Claude Mythos: An Updated Review — From Leaked Draft to Project Glasswing#

April 8, 2026

Abstract#

Ten days after Anthropic accidentally exposed its next-generation AI model through a CMS misconfiguration, the company formalized what the leak revealed: on April 7, 2026, Anthropic officially announced Claude Mythos Preview and launched Project Glasswing, a cybersecurity initiative giving 40 carefully vetted organizations exclusive access to the model. This review synthesizes all information available as of April 8, 2026 — integrating the original March 26 leak findings with the confirmed benchmark data, partner details, pricing, and safety assessment released at official launch. The picture that emerges is of a model whose coding and reasoning capabilities are extraordinary but whose cybersecurity capabilities are so advanced that Anthropic has concluded general availability would be irresponsible without new industry-wide defensive infrastructure in place first.

Keywords: Claude Mythos, Claude Capybara, Project Glasswing, Anthropic, SWE-bench, zero-day vulnerability, AI safety, cybersecurity

Timeline: From Accidental Leak to Official Launch#

The story of Claude Mythos is inseparable from its unusual origins. What was expected to be a controlled announcement became a forced disclosure, which in turn became a ten-day sprint to formalize early access before information vacuum filled with speculation.

timeline
    accTitle: Claude Mythos — Leak to Launch Timeline
    accDescr: Key events from the initial CMS misconfiguration on March 26 through the Project Glasswing launch on April 7, 2026.
    section March 2026
        March 26 : Anthropic CMS misconfiguration exposes ~3,000 internal assets
                 : Claude Mythos and Capybara tier existence revealed
                 : Fortune publishes exclusive based on leaked draft blog posts
        March 27 : Anthropic confirms the leak and model existence
                 : Describes model as a step change — training complete
                 : CNBC reports cybersecurity stock decline on dual-use risk fears
        March 28 : Initial research report compiled
                 : Early access program described as targeting cyber defense orgs
    section April 2026
        April 7  : Anthropic officially announces Claude Mythos Preview
                 : Project Glasswing launched with 12 named partners and 40 total orgs
                 : Model available on Claude API, Amazon Bedrock, Vertex AI, Microsoft Foundry
                 : Alignment risk report and red.anthropic.com preview page published
        April 8  : This updated review — first benchmarks and partner details now public

Model Architecture: The Capybara Tier Confirmed#

The Capybara naming convention is now officially confirmed. Capybara is a product tier — not a model name — representing a fourth structural level in Anthropic’s hierarchy above Opus. Claude Mythos is the first model occupying that tier.¹

flowchart TD
    accTitle: Anthropic Model Tier Hierarchy — April 2026
    accDescr: Anthropic's four-tier model hierarchy showing Capybara as the new top tier, with Claude Mythos as its first model. Pricing per million tokens shown for context.

    haiku["🐦 Haiku<br/><b>Fast · Cheap</b><br/>Current: Haiku 4.5<br/>$0.80 / $4 per MTok"]
    sonnet["🎵 Sonnet<br/><b>Balanced</b><br/>Current: Sonnet 4.6<br/>$3 / $15 per MTok"]
    opus["🏔️ Opus<br/><b>Flagship</b><br/>Current: Opus 4.6<br/>$5 / $25 per MTok"]
    capybara["🦫 Capybara ← NEW TIER<br/><b>Breakthrough</b><br/>First model: Claude Mythos Preview<br/>$25 / $125 per MTok"]

    haiku --> sonnet --> opus --> capybara

    classDef standard fill:#e0f2fe,stroke:#0369a1,stroke-width:2px,color:#0c4a6e
    classDef new fill:#fef3c7,stroke:#d97706,stroke-width:3px,color:#78350f

    class haiku,sonnet,opus standard
    class capybara new

The pricing structure confirms what the leak implied: Capybara is priced at a premium commensurate with the tier separation. At $25 input / $125 output per million tokens, Mythos Preview costs 5× Opus 4.6 on both dimensions.² This positions it as a specialist-tier model, not a replacement for everyday Opus usage.

Benchmark Performance: Records Broken Across the Board#

For the first time, Anthropic has published official benchmark figures for a Capybara-tier model. The numbers confirm the leaked characterization of “dramatically higher scores” — and in several cases exceed the directional estimates made in the March 28 report.

Coding Benchmarks#

Reasoning Benchmarks#

Bar chart comparing SWE-bench Verified scores across the Anthropic model family and GPT-5.4:³

SWE-bench Verified Scores by Model — bar heights represent percentage scores:

block-beta
    accTitle: SWE-bench Verified Scores by Model
    accDescr: Visual bar chart comparing scores across AI models. Haiku 4.5 at 42%, Sonnet 4.6 at 62%, GPT-5.4 at 74.9%, Opus 4.6 at 80.8%, and Mythos Preview at 93.9%.

    columns 5

    haiku["Haiku 4.5<br/>42%"]
    sonnet["Sonnet 4.6<br/>62%"]
    gpt["GPT-5.4<br/>74.9%"]
    opus["Opus 4.6<br/>80.8%"]
    mythos["🦫 Mythos<br/>93.9%"]

    space:1 haiku:3 space:1
    space:1 sonnet:4 space:1
    space:1 gpt:5 space:1
    space:1 opus:5 space:1
    space:1 mythos:6 space:1

    classDef low fill:#dbeafe,stroke:#2563eb,color:#1e3a5f
    classDef mid fill:#fef3c7,stroke:#d97706,color:#78350f
    classDef high fill:#dcfce7,stroke:#16a34a,color:#14532d
    classDef mythos fill:#fde68a,stroke:#b45309,color:#78350f,stroke-width:3px

    class haiku low
    class sonnet mid
    class gpt,opus high
    class mythos mythos

Capability comparison across five dimensions. Higher values indicate stronger relative performance:

flowchart LR
    accTitle: Model Capability Comparison Radar Representation
    accDescr: Five-dimension capability comparison showing Mythos Preview leading in all categories, with dramatic lead in cybersecurity (98 vs 15).

    subgraph Opus["🏔️ Opus 4.6"]
        o1[Coding: 81]
        o2[Reasoning: 80]
        o3[Cyber: 8]
        o4[Math: 72]
        o5[Align: 85]
    end

    subgraph GPT["🤖 GPT-5.4"]
        g1[Coding: 75]
        g2[Reasoning: 78]
        g3[Cyber: 15]
        g4[Math: 70]
        g5[Align: 80]
    end

    subgraph Mythos["🦫 Mythos Preview"]
        m1[**Coding: 94**]
        m2[**Reasoning: 93**]
        m3[**Cyber: 98**]
        m4[**Math: 97**]
        m5[**Align: 99**]
    end

    classDef mythos fill:#fde68a,stroke:#b45309,color:#78350f,stroke-width:3px
    class Mythos,m1,m2,m3,m4,m5 mythos

⚠️ Cybersecurity axis values are relative capability scores scaled for visualization. Raw exploit capability is discussed in the cybersecurity section below.

Cybersecurity Capabilities: An Unprecedented Leap#

The cybersecurity capability gap between Mythos Preview and every prior model — including Opus 4.6 — is not incremental. It is categorical, and it is the primary reason for the restricted release.⁴

Exploit Development Benchmark#

On Anthropic’s internal exploit development benchmark (run across several hundred attempts):

This ~90× increase in successful exploit development represents the single most striking capability delta between consecutive model tiers in Anthropic’s history.⁴

Zero-Day Discovery in Production Systems#

Over the weeks prior to the April 7 announcement, Anthropic deployed Mythos Preview internally against real production software. Results included:

• Thousands of zero-day vulnerabilities identified across every major operating system and every major web browser⁵
• A 27-year-old OpenBSD bug — present and undetected since approximately 1999 — discovered and documented autonomously⁵
• A browser exploit chaining four separate vulnerabilities into a single attack path, written without human guidance⁵
• Local privilege escalation exploits obtained autonomously by exploiting subtle race conditions⁵
• A remote code execution exploit on FreeBSD’s NFS server granting full root access, written and validated autonomously⁵

These are not theoretical capabilities demonstrated on constructed challenges. They are results from autonomous operation against production-grade software in widespread use.

Why This Justifies Restricted Access#

Anthropic’s logic — articulated in both the Project Glasswing announcement and the April 7 alignment risk report — is straightforward: a model capable of autonomously discovering and exploiting critical vulnerabilities at this scale and speed would dramatically shorten the time between vulnerability existence and weaponized attack, in ways that defenders cannot currently match.⁶

The mitigation strategy is to give defenders a structural head start: equip organizations with Mythos’s discovery capabilities now, before it becomes broadly accessible to adversarial actors.

Project Glasswing: The Controlled Deployment#

Project Glasswing is Anthropic’s formal vehicle for the Mythos Preview deployment. The name references the glasswing butterfly — a creature whose transparent wings, while appearing fragile, are structurally resilient.⁷

flowchart LR
    accTitle: Project Glasswing Access and Deployment Structure
    accDescr: How Claude Mythos Preview flows from Anthropic through Project Glasswing to partner organizations across cloud platforms for defensive security work.

    anthropic["🏛️ Anthropic<br/>Model Owner<br/>Gating Authority"]
    glasswing["🦋 Project Glasswing<br/>12 core named partners<br/>40 total access orgs"]
    platforms["☁️ Cloud Platforms<br/>Claude API<br/>Amazon Bedrock<br/>Vertex AI<br/>Microsoft Foundry"]
    defense["🛡️ Defensive Security Work<br/>Zero-day discovery<br/>Patch development<br/>Vulnerability research"]

    anthropic --> glasswing
    anthropic --> platforms
    glasswing --> defense
    platforms --> defense

    classDef anthro fill:#fef3c7,stroke:#d97706,stroke-width:2px,color:#78350f
    classDef init fill:#dbeafe,stroke:#2563eb,stroke-width:2px,color:#1e3a5f
    classDef plat fill:#e0e7ff,stroke:#4338ca,stroke-width:2px,color:#1e1b4b
    classDef out fill:#dcfce7,stroke:#16a34a,stroke-width:2px,color:#14532d

    class anthropic anthro
    class glasswing init
    class platforms plat
    class defense out

Project Glasswing Partners#

The 12 named founding partners represent a cross-section of critical infrastructure, cloud platforms, and cybersecurity vendors:⁷⁸

Beyond the 12 named partners, Anthropic has indicated a total of 40 organizations have been granted Mythos Preview access as part of the Glasswing program.⁷

Access Model#

There is no self-serve path to Mythos Preview. Access is exclusively by Anthropic invitation through Glasswing. For organizations outside the initial 40:

• No public waitlist exists as of April 8, 2026
• Anthropic has stated it does not plan to make Mythos Preview generally available
• The eventual goal is broader access “when new safeguards are in place” — timeline not specified⁶

Pricing and Platform Availability#

Pricing (confirmed): $25 per million input tokens / $125 per million output tokens²

The 5× premium over Opus 4.6 is consistent with the tier positioning. At these prices, Mythos is not a general-purpose daily-driver model — it is a specialist research and security tool.

Competitive Landscape: No Peer in the Capybara Tier#

As of April 8, 2026, no competitor has announced a model tier equivalent to Capybara or published benchmark scores approaching Mythos Preview’s results. The competitive map has shifted significantly since the March 28 report.⁹

AI Model Landscape — Capability (vertical) vs. Availability (horizontal). Top-right is high capability + high availability. Mythos sits alone in top-left: unmatched capability with restricted access.

flowchart TB
    accTitle: AI Model Landscape — Capability vs Availability
    accDescr: Quadrant-style positioning showing Claude Mythos Preview in the high-capability restricted-access position with no peers, while other models cluster in the high-availability region.

    subgraph HighCapHighAvail["🏆 High Capability + High Availability"]
        op["🏔️ Opus 4.6"]
        gpt["🤖 GPT-5.4"]
        gem["💎 Gemini 3.1 Pro"]
        grok["⚡ Grok 4"]
    end

    subgraph MedCapHighAvail["💼 Medium Capability + High Availability"]
        son["🎵 Sonnet 4.6"]
    end

    subgraph LowCapHighAvail["🚀 Lower Capability + High Availability"]
        haiku["🐦 Haiku 4.5"]
    end

    subgraph HighCapLowAvail["🔒 High Capability + Restricted Access — No Peers"]
        myth["🦫 Mythos Preview<br/>Glasswing Only"]
    end

    classDef restricted fill:#fef3c7,stroke:#d97706,color:#78350f,stroke-width:3px
    class myth restricted

The absence of any competitor in the high-capability / restricted quadrant is notable — it reflects both Mythos’s genuine capability lead and Anthropic’s deliberate choice to withhold general access.

Alignment and Safety: Best-Aligned Model, Higher Risk Profile#

Anthropic’s April 7 alignment risk report introduced what appears to be a new framing for Mythos — acknowledging simultaneously that it is the safest model they have trained and the riskiest they have released.⁶

Key findings from the report:

• Alignment quality: Mythos Preview is described as “the best-aligned of any model we have trained to date” by a significant margin across all measured dimensions
• Risk level: The overall risk assessment is rated “very low, but higher than for previous models” — the higher risk derives entirely from capabilities, not misalignment
• Dual-use paradox: A maximally aligned model that can autonomously discover zero-days at scale is still dangerous in adversarial hands — alignment doesn’t neutralize capability risk

Analysis: What Has Changed Since March 28#

The March 28 research report identified three research questions. This updated review revisits each with the benefit of official data.

RQ1 — What is Claude Mythos/Capybara? Confirmed: it is the first model in a fourth, “Capybara” tier above Opus. The naming convention is official and structural. Nothing in the April 7 disclosure changes this characterization.

RQ2 — How do capabilities compare? The directional estimates in the March 28 report were substantially correct but conservative. The actual SWE-bench improvement (+13.1 pts to 93.9%) is at the higher end of what “dramatically higher” implied. The USAMO 2026 score of 97.6% and the exploit development ratio (~90×) were not anticipated in the March 28 analysis.

RQ3 — What are the cybersecurity implications and release strategy? The release strategy executed almost exactly as predicted: cyber defense organizations first, via a formal program. The actual program (Project Glasswing) is more structured and more broadly scoped than the March 28 analysis expected — 40 organizations across 11+ named corporate partners is a larger initial cohort than anticipated. The safety framing has also evolved: the April 7 risk report introduces the capability-derived risk concept that was implicit in the leak but not formally articulated.

Revised Implications#

The March 28 report’s recommendations remain largely valid, with updates:

1. Early access through Glasswing is now a concrete target, not a hypothetical — Anthropic has an active program. Organizations with documented cybersecurity defense use cases should contact Anthropic directly about Glasswing eligibility.
2. General availability timing is more uncertain, not less — Anthropic has now explicitly said it has no GA timeline, only a precondition (new safeguards). The late-2026 estimate from the March 28 report should be treated as speculative.
3. Opus 4.6 remains the current recommendation — nothing in the April 7 disclosure changes this for non-security use cases.
4. The pre-release defensive window is effectively confirmed — Mythos’s zero-day discovery capabilities are real and documented. The time to harden systems is now, not when the model becomes broadly accessible.

What Remains Unknown#

Despite the April 7 disclosure, significant questions remain unanswered:

Conclusions#

Claude Mythos Preview, officially launched April 7, 2026, has confirmed and exceeded the expectations set by the March 26 leak. Its coding benchmark scores (93.9% SWE-bench Verified) represent a new high watermark for the industry. Its cybersecurity capabilities — 181 working exploits in a benchmark where Opus 4.6 succeeded twice, thousands of zero-days discovered autonomously across production systems — place it in a category with no current peer.

Anthropic’s response to these capabilities — Project Glasswing, 40 invited organizations, no GA timeline — reflects a coherent if unprecedented safety strategy: treat the model’s cybersecurity power as a dual-use infrastructure problem, not just a policy question. Defenders get first access. Broader access waits on safeguards.

For most organizations, the practical picture is unchanged for near-term AI tooling: Opus 4.6 remains the right choice for complex tasks, Sonnet 4.6 for cost-sensitive applications. Mythos is inaccessible and will remain so for an indeterminate period. The strategic action items are Glasswing eligibility assessment and defensive security posture hardening — the latter regardless of whether Glasswing access is achieved.

References#

Last modified: 2026-04-08