What Is Anthropic Mythos? The AI Model Too Dangerous to Release

An AI model that can find 271 zero-day security vulnerabilities in Firefox in a matter of weeks. A model that outperforms professional human hackers at locating and exploiting software flaws. A model that Anthropic has tested, benchmarked, and quietly shown to select partners — and then refused to release to the public.

That's Claude Mythos.

The HN thread this morning asks the blunt question: "Too dangerous or just too expensive?" And it's the right question. Mythos is the most capable model Anthropic has built, it's ready, and it's being deliberately held back. Here's what we know about what it can do, why Anthropic won't release it, and what it means for everyone who uses AI tools.

What Is Claude Mythos?

Claude Mythos (officially called Claude Mythos Preview internally) is Anthropic's latest frontier model — their most powerful to date. It is not publicly available. It has not been released through Claude.ai or the API.

What makes Mythos different from previous Claude models isn't just better writing or faster reasoning. It's a specific, alarming capability: cybersecurity.

According to Anthropic's own system card, Mythos shows "a striking leap in scores on many evaluation benchmarks compared to our prior models." The benchmarks that matter most here aren't just coding tests or reasoning puzzles — they're red-team evaluations for offensive cybersecurity. Mythos can:

Find undiscovered security vulnerabilities in production software
Exploit those vulnerabilities autonomously
Reason through complex multi-step attack chains that previously required expert human hackers

The BBC described it plainly: Mythos "can outperform humans at some hacking and cybersecurity tasks."

The Firefox Numbers That Explain Everything

The most concrete evidence of what Mythos can do came from Mozilla.

Working with Anthropic's Mythos Preview (along with other AI models), Mozilla's security team identified and shipped 423 Firefox security bug fixes in a single month — more than they had shipped in the entire prior year combined.

Within that, Mythos alone found 271 zero-day vulnerabilities in Firefox 150. Zero-days are security flaws that were previously unknown — no patch existed, no one was defending against them.

Those are not small numbers. Mozilla's CTO called Mythos "every bit as capable" as the world's best human security researchers. TechCrunch reported that "the model was so powerful at sniffing out software vulnerabilities that it had discovered thousands of high-severity bugs."

Now imagine that same capability applied not to a browser but to the software running a bank's transaction systems, a power grid's control network, or a hospital's patient record database. That's why the New York Times called it "uncannily capable of finding and exploiting hidden flaws in the software that runs the world's banks, power [grids]."

That's also why Anthropic hasn't released it.

Why Won't Anthropic Release It?

Anthropic's stated reason is safety. The company has classified Mythos as too high-risk for public release because its offensive cybersecurity capabilities could be misused at scale.

The concern is a specific one: a sufficiently capable AI security researcher that anyone can access via API would fundamentally change the attack/defense balance in cybersecurity. Today, finding a zero-day vulnerability requires significant expertise and time. A public Mythos API would allow anyone — not just sophisticated nation-states, but also individual bad actors — to probe software for exploitable flaws at machine speed.

Anthropic's RSP (Responsible Scaling Policy) has specific thresholds for capabilities that trigger restricted release. Mythos's cybersecurity scores crossed some of those thresholds. The model was tested, the capabilities were documented, and the decision was made: no public release.

The HN community, characteristically, is skeptical of the official story. The kingy.ai piece argues the real reason is economic — that Mythos is too expensive to run at scale to make public API pricing viable. This isn't incompatible with the safety argument; both can be true simultaneously.

What's not disputed: Anthropic has acknowledged the model exists, published a system card, shared it with select enterprise and security partners, and drawn a line at public availability.

Who Has Access to Mythos Right Now?

Mythos Preview has been shared with a controlled set of partners, primarily in the cybersecurity space.

CrowdStrike is the most prominent — they're described as a founding member of Anthropic's Mythos frontier model security program. Their announcement described Mythos as expanding "the reasoning, planning, and execution capabilities of AI agents" with a specific focus on endpoint security.

Mozilla had access for their Firefox vulnerability research project.

Beyond named partners, Anthropic has indicated that enterprise security teams, government agencies assessing AI capabilities, and selected academic researchers have had access to Mythos Preview under controlled agreements.

No consumer access. No standard API tier. No Claude.ai integration.

How Dangerous Is It Really? Two Views

The alarmed view:

Scientific American's coverage flagged that "cybersecurity experts are divided over" Mythos's implications, with some arguing the disclosed capabilities are severe enough to warrant government intervention before any broader deployment. The concern isn't just that Mythos can find bugs — it's that it can do so autonomously, at scale, without a human in the loop for each exploit step. An attacker with Mythos-level access doesn't need to be an expert; they need to be able to type a target and wait.

The more measured view:

Many security researchers counter that Mythos's capabilities, while impressive, are ultimately a net positive for the industry when controlled correctly. Defenders benefit from the same automation as attackers — bug finding at scale is exactly what the security industry needs to reduce the attack surface before bad actors find the same flaws manually. The Mozilla Firefox example is a defense story, not an attack story: 423 patches shipped in a month means 423 fewer vulnerabilities for real attackers to exploit.

The risk is asymmetric access. If Mythos were publicly released with no controls, attackers would use it before defenders could catch up with patches. The current controlled-partner model is precisely designed to prevent that.

Where Does Mythos Sit in the AI Landscape?

It's worth being clear about the model hierarchy here.

Claude Opus 4.7 is the current publicly available flagship model from Anthropic. It's what you access through Claude.ai and the API. It's highly capable for coding, analysis, writing, and reasoning tasks.

Mythos Preview is above Opus 4.7 in Anthropic's capability stack — it's the next frontier, not a replacement for the current consumer line. When (or if) it's ever released, it would represent a significant step up.

For comparison with other frontier models: Mythos appears to be benchmarking above GPT-5.4 on coding and security tasks, though direct head-to-head comparisons are limited by the fact that Mythos hasn't been publicly benchmarked. The leaked/published system card puts it at record levels on several evaluations Anthropic uses internally, but those aren't the same as standard public benchmarks.

What This Means for Regular AI Users

If you're using Claude for writing, research, coding help, or business tasks, Mythos doesn't change anything in the short term. Opus 4.7 is still your Claude.

What Mythos does signal is the pace of development. The gap between what Anthropic has in their labs and what's publicly available is widening. That's partly a deliberate choice for the most sensitive capabilities. But it also means the models currently available — impressive as they are — aren't the ceiling.

For developers and businesses: watch CrowdStrike's and Mozilla's use cases. That's where Mythos-level AI is going first — enterprise security tools, not consumer chat apps. If you're in fintech, healthcare IT, or critical infrastructure, Mythos-class AI is coming to your threat model whether the public ever gets access or not.

Will Mythos Ever Be Released Publicly?

Unknown. Anthropic hasn't given a timeline.

There are two plausible paths:

Staged capability release: A version of Mythos with the most dangerous cybersecurity capabilities suppressed gets released as a general-purpose model. The underlying architecture and reasoning improvements make it available to consumers; the specific exploit-generation capabilities are stripped or rate-limited. This is the optimistic path.
Permanent restricted deployment: Mythos stays in the enterprise/government tier indefinitely, while Anthropic builds a separate consumer model that advances in other directions. Mythos becomes a specialist tool, not a consumer product.

The system card framing suggests Anthropic is actively working on mitigation strategies — ways to get the benefits of the model's general capabilities while limiting the cybersecurity attack surface. Whether they succeed determines which path this follows.

How to Follow This Story

The Mythos situation will develop over the next few months. Key things to watch:

Google I/O, May 19 — Google may announce competing frontier capabilities. How Gemini Ultra compares to Mythos on security benchmarks will shape the competitive picture.
Anthropic's policy blog — They've been unusually transparent about Mythos through the system card. Further disclosures about deployment decisions usually come there first.
Government responses — The NYT coverage sparked enough concern in financial and energy sectors that regulatory conversations have reportedly started. Any formal AI capability governance applied to cybersecurity tools would directly affect when and how Mythos ships.

For our purposes — tracking which AI tools actually become available to use — Mythos is a preview of what frontier models will be capable of in 12–24 months. The capabilities will arrive in consumer tools eventually, just not at full power and not all at once.

FAQ

Q: Is Claude Mythos the same as Claude Opus 4.7? A: No. Claude Opus 4.7 is Anthropic's current publicly available flagship model. Mythos Preview is a separate, more powerful model that is not publicly available. They exist in parallel — Opus 4.7 is what you can actually use today.

Q: Why is Anthropic hiding Mythos? A: Anthropic's stated reason is the model's unprecedented offensive cybersecurity capabilities. It found 271 zero-day vulnerabilities in Firefox 150 and outperforms expert human hackers at certain security tasks. Releasing it publicly without controls could enable large-scale cyberattacks. Some analysts also argue cost is a factor — Mythos may be too expensive to run at standard API pricing.

Q: Who can use Claude Mythos right now? A: Access is restricted to select enterprise partners (CrowdStrike is a named founding partner), security researchers, government agencies evaluating AI capabilities, and selected academic groups. No consumer access through Claude.ai or standard API pricing exists.

Q: What did Mythos do with Firefox? A: Working with Mozilla's security team, Mythos Preview found 271 zero-day (previously unknown) vulnerabilities in Firefox 150. Mozilla then shipped 423 security bug fixes in a single month — more than the prior full year — largely due to Mythos-assisted research.

Q: Is Claude Mythos dangerous? A: It depends on who has access. In the hands of security defenders (as with Mozilla), Mythos is extremely valuable for finding and patching vulnerabilities before attackers can use them. In unrestricted public access, the same capabilities could be used offensively. That's the core tension Anthropic is managing with its controlled deployment approach.

Q: When will Mythos be available to everyone? A: Anthropic hasn't announced a public release timeline. The most likely path is a staged release — a consumer-accessible version with the most sensitive cybersecurity capabilities limited or removed. No specific date has been given.

Q: Does GPT-5.4 or Gemini 3.1 have similar capabilities? A: Based on available information, Mythos appears to outperform other current frontier models specifically on offensive cybersecurity benchmarks. Gemini Ultra's capabilities in this space have not been publicly disclosed at the same level of detail. Google I/O on May 19 may provide a clearer comparison.