Claude Mythos Glasswing Review 2026: Anthropic's Cybersecurity Frontier Model
Claude Mythos Preview powers Project Glasswing — Anthropic's invitation-only cybersecurity initiative. 10,000+ zero-days found, 93.9% SWE-bench Verified, $25/$125 per M tokens.
TL;DR
- Claude Mythos Glasswing is Anthropic's unreleased frontier model (Claude Mythos Preview) deployed exclusively through Project Glasswing, an invitation-only cybersecurity initiative launched April 7, 2026
- It scored 93.9% on SWE-bench Verified and 83.1% on CyberGym — substantially ahead of Claude Opus 4.6
- In its first month, partners used it to autonomously identify over 10,000 high- or critical-severity zero-day vulnerabilities, including a 27-year-old OpenBSD flaw and a 16-year-old FFmpeg bug
- Pricing is $25 per million input tokens and $125 per million output tokens — roughly 5x the cost of Opus 4.6 — and there is no self-serve access
- Not for general developers: Anthropic is intentionally gating it to defenders of critical infrastructure until safeguards catch up
What Is Claude Mythos Glasswing?
Claude Mythos Glasswing isn't a separate product — it's the colloquial name for the pairing of two things Anthropic announced together in April 2026:
- Claude Mythos Preview — an unreleased frontier model that excels at autonomous code analysis, vulnerability discovery, and exploit-path reasoning
- Project Glasswing — the controlled deployment program that gives a closed set of partners early access to Mythos for defensive cybersecurity work
The name "Glasswing" comes from the transparent-winged butterfly. The intent is transparency: rather than ship a capability this powerful into a self-serve API, Anthropic is putting it in the hands of vetted defenders first. Launch partners include Amazon Web Services, Apple, Google, Microsoft, NVIDIA, Cisco, CrowdStrike, JPMorganChase, Palo Alto Networks, Broadcom, and the Linux Foundation — plus over 40 additional organizations responsible for critical infrastructure.
If you've been comparing Anthropic's recent moves against rivals, our AI model comparison guide tracks where Mythos sits relative to GPT-5 and Gemini 3.
Key Features
- Autonomous vulnerability discovery — Mythos doesn't just suggest where to look. It reads codebases, reasons about call graphs, builds proof-of-concept exploits, and validates them with minimal human prompting.
- Long-horizon agentic security work — sustained multi-hour reverse-engineering sessions across large codebases (FFmpeg, OpenBSD, Linux kernel modules).
- Multimodal inputs — accepts text and images, useful for analyzing decompiled binaries, packet captures, and architecture diagrams.
- Defensive-only deployment — Anthropic gates capabilities behind partner agreements and won't ship Mythos to general API customers until misuse safeguards mature.
- Distribution through hyperscalers — available via Claude API, Amazon Bedrock, Google Vertex AI, and Microsoft Foundry — but only with Glasswing approval.
By The Numbers
| Benchmark | Mythos Preview | Claude Opus 4.6 |
|---|---|---|
| SWE-bench Verified | 93.9% | 80.8% |
| SWE-bench Pro | 77.8% | 53.4% |
| CyberGym (vulnerability reproduction) | 83.1% | 66.6% |
| Terminal-Bench 2.0 | 82.0% | 65.4% |
Other concrete numbers worth knowing:
- $25 / 1M input tokens and $125 / 1M output tokens — roughly 5x Opus 4.6 pricing
- 10,000+ zero-day vulnerabilities identified in the first month of Project Glasswing
- $100 million in usage credits committed by Anthropic to partners
- $2.5 million donated to Alpha-Omega and OpenSSF, plus $1.5 million to the Apache Software Foundation
- 50+ partner organizations with access, including 11 named launch partners
- One discovered FFmpeg bug had survived 5 million automated fuzz-test hits before Mythos found it
If you're modeling what running this kind of agentic workload costs, our LLM API token cost calculator handles the per-million-token math.
Glasswing vs Alternatives
There's no real apples-to-apples competitor for Mythos because nothing else is being deployed under this gated cybersecurity model. The closest comparisons by capability — not by deployment model — look like this:
| Capability | Claude Mythos (via Glasswing) | Claude Opus 4.6 | GPT-5 Codex | Cursor / Copilot |
|---|---|---|---|---|
| Public availability | Invite-only | Self-serve API | Self-serve API | Self-serve subscription |
| SWE-bench Verified | 93.9% | 80.8% | ~85% (reported) | Uses underlying model |
| Vulnerability discovery focus | Yes (primary) | Indirect | Indirect | No |
| Autonomous multi-hour sessions | Yes | Limited | Limited | No (IDE-bound) |
| Input pricing per 1M | $25 | ~$5 | ~$8 | Subscription |
| Output pricing per 1M | $125 | ~$25 | ~$40 | Subscription |
| Use case fit | Critical-infra defense | General coding | General coding | Inline editor assist |
For day-to-day engineering work, Opus 4.6, GPT-5 Codex, or a stacked setup like DeepClaude remain the practical choices. For cost-sensitive teams, the recent DeepSeek V4 Pro price cut is worth a look. Mythos is in a different category: it's a defensive-security capability, not a coding assistant you'd swap into your IDE.
Who Should Use Glasswing?
The honest answer: almost no one reading this can. Project Glasswing is invitation-only. But the access criteria are roughly:
- Maintainers of critical open-source infrastructure — kernel projects, cryptographic libraries, widely deployed media codecs
- Hyperscaler security teams at AWS, Google Cloud, Azure, and similar
- Financial-services security organizations with systemic importance (JPMorganChase is a launch partner)
- National-infrastructure defenders coordinating with government cybersecurity agencies
- Major hardware and networking vendors (Cisco, Broadcom, NVIDIA, Palo Alto Networks)
If you're an independent security researcher or a normal SaaS company, Mythos isn't available to you yet — and Anthropic has been explicit that this is intentional. The same capabilities that make it a defender's force-multiplier would make it dangerous in the wrong hands.
How to Get Started
There's no signup form. The process is closer to enterprise partnership than developer onboarding:
- Visit
anthropic.com/glasswing— the official program page. There's a contact form for organizations that maintain critical software or coordinate large-scale security response. - Make the case for partnership — Anthropic prioritizes maintainers of systemically important codebases. Expect to demonstrate scope of impact, existing security practices, and how Mythos credits would be applied to defensive work specifically.
- Choose your deployment surface — approved partners can access Mythos through the Claude API directly, Amazon Bedrock, Google Vertex AI, or Microsoft Foundry. Routing depends on existing cloud relationships.
- Integrate with your vulnerability-management workflow — most partners run Mythos against codebases in long autonomous sessions, then triage findings through their normal disclosure pipelines.
- Apply for usage credits — Anthropic's $100M credit pool is allocated by the Project Glasswing team based on the defensive value of the work.
For anyone outside the program, the practical path is to wait. Anthropic has stated it intends to release "Mythos-class models" once safeguards exist for general distribution.
FAQ
Q: Is Claude Mythos Glasswing a product I can buy?
A: No. Mythos Preview is unreleased, and Project Glasswing is invitation-only. There is no self-serve checkout. Organizations must apply through anthropic.com/glasswing.
Q: How much does it cost? A: For approved partners, pricing is $25 per million input tokens and $125 per million output tokens — about 5x Claude Opus 4.6. Anthropic has committed $100M in usage credits to partners.
Q: When was it launched? A: Project Glasswing was announced April 7, 2026, with 11 named launch partners and 40+ additional participating organizations.
Q: What benchmarks does it score on? A: 93.9% on SWE-bench Verified, 77.8% on SWE-bench Pro, 83.1% on CyberGym, and 82.0% on Terminal-Bench 2.0 — all higher than Claude Opus 4.6.
Q: Why won't Anthropic release it publicly? A: Because the same skills that find and patch vulnerabilities can also build exploits. Anthropic's position is that no current safeguards are strong enough to prevent misuse if a Mythos-class model were generally available.
Q: What real vulnerabilities has it found? A: Reported discoveries include a 27-year-old flaw in OpenBSD that allowed remote system crashes, a 16-year-old FFmpeg bug missed by 5 million automated fuzz-test hits, and chained Linux kernel privilege-escalation bugs.
Q: Where can I access it if I'm approved? A: Through the Claude API directly, Amazon Bedrock, Google Vertex AI, or Microsoft Foundry — whichever fits your existing cloud arrangements.
Q: What should I use instead for normal coding work? A: Claude Opus 4.6, GPT-5 Codex, or a layered setup like DeepClaude are the practical choices for general development. For budget work, DeepSeek V4 Pro is currently the cheapest competitive option.
Verdict
Claude Mythos Glasswing isn't a tool you adopt — it's a signal about where frontier AI is heading. The benchmarks (93.9% on SWE-bench Verified, 83.1% on CyberGym) and the 10,000+ real zero-day disclosures in 30 days tell you the capability gap between "best public coding model" and "best private cybersecurity model" is now wide enough that Anthropic considers it a controlled-distribution decision rather than a product launch.
For maintainers of critical infrastructure, applying to Project Glasswing is a no-brainer if you can clear the bar. For everyone else, the relevant takeaway is forward-looking: Mythos-class capabilities will eventually filter down into the generally available Claude lineup, and your security posture should plan for the day attackers have similar tools. Watch this space.