In late March 2026, Anthropic accidentally left nearly 3,000 internal files in a publicly searchable data store. Among them was a draft blog post announcing their next model: Claude Mythos. Internally codenamed Capybara, Anthropic's own words described it as "by far the most powerful AI model we've ever developed" and "a step change" in capabilities. Two weeks later, Anthropic formally unveiled it through Project Glasswing, a cybersecurity initiative, and made one thing very clear: this model is not for you. The reaction was predictable. Headlines screamed about danger. Benchmarks circulated showing Mythos crushing every evaluation in existence. And the AI community split into two camps: those who believed Anthropic had built something genuinely unprecedented, and those who smelled the same hype cycle we've seen before. I'm somewhere in between, and I think the more interesting question isn't whether Mythos is powerful. It's whether the secrecy is justified, or whether we're watching the birth of a new playbook for controlling AI access.

What we actually know

Let's start with the facts. Claude Mythos Preview is a general-purpose language model that sits above Opus in Anthropic's model hierarchy, creating a new tier called Capybara. According to the system card Anthropic published on April 7, the model achieved a 93.9% score on SWE-bench Verified, 97.6% on USAMO 2026, 94.5% on GPQA Diamond, and a 100% success rate on Cybench, a cybersecurity evaluation benchmark. No other model has achieved that last number. On long-context reasoning, Mythos scored 80% on GraphWalks BFS, nearly four times GPT-5.4's score on million-token tasks. On agentic benchmarks, it hit 79.6% on OSWorld and 86.9% on BrowseComp. The system card also notes that Mythos demonstrates remarkable token efficiency, completing tasks with roughly 20% of the tokens Opus 4.6 requires while achieving better results. These numbers are genuinely impressive. The gap between Mythos and every other model, including GPT-5.4 and Gemini 3.1 Pro, is large enough that multiple independent analysts have called it a capability discontinuity rather than an incremental improvement. But here's the thing: we can't verify any of this ourselves. The model isn't publicly available. There's no API access. The benchmarks come from Anthropic's own system card and their red team's evaluations. We're taking their word for it.

The GPT-3 playbook

This feels familiar because we've been here before. When OpenAI first demonstrated GPT-3 in 2020, the reaction followed the same pattern. Cherry-picked demos that looked like magic. Breathless coverage about capabilities that seemed impossible. A carefully managed rollout that kept most people on the outside looking in. And a waiting period where the hype had nothing to compete against except imagination. GPT-3 was genuinely impressive for its time. But the mystique it carried during the restricted access period was disproportionate to the experience people eventually had when they could actually use it. The demos were curated. The failures were hidden. And by the time everyone got access, the technology had been mythologized beyond what the actual product could deliver. I'm not saying Mythos isn't as good as the benchmarks suggest. It might be. But the pattern of building hype during a period of restricted access is a proven marketing strategy in this industry, whether or not that's the stated intention.

Project Glasswing, or how to make restriction look noble

Anthropic's stated reason for not releasing Mythos publicly is cybersecurity risk. The model is "currently far ahead of any other AI model in cyber capabilities" and "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders." In response, they launched Project Glasswing, a coalition including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The pitch is straightforward: give defenders a head start. Use Mythos to find and patch vulnerabilities in critical infrastructure before adversaries can exploit them. Anthropic committed up to $100 million in usage credits for partners and over 40 additional organizations that maintain critical software. It's a compelling narrative. And to be fair, the cybersecurity angle isn't baseless. Anthropic's Frontier Red Team published detailed evaluations showing the model can discover, reproduce, and patch real-world vulnerabilities at a level that surpasses all but the most skilled human security researchers. Mythos has reportedly already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. But the framing deserves scrutiny. "Too dangerous to release" is an extraordinary claim that also happens to be extraordinarily good marketing. It positions Anthropic as the responsible steward of dangerous technology, which is exactly the brand they've been building since day one. It creates scarcity and mystique around the model. And it gives them a reason to restrict access to a small group of enterprise partners, the kind of customers who pay significantly more than $20-a-month subscribers. Newton Cheng, the cyber lead for Anthropic's frontier red team, told The Verge that the model will ideally give cyber defenders a "head start" against adversaries. But Logan Graham from Anthropic also acknowledged that "Project Glasswing is the starting point. It will fail if it's just a handful of companies using a model. It has to grow into something even larger." So the plan is expansion, eventually. The question is on whose terms.

The cost nobody wants to talk about

Buried beneath the safety narrative is a more mundane reality: Mythos is expensive. The leaked draft flagged that it's a large, compute-intensive model, expensive for Anthropic to serve and expensive for customers to use. The Times of India reported that even without cybersecurity concerns, a wide launch may not have been feasible anyway. Current Claude Opus 4.6 pricing sits at $5 input and $25 output per million tokens. Capybara, as a tier above Opus, costs significantly more. Anthropic's Project Glasswing announcement confirms the pricing at $25 input and $125 output per million tokens. At those rates, the model exists exclusively for enterprise customers with deep pockets. Individual developers and startups are priced out by default. This is the part that doesn't get enough attention. When a company says a model is "too dangerous to release," it's worth asking whether it's also too expensive to release. The safety framing and the business model happen to align perfectly: restrict access to high-paying enterprise partners, position it as responsibility, and build demand for the eventual consumer-tier version that will arrive once the compute costs come down.

The real question nobody is asking

Here's where it gets genuinely interesting. All the discourse about whether Mythos is overhyped or legitimately dangerous is circling around a much bigger question that nobody seems willing to sit with: is there a maximum level of AI intelligence that we should safely achieve without breaking the systems society depends on? This isn't hypothetical anymore. If a model can find vulnerabilities in every major operating system and web browser, it can also find vulnerabilities in the cryptographic protocols that secure banking, communications, and government infrastructure. The same reasoning capability that makes Mythos useful for defense makes it useful for attack. The system card acknowledges this explicitly. We've seen this exact tension before with quantum computing. For years, researchers have warned that sufficiently powerful quantum computers could break RSA encryption and other cryptographic standards that the modern internet relies on. The response has been a slow, expensive migration toward post-quantum cryptography, driven by the assumption that the threat is still years away. But AI doesn't follow the same timeline as quantum hardware. Quantum computers need physical breakthroughs in qubit stability and error correction. AI models just need more compute and better training. The gap between "theoretically possible" and "deployed in production" is measured in months, not decades. So when Anthropic says Mythos "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders," they're making a prediction about the near future, not the distant one. And the uncomfortable implication is that the cybersecurity threat isn't unique to Mythos. It's a property of any sufficiently capable model. Google, OpenAI, and every other frontier lab will reach this threshold too. Restricting one model doesn't solve the underlying problem.

Who decides?

This brings us to the governance question, which is the one I keep coming back to. Right now, the decision about whether a model is "too dangerous" to release is made by the company that built it. Anthropic decided. Not a regulator, not an international body, not a democratic process. A private company looked at its own product and said, "We'll decide who gets access to this." To their credit, Anthropic has been more transparent than most. They published a detailed system card, engaged their red team publicly, and formed a coalition of major companies to share the responsibility. That's better than releasing quietly and hoping for the best. But it still concentrates an enormous amount of power in a single company. Anthropic gets to decide which organizations are "critical" enough to deserve access. They get to define what "defensive" use looks like. They get to set the timeline for broader availability. And they get to capture the economic value of scarcity in the meantime. The AI safety community has been debating these governance questions for years, but the debates have been mostly theoretical. Mythos makes them concrete. When a company builds something that can genuinely compromise the security infrastructure of modern society, who should have the authority to restrict or release it? The company? Governments? An international body? The open-source community? There are no good answers yet. But the fact that we're relying on corporate self-regulation for decisions of this magnitude should make everyone uncomfortable, including the people at Anthropic.

What's actually going forward

Anthropic has said they don't plan to make Mythos Preview generally available. Their stated goal is to "safely deploy Mythos-class models at scale" once new safeguards are in place, and they plan to begin testing those safeguards with an upcoming Claude Opus model. Translated: the capabilities in Mythos will eventually trickle down into consumer-facing models, probably within months. The safety testing happening through Glasswing will inform the guardrails on those future releases. And the enterprise customers getting early access right now are essentially beta testers for the deployment framework. This is probably the right approach, pragmatically. But it doesn't resolve the deeper tension. Every generation of AI models is more capable than the last. The cybersecurity concerns that apply to Mythos today will apply to the next Opus model tomorrow and to open-source models within a year or two. The window where you can contain these capabilities is shrinking, and it's not clear that any amount of corporate coalition-building can keep pace. I think about this a lot: we're in a period where the most consequential decisions about AI are being made by a handful of companies in San Francisco, and the rest of the world is just watching the blog posts roll in. Mythos might be the most powerful model ever built. It might also be the most effective piece of marketing Anthropic has ever produced. The honest answer is that without public access, we genuinely don't know which one it is. And maybe that's the most important thing to sit with right now. Not the benchmarks, not the hype, not the safety narrative. Just the simple fact that we're being asked to trust, and we don't have the tools to verify.

References