Claude Opus 4.6 scores 80.8% on SWE-bench Verified, a standard benchmark for how well an AI can solve real software engineering tasks - finding bugs, writing patches, passing tests. Anthropic's newest model, Claude Mythos, scores 93.9% on the same test. Anthropic decided not to release it publicly.
The reason is the model's cybersecurity performance. In testing, Mythos produced 181 working Firefox browser exploits. Claude Opus 4.6 produced 2 on the same task. Mythos scored 83.1% on CyberGym, a benchmark for AI cyber offense and defense capability, against Opus 4.6's 66.6%. It also found 595 high-tier crash vulnerabilities from OSS-Fuzz entries, a public database of known software bugs.
That's not an incremental capability gain. A model that can generate functional browser exploits in that volume is a different category of offensive security risk than anything previously available through a public API.
Project Glasswing
Instead of a standard release, Anthropic created Project Glasswing - a restricted-access program for defensive security organizations. The list includes AWS, Google, Microsoft, Cisco, CrowdStrike, Palo Alto Networks, JPMorganChase, and the Linux Foundation. The intent is to put the model's capabilities into the hands of defenders rather than making them available to anyone with an account.
Anthropiq's internal risk report rated Mythos as "very low" alignment risk - meaning the model doesn't appear to be working against human oversight - but noted the risk is "higher than for previous models." That qualifier, modest as it sounds, is what drove the restricted deployment decision.
The model's existence leaked before Anthropic's official announcement; Fortune reported on it in March 2026. The restricted-access program officially launched in April 2026.
This is the first time Anthropic has built a frontier model and explicitly decided against public availability. The precedent matters: as AI systems improve at finding and exploiting software vulnerabilities, the "defenders only" access model will become a recurring answer to a recurring question about what gets released and what doesn't.