing number and starts being a verifiable fact.
Want to discuss this with other verified Builders?
Every article on AI Tech Connect is written by a Verified Builder. Browse profiles, shortlist who you want to hire or collaborate with.
Browse Builders →The capability vs disclosure tension — what shifted
The original framing around Mythos, set out by Anthropic itself in the red.anthropic.com preview, was unusually candid: the model is strong enough that broad availability would be irresponsible without stronger safeguards. The line "once stronger safeguards are developed, we look forward to making Mythos-class models available through a general release" sat in that preview as the conditional. The new product strings are the first time we have seen that conditional being actively prepared.
This is the central story. It is not that Mythos 1 became more capable last week; it is that Anthropic's posture on disclosure has moved. There are two plausible reads, and both are worth carrying:
- Read one — safeguards landed. Anthropic's interpretability programme, deployment-time monitoring, and red-team posture have all matured enough that the company is comfortable letting Mythos out under tightly scoped product surfaces (Claude Code, Claude Security) where the agent's actions are observable and bounded.
- Read two — competitive pressure. The frontier has not stood still since the original Mythos preview was written. Mythos held back is a research artefact; Mythos shipped is a commercial moat. The decision to productise may be more about market position than about a safeguards breakthrough.
Both can be true at once, and almost certainly are. The practical question for builders is: how much does this shift the organisation's risk profile when Mythos-class capability is one API call away in your agent loop?
Timeline — Mythos in public
| When | What | Posture |
|---|---|---|
| April 2026 | Mythos Preview announced on red.anthropic.com | Restricted research artefact |
| April 2026 | Project Glasswing update — 10,000+ zero-days reported | Capability disclosure without product |
| May 2026 (early) | Anthropic restates Mythos remains restricted; safeguards in development | Held back deliberately |
| May 2026 (this week) | claude-mythos-1-preview string appears in Claude Code + Claude Security UIs |
Productisation signal |
| Next | Expected: model card, pricing, GA timeline, regional availability | To be confirmed by Anthropic |
For context on the prior chapter, our earlier coverage at Claude Mythos preview and the Glasswing cybersecurity story sets out the restricted-preview phase in detail. This article is the next chapter — productisation, not capability reveal.
What this means for IN and UK enterprise teams
Mythos 1 is a global Anthropic release, not a region-specific launch, but the operational picture is not the same for every team. Two regulated contexts illustrate the spread.
UK — NHS and FCA-regulated workloads. A frontier model with the offensive-security capabilities Mythos is claimed to have is exactly the class of system the UK Frontier AI Bill drafts have flagged for additional disclosure obligations. NHS digital teams and FCA-regulated firms running Claude Security against internal infrastructure will need a clear answer to: which model version produced this finding, what data left the perimeter, and what is the audit trail. Without a published Mythos 1 model card, that answer is hard to give. Most regulated UK teams should hold Mythos 1 at the experiment-environment boundary until that documentation lands.
India — DPDP-bound enterprise workloads. Teams working under the Digital Personal Data Protection Act have a sharper question: does Claude Security's use of Mythos 1 involve processing personal data, and if so, where? Claude Security is being offered to Enterprise customers, and Anthropic's standard regional posture applies — but the specific data-residency and processing-purpose disclosures for Mythos 1 have not yet been published. Indian banks, insurers, and healthtech teams running pilots should pause on enabling Mythos 1 against any system holding personal data until the regional addenda are explicit.
Neither of these is a reason to ignore the announcement. They are reasons to organise your team's Mythos 1 experiments inside a controlled environment first, while the disclosure picture catches up with the capability picture.
Stand up a sandboxed Mythos 1 evaluation track. Pick three or four representative tasks from your real workload — a refactor that has historically broken on Opus 4.7, a vulnerability class your current scanner misses, a long-horizon agent run that drifts — and run them through Mythos 1 once it becomes selectable. Capture inputs, outputs, and cost. That dataset is what you will need to make a confident migration call when GA arrives.
The questions to ask before turning Mythos on in production
Before any team flips routing to claude-mythos-1-preview for a real workload, six questions are worth answering in writing:
- Has Anthropic published a model card? If not, you are running a preview-tier model against production data — accept that explicitly and scope accordingly.
- What is the rate-limit and availability posture? Preview-tier models routinely have tighter throughput than GA models. Your agent loop needs a graceful fallback to Opus 4.7 when Mythos 1 returns rate-limit errors.
- What audit trail do you get? Confirm that the model version, prompt, and tool-call sequence are captured in logs you can defend in a regulatory review.
- What is the privacy and data-handling posture for your region? For DPDP- and UK-regulated workloads, do not move past pilots until this is explicit in writing.
- What is your A/B baseline? Run Mythos 1 against Opus 4.7 on the same task. The economic case for migration is only real if the win is measurable.
- What is your rollback plan? If Anthropic pulls Mythos 1 from preview, what does your fallback look like, and how quickly can you switch?
None of these are exotic — they are the same gates any team would apply to a new frontier model. The reason to write them down for Mythos 1 specifically is the disclosure asymmetry. The capability story is large; the documentation story is still in motion. The teams that come out ahead of this release are the ones who let those two stories catch up to each other before they commit.