When Anthropic launched Claude Mythos Preview in April, the company made clear it had no intention of offering the model to the public. The rationale was straightforward: a model capable of discovering thousands of software vulnerabilities in hours was too dangerous to ship freely before defenders had a chance to catch up. Six weeks later, Anthropic has said something new. The company now says it wants to release Mythos-class capabilities to the general public eventually. The condition is that stronger safeguards must be built first. As of this week, Anthropic acknowledges those safeguards do not exist at any company in the industry, including its own.

A First Commitment to General Release

The statement came on May 22, as part of Anthropic's update to Project Glasswing, the controlled-access security research program running since April. In language the company had not previously used, Anthropic wrote that "in the near future, once we've developed the far stronger safeguards we need, we look forward to making Mythos-class models available through a general release." That phrasing marks the first time Anthropic has committed, even in principle, to a general release path for a capability class it had previously described in almost exclusively restricted terms. Before this statement, the company's public posture suggested Mythos and its successors might remain inside specialist security programs indefinitely.

The caveat is equally significant. Anthropic simultaneously acknowledged that "at present, no company, including Anthropic, has developed safeguards strong enough to prevent such models from being misused and potentially causing severe harm." Independent analysts quoted in coverage of the update do not expect a general release of Mythos-class capabilities before late 2027 at the earliest.

Project Glasswing at a Glance

  • Partner organizations with Mythos access~50
  • High/critical-severity vulnerabilities found10,000+
  • UK AI Security Institute confirmationBoth cyber range simulations solved end-to-end
  • Claude Security beta: vulnerabilities patched2,100+
  • Documented exampleCVE-2026-5194 in wolfSSL (billions of devices)

What "Stronger Safeguards" Means in Practice

The challenge of building adequate safeguards for a model of Mythos's capability is not well-understood outside AI safety circles. At its core, the problem is asymmetric exposure. A model that can discover critical vulnerabilities in production software within hours provides enormous value to defenders who can use those findings to patch code before exploitation. It provides an equivalent advantage to attackers who can use the same findings to build working exploits. The question is whether technical and operational controls can reliably separate these two uses at scale.

What Anthropic is working toward includes better evaluation frameworks for distinguishing offensive from defensive use, stronger identity verification for API access, and monitoring systems capable of catching misuse at the volume a public release would bring. None of those problems is considered solved. The UK AI Security Institute, which has been running independent evaluations of Mythos Preview, confirmed recently that the model became the first to solve both of its cyber range simulations end to end. That result shows how far ahead of current safety measures the raw capability already sits.

"At present, no company -- including Anthropic -- has developed safeguards strong enough to prevent such models from being misused and potentially causing severe harm." Anthropic, Project Glasswing update, May 2026

Glasswing Expanding, Claude Security Now in Public Beta

While the public release pathway remains distant, the Glasswing program is growing. Roughly 50 partner organizations now have access to Mythos Preview in controlled security workflows, up from the smaller founding group that launched in April. The cumulative tally of high- or critical-severity vulnerabilities identified stands above 10,000 across widely used software. Among the documented cases is CVE-2026-5194, a flaw in wolfSSL, the open-source cryptographic library embedded in billions of devices worldwide.

Anthropic also launched Claude Security in public beta on May 22, a parallel product that works differently from Mythos Preview. Claude Security uses Claude Opus 4.7, the commercially available model, to scan code repositories for vulnerabilities and generate proposed fixes. In its first three weeks, it was used to patch more than 2,100 vulnerabilities across enterprise codebases. The product is available to Claude Enterprise customers and sits well below the capability threshold of Mythos itself.

The Wider Stakes

The May 22 commitment to a general release, however qualified, matters beyond the security context. The original Mythos announcement was widely read as the clearest example yet of a frontier AI lab making a unilateral non-release decision on capability grounds. The new language suggests that decision is provisional, shaped by what gets built on the safety side over the next year or two rather than a permanent state of affairs.

For enterprises tracking the Glasswing program, the practical implication is a tiered rollout: broader enterprise access likely before broader public access, with general availability depending on whether the safety infrastructure keeps pace with the capability. The pressure to release tends to grow with time. Competing labs have not demonstrated the same restraint with previous capability thresholds. Anthropic's statement is a bet that safety work can move fast enough to make the release responsible before commercial and competitive pressures make it simply inevitable.

Further reading: Learn more about Claude's model family, read our background on Anthropic, or browse the latest Claude AI news.