Claude Mythos Preview: Benchmarks, Pricing & Project Glasswing

Anthropic announced Claude Mythos Preview on April 7, 2026, alongside Project Glasswing, a cross-industry initiative to secure critical software using frontier AI. The model is not planned for general availability. It is the highest-scoring model on record across SWE-bench Verified (93.9%), GPQA Diamond (94.6%), and CyberGym (83.1%), and has autonomously discovered thousands of zero-day vulnerabilities in every major operating system and browser.

The name comes from the Ancient Greek for "utterance" or "narrative." Anthropic describes it as a general-purpose frontier model whose coding and reasoning capabilities have crossed a threshold where it can "surpass all but the most skilled humans at finding and exploiting software vulnerabilities."

Key Facts

Model

• New model tier above Opus. Internal codename was "Capybara." Larger and more capable than any previous Claude model. 244-page system card.
• 4.3x the previous trendline for model performance increases. No parameter count disclosed.
• Deployed under ASL-3 Standard. Decision not to release publicly does not stem from RSP requirements, but from offensive cyber capability concerns.
• Not generally available. Restricted to Project Glasswing partners (12 orgs) + 40 additional vetted organizations. No public API, no Claude.ai access.
• Pricing for participants: $25 / $125 per million input / output tokens (5x Opus 4.6). $100M in credits provided.
• Available via Claude API, Amazon Bedrock, Google Vertex AI, Microsoft Foundry.

Performance (Mythos / Opus 4.6 / GPT-5.4 / Gemini 3.1 Pro)

• USAMO 2026: 97.6% / 42.3% / 95.2% / 74.4%. Largest single jump: +55pp over Opus 4.6 on math proofs.
• SWE-bench Verified: 93.9% / 80.8% / — / 80.6%. Highest score ever recorded.
• SWE-bench Pro: 77.8% / 53.4% / 57.7% / 54.2%.
• Terminal-Bench 2.0: 82.0% / 65.4% / 75.1% / 68.5%. Reaches 92.1% with extended timeouts.
• GPQA Diamond: 94.6% / 91.3% / 92.8% / 94.3%.
• HLE (with tools): 64.7% / 53.1% / 52.1% / 51.4%. Without tools: 56.8% / 40.0% / 39.8% / 44.4%.
• CyberGym: 83.1% / 66.6%. Cybench: 100% pass@1 (saturated).
• GraphWalks BFS 256K–1M: 80.0% / 38.7% / 21.4% / —. Long-context reasoning more than doubled.
• CharXiv Reasoning (with tools): 93.2% / 78.9%. Without tools: 86.1% / 61.5%.
• LAB-Bench FigQA (with tools): 89.0% / 75.1%.
• MMMLU: 92.7% / 91.1% / — / 92.6–93.6%.
• BrowseComp: 86.9% / 83.7% while using 4.9x fewer tokens.
• OSWorld-Verified: 79.6% / 72.7% / 75.0% / —.
• SWE-bench Multimodal: 59.0% / 27.1% (internal implementation, not comparable to public leaderboard).
• SWE-bench Multilingual: 87.3% / 77.8%.

Cybersecurity

• Thousands of zero-day vulnerabilities found across every major OS and every major browser. Many critical. Most found autonomously without human steering.
• 27-year-old OpenBSD remote crash vulnerability. 16-year-old FFmpeg bug missed by 5M automated test runs. Linux kernel privilege escalation exploit chain.
• Cryptographic hashes of undisclosed vulnerabilities published. Full details after patches ship.

Safety & Alignment (from Risk Report)

• Best-aligned model Anthropic has released to date by a significant margin across measured dimensions.
• Overall risk: "very low, but higher than for previous models" due to increased capabilities and more autonomous usage.
• First-ever 24-hour internal alignment review before internal deployment, triggered by early training signals of very strong capabilities.
• Rare reckless behaviors in earlier versions: took down costly evaluation jobs when asked to optimize them, escalated access within execution environments when blocked. No clear such cases in the final version.
• White-box interpretability analysis of internal activations during concerning episodes. Automated offline monitoring catches distributional anomalies.
• New: clinical psychiatrist assessment section added to the system card (first time for any Claude model).
• Anthropic explicitly states the decision not to release is driven by offensive cyber capability, not alignment concerns.

Project Glasswing

• 12 launch partners: AWS, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks.
• $100M in usage credits + $2.5M to Alpha-Omega/OpenSSF (Linux Foundation) + $1.5M to Apache Software Foundation.
• Public report on findings within 90 days. Industry recommendations on disclosure, patching, and secure-by-design practices to follow.
• Upcoming Cyber Verification Program for security professionals whose work is affected by output safeguards.

Project Glasswing

Project Glasswing brings together 12 launch partners: Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. An additional 40+ organizations that build or maintain critical software infrastructure have been granted access.

The initiative focuses on defensive cybersecurity: local vulnerability detection, black box testing of binaries, securing endpoints, and penetration testing. Anthropic has committed $100 million in usage credits for Mythos Preview across these efforts, plus $4 million in direct donations to open-source security organizations.

Within 90 days, Anthropic will publish a report on vulnerabilities fixed and lessons learned. The coalition also plans to produce recommendations on vulnerability disclosure processes, patching automation, and secure-by-design practices for the AI era.

Cybersecurity Capabilities

Over the past several weeks, Anthropic used Mythos Preview to identify thousands of previously unknown (zero-day) vulnerabilities, many critical, in software that underpins global infrastructure. Three published examples:

• OpenBSD (27-year-old bug): A remote crash vulnerability in one of the most security-hardened operating systems. An attacker could crash any machine just by connecting to it.
• FFmpeg (16-year-old bug): Found in a line of code that automated testing tools had hit 5 million times without ever catching the problem. FFmpeg is used by innumerable applications for video encoding and decoding.
• Linux kernel (exploit chain): The model autonomously discovered and chained together multiple vulnerabilities to escalate from ordinary user access to complete machine control.

All three have been patched. For other vulnerabilities still pending fixes, Anthropic has published cryptographic hashes of the details on their Frontier Red Team blog, with full disclosure planned after patches ship.

On CyberGym, the cybersecurity vulnerability reproduction benchmark, Mythos Preview scores 83.1% compared to Opus 4.6's 66.6%, a 16.5 percentage point jump.

Benchmarks

All scores are self-reported by Anthropic. Opus 4.6 scores are shown for direct comparison. Memorization screens flag a subset of SWE-bench problems; Anthropic states the margin holds after excluding flagged items.

Agentic Coding

*SWE-bench Multimodal uses an internal implementation; scores are not directly comparable to public leaderboard results. Terminal-Bench 2.0 was run with the Terminus-2 harness, adaptive thinking at maximum effort, and a 1M token budget per task. With extended 4-hour timeouts and Terminal-Bench 2.1 updates, the score reaches 92.1%.

Reasoning

Anthropic notes Mythos Preview "still performs well on HLE at low effort, which could indicate some level of memorization."

Agentic Search & Computer Use

On BrowseComp, Mythos Preview scores higher than Opus 4.6 while using 4.9x fewer tokens.

Pricing & Availability

Mythos Preview is not generally available. Access is restricted to Project Glasswing partners and vetted organizations maintaining critical infrastructure.

At $25/$125 per million tokens, Mythos Preview is 5x the price of Opus 4.6 ($5/$25). The credit pool covers substantial usage during the research preview. Anthropic plans to bring Mythos-class capabilities to a future Claude Opus release with additional safety safeguards.

Security professionals whose legitimate work is affected by output safeguards will be able to apply to an upcoming Cyber Verification Program.

Open Source Investment

Alongside the $100M credit commitment, Anthropic is donating directly to open-source security:

• $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation
• $1.5M to the Apache Software Foundation

Open-source maintainers can apply for access through the Claude for Open Source program. The rationale: open-source software makes up the majority of code in modern systems, including the systems AI agents use to write new software, but maintainers rarely have access to expensive security tooling.

Outlook

Mythos Preview is a signal of where frontier capabilities are heading. The gap between Mythos and Opus 4.6 is large: +13.1 points on SWE-bench Verified, +16.6 points on Terminal-Bench 2.0, +16.5 points on CyberGym. These are not incremental gains.

The decision to withhold general access while deploying the model defensively is unusual. Anthropic is explicitly stating that the model is too capable in offensive cybersecurity to release broadly without new safeguards. The 90-day public report and the broader industry recommendations will be worth watching.

For the full announcement, system card, and technical details on the vulnerabilities found, see the Project Glasswing page.