When Anthropic released Claude Mythos Preview in April under the tight restrictions of Project Glasswing, it framed the decision as a temporary arrangement, one that would hold until defenders had caught up with the model's ability to find and exploit software vulnerabilities at scale. Six weeks later, the company is beginning to show what "caught up" might look like in practice. New infrastructure is being built specifically to connect Mythos-grade scanning to Claude Code and Claude Security, and Glasswing's membership has expanded to include open-source maintainers for the first time.
The signals come together in the same week Anthropic stated publicly, for the first time, that Mythos-class models could reach a general release once the right safeguards are in place. That statement, along with the dashboard development and Glasswing expansion, represents a shift from pure restriction toward a staged widening of access, at a pace the company controls.
What Is Being Built
Anthropic is developing a dedicated Claude Security dashboard that surfaces discovered vulnerabilities, complete with seven-day and thirty-day historical charts and deeper triage results, distinct from the general Claude Code interface. The dashboard is designed to give security teams a structured view of findings from Mythos-grade scans, with sorting, filtering, and export capabilities that match how enterprise security operations actually work. This is not a feature update to an existing product. It is infrastructure built for the assumption that a more capable model will eventually power it.
Separately, the company is building out what it describes as access to Claude Mythos capability inside Claude Code for developers who operate in security-adjacent contexts. The precise rollout model has not been announced, but the architectural work happening inside Anthropic's platform suggests that Mythos 1, the production version of the model currently in preview, is being positioned as the engine behind both Claude Code's most capable security use cases and the Claude Security codebase scanning tool that entered enterprise public beta in April.
Key Facts
- Mythos Preview release dateApril 7, 2026
- Zero-days discovered in preview10,000+
- Glasswing now includesOpen-source projects and defenders
- New dashboard elements7-day and 30-day historical charts, deep triage
- Anthropic's stated condition for general releaseStronger safeguards in place
- Target integrationsClaude Code and Claude Security
Glasswing Reaches Open Source
Project Glasswing launched with a coalition of large operating-system vendors, browser makers, and cloud providers. The logic was straightforward: fix the most widely-used software first, starting with the targets whose patch cycles would affect the most people. That coalition has now expanded to include open-source projects and the maintainer communities that keep them running.
The expansion matters for several reasons. Open-source software underlies a substantial portion of the internet's infrastructure, and open-source maintainers typically operate with fewer resources than the major platform vendors. A maintainer running an important library on nights and weekends is far less equipped to triage a flood of AI-generated vulnerability reports than a dedicated security team at a major cloud provider. Bringing those maintainers into Glasswing earlier, with structured access and coordinated disclosure timelines, means the most critical fixes can reach the broader ecosystem before any widened model access creates new exposure.
"Mythos-grade models could reach the public once the right safeguards are in place. Glasswing is now helping protect a wider range of organizations, including open-source projects." Anthropic, Project Glasswing update, May 2026
The Shift From Restriction to Staged Access
The original framing around Mythos was essentially binary: the model was either in Glasswing or it was not available. What Anthropic is now describing is something more granular. There are pathways for security professionals who need legitimate access to Mythos-grade capabilities for penetration testing, red-teaming, and vulnerability research. There are enterprise tools, Claude Security and the forthcoming dashboard, that route the model's output through a structured interface with audit logging and human review. And there is the Glasswing coalition itself, which has grown from its initial roster of large vendors to include smaller organizations with high-value software.
Each of these represents a tier of access that is narrower than a general API release but broader than the original closed coalition. Anthropic appears to be building toward a model where the capability is distributed, but the distribution is structured around who the user is and what they are doing with it. Security professionals who want direct access to Mythos-grade models through the API can join Anthropic's Cyber Verification Program. Developers using Claude Code will gain access through the tool's normal interface. Enterprise security teams get it through Claude Security.
This approach reflects a broader tension in AI safety that Anthropic has been navigating since Mythos Preview shipped. A model powerful enough to find vulnerabilities faster than any human team is also powerful enough to be misused for offense. The company's bet is that structured, tiered access, combined with the defensive headstart that Glasswing provides, produces better outcomes than either complete restriction or open release. Whether that bet holds as Mythos capabilities move closer to Claude Code's general user base is a question that will become concrete over the next few months. Those interested in the broader context can read about Project Glasswing's findings or explore Claude's model family.
