What Anthropic has actually said
On 4 May 2026, Anthropic confirmed the existence of Claude Mythos Preview in a brief public statement, characterising it as "by far the most powerful model we have ever developed." The announcement was deliberately sparse on benchmarks and commercial timelines — by design. Mythos is not a product launch. It is a capability evaluation conducted under tightly controlled conditions, and the controlled nature of that evaluation is itself the story.
The key confirmed facts are these: Mythos carries a 1M-token context window, matching the window that shipped with Claude Opus 4.7 for general developers, and a 128K maximum output token limit — roughly 2.5× the output ceiling on Opus 4.7's standard configuration. Knowledge cutoff sits at December 2025. The model is not publicly accessible. Access is restricted exclusively to vetted partners within Project Glasswing, Anthropic's early-access programme for high-risk capability evaluations.
The cybersecurity capability claim is striking. According to Anthropic, Mythos has demonstrated the ability to identify zero-day vulnerabilities across every major operating system and browser — a capability that, in the wrong hands, would constitute a material uplift to offensive cyber operations at scale. That single sentence is the reason for the access restriction, and understanding it properly requires understanding the Glasswing programme.
What is Project Glasswing?
Project Glasswing is Anthropic's structured early-access programme for frontier models that cross what the company's Responsible Scaling Policy (RSP) designates as high-risk capability thresholds. The name references the glasswing butterfly — nearly invisible, present everywhere, impossible to track without specialist equipment. The metaphor is intentional: Anthropic is acknowledging that models at this capability level exist in an ecosystem they cannot fully observe, and that the safest path is to work with the best-equipped observers rather than pretend the capability does not exist.
Glasswing is not a bug-bounty programme. It is not a research API. It is a small, invitation-managed cohort of defensive cybersecurity organisations — national CERTs, government-contracted threat-intelligence firms, and academic security labs with established responsible-disclosure track records. The programme has three stated objectives:
- Red-teaming at frontier capability — understanding what Mythos can actually do in adversarial conditions, across operating environments that standard safety evaluations do not cover.
- Developing defensive tooling — using Mythos's vulnerability-discovery capabilities to build detection and patching workflows that can be deployed before public release creates attack surface.
- Informing RSP thresholds — feeding empirical evidence back into Anthropic's policy framework so that the next generation of safety commitments reflects what frontier models actually do, not what they are projected to do.
Glasswing access is not available through Anthropic's standard commercial or research channels. There is no application form, no waitlist, and no API key tier that grants access. Organisations that claim to offer Glasswing access through third-party arrangements should be treated with extreme scepticism.
The specifications in context: 1M tokens and 128K output
The technical specifications matter beyond the headline numbers. A 1M-token context window, when paired with a 128K maximum output ceiling, changes the practical shape of what a model can do in a single inference pass.
For cybersecurity work specifically, the combination is significant. A full firmware binary, plus the associated kernel source tree, plus historical CVE descriptions, plus a memory-safe rewrite specification — a complete defensive analysis context — sits comfortably inside 1M tokens. The 128K output ceiling means the model can return a detailed, structured vulnerability report with recommended patches in a single call rather than across a fragmented multi-turn session. The operational attack surface of multi-turn sessions — where state drift or prompt injection between turns becomes a vector — shrinks considerably.
For comparison with the model most builders are currently using, here is how Mythos Preview stacks up against Claude Opus 4.7 on confirmed specifications:
| Specification | Claude Mythos Preview | Claude Opus 4.7 |
|---|---|---|
| Context window | 1,000,000 tokens | 1,000,000 tokens |
| Max output tokens | 128,000 | ~32,000 (standard) |
| Knowledge cutoff | December 2025 | Early 2025 |
| Public availability | No — Glasswing only | Yes — API + Claude.ai |
| Primary evaluation domain | Defensive cybersecurity | General (developer flagship) |
| Zero-day discovery claim | Yes (Anthropic confirmed) | Not claimed |
| Commercial pricing | Not announced | $5/MTok in, $25/MTok out (per Anthropic pricing page) |
The 128K output ceiling on Mythos is four times the standard ceiling on Opus 4.7. For defenders generating exhaustive patch documentation, threat-model outputs, or structured incident reports, this is a meaningful operational advantage — not a cosmetic one.
What the cybersecurity capability actually means
Anthropic's claim that Mythos can identify zero-day vulnerabilities across every major OS and browser is the single most consequential sentence in the announcement, and it warrants careful interpretation.
First, what it does not mean: it does not mean Mythos autonomously discovers and weaponises exploits without human direction. Anthropic's framing is consistently defensive — the capability is being evaluated in the context of finding vulnerabilities so they can be patched, not so they can be exploited. The Glasswing cohort is explicitly composed of defenders, not offensive actors.
What it does mean: Mythos represents the first publicly confirmed instance of a large language model being attributed — by its own developer — with vulnerability-discovery capability at cross-platform breadth. Previous models, including GPT-4 variants and earlier Claude versions, have demonstrated narrow, context-specific vulnerability analysis. Cross-platform zero-day discovery at the depth implied by Anthropic's statement is a qualitatively different capability tier.
The implication for the wider ecosystem is that the capability exists in the world now, regardless of access controls. The question is not whether frontier models can discover zero-days — Anthropic has answered that — but how quickly the defensive community can build detection and patching workflows that run faster than adversarial adoption of equivalent capabilities. Glasswing is Anthropic's bet on that race.
Anthropic's frontier safety strategy: RSP in practice
Mythos Preview is the clearest evidence yet that Anthropic's Responsible Scaling Policy is functioning as a genuine operational constraint, not a marketing document. The RSP defines a tiered framework of AI Safety Levels (ASL), with each tier triggering mandatory access restrictions and evaluation protocols before a model can be deployed more broadly.
Anthropic has not disclosed which ASL tier Mythos occupies. The Glasswing gating may suggest the model has crossed an ASL-3 threshold under Anthropic's Responsible Scaling Policy — though Anthropic has not confirmed which ASL tier Mythos occupies. For context, ASL-3 is the RSP designation for "models that could provide meaningful uplift to those seeking to create novel biological, chemical, nuclear, or radiological weapons with potential for mass casualties, or that could meaningfully assist attacks on critical infrastructure." Cybersecurity capabilities that enable cross-platform zero-day discovery sit in the critical infrastructure domain; whether Mythos formally meets the ASL-3 bar is an assessment only Anthropic has made.
The practical effect of RSP-triggered gating is that Mythos will not follow the typical frontier model release trajectory — limited beta, expanded beta, general availability. It may never reach general availability in its current form. Anthropic's stated preference is to use Glasswing evaluations to develop capability-specific safety mitigations — essentially, fine-tuned restrictions that allow the model's general intelligence to be deployed commercially while its most dangerous specific capabilities are constrained. Whether that approach succeeds technically is an open research question.
The broader regulatory context reinforces the point. The EU AI Act's GPAI rules, which go live in August 2026, explicitly require frontier model providers to conduct systematic adversarial testing before deployment — the kind of testing Glasswing operationalises. Anthropic is, at minimum, structuring its frontier safety work to be demonstrably compliant with what is about to become binding EU law. UK AI policy, while still evolving under the Frontier AI Bill, is tracking similar principles. Being ahead of the regulatory curve on this is not coincidental.
What this means for builders in India and the UK
The most honest answer is: for most builders, Mythos Preview changes nothing immediately. The model is not accessible. Opus 4.7 remains Anthropic's commercial flagship, and the work of shipping AI products in India and the UK proceeds on the same technical foundations it did last week.
But the indirect implications are real and worth tracking carefully, particularly if your work touches any of the following areas:
Security tooling and vulnerability research
Builders developing penetration testing tools, static analysis pipelines, or vulnerability triage systems using any frontier model should expect Anthropic's usage policies to tighten in the medium term. Glasswing's findings will feed directly into updated policy guidance. If your tool uses Claude in a way that could be construed as offensive — even if your intent is purely defensive — review your use-case framing against Anthropic's current acceptable use policy now, before that policy updates.
Defence and government-adjacent applications
Indian and UK builders working with defence ministries, NCSC equivalents, or critical-infrastructure operators have a clearer potential path to Glasswing access than commercial builders — not because the door is wide open, but because the selection criteria explicitly favour established institutional relationships with national security mandates. If your organisation has those relationships, it is worth formally signalling interest to Anthropic's safety team through existing commercial account contacts.
Compliance and risk-management products
For teams building AI risk assessment tools, the existence of Mythos-level capability is itself a material fact for risk models. If your product helps organisations assess AI-related cyber risk, the confirmed arrival of cross-platform zero-day discovery capability at LLM scale needs to be in your threat model. Your customers' CISOs are already asking about it.
The general builder population
For builders working in domains unrelated to security — SaaS tooling, consumer applications, data infrastructure — the primary takeaway is strategic rather than operational. Frontier model capabilities are advancing faster than the public release cadence suggests. The gap between what frontier models can do and what is publicly available is growing, not shrinking. Build your product architecture to be model-agnostic where possible, so that when more capable models do reach general availability, adoption is a configuration change rather than a rebuild.
Subscribe to Anthropic's policy update mailing list and monitor the RSP changelog directly — not via third-party summaries. When Mythos-derived safety mitigations land in the general API, the relevant usage policy changes will appear there first. The gap between policy update and public awareness is currently measured in days; it is worth closing that gap to hours if your product touches any dual-use domain.
What happens next
Project Glasswing is described by Anthropic as a new programme specific to this capability tier, so there is no established precedent for how long the evaluation phase will run. The programme allows the defensive cohort to build and validate patching workflows, allows Anthropic to develop and test capability-specific mitigations, and allows the regulatory environment to stabilise sufficiently to provide a compliance basis for wider deployment.
The most likely near-term outcome is not a general availability announcement for Mythos. It is an update to Anthropic's model card and usage policy guidance that reflects what Glasswing has learned — updated definitions of what constitutes acceptable security research use, new rate limits or monitoring requirements for security-adjacent API use, and potentially new certification pathways for organisations that want access to frontier model capabilities in this domain.
Meanwhile, Opus 4.7 continues to be the right tool for the vast majority of AI builders. Its 1M-token context window, covered in detail in our earlier analysis, is genuinely useful for long-context production work. The existence of a more capable gated model does not diminish that. It does, however, clarify the direction of travel.
Anthropic is building toward a world where the most capable AI systems are not uniformly available — where access is mediated by demonstrated safety practices, institutional accountability, and compliance with policy frameworks that are still being written. For builders in India and the UK navigating that world, the most durable advantage is not early access to any particular model. It is the organisational practice of building responsibly enough to qualify for access when the gates eventually open.
Are you building in AI security or a defence-adjacent domain?
AI Tech Connect is the verified directory for Indian and UK AI builders. Add your profile and get found by organisations building in your space.
Add your profile →