Mythos Moves Toward Public Release via Claude Code and Claude Security
Anthropic’s most powerful and most tightly held model is inching out of the lab. References to claude-mythos-1-preview appeared in public Claude Code builds on May 25, and users spotted a Mythos toggle before it disappeared again. Reporting this week describes a deliberate, layered plan: surface Mythos first as a gated capability inside Claude Code and the new Claude Security product, then widen access only once safeguards catch up.
That’s a real shift in posture. Anthropic previewed Mythos in April as a frontier model with cyber abilities far beyond Opus 4.7 — capable, by its own account, of developing functional cyberattacks at a professional level — and framed it as something that might stay restricted indefinitely. The updated framing is now “Mythos-class models could reach the public once the right safeguards are in place.” The tension between that capability and its dual-use danger is the whole story of the day.
Project Glasswing’s First Report: 10,000+ High- and Critical-Severity Bugs
Anthropic published an initial update on Project Glasswing, its push to harden the world’s most critical software before increasingly capable models can be turned against it. Since launch, Anthropic and roughly 50 partners — reportedly including Microsoft, Apple, Google, and Cloudflare — have used Claude Mythos Preview to surface more than 10,000 high- or critical-severity vulnerabilities across systemically important codebases, all in the program’s first month.
The number cuts two ways, and Anthropic leans into both. It’s a demonstration that frontier models can find real, severe flaws at a scale human researchers can’t match — and it’s the clearest argument yet for why the underlying model has been kept on a short leash. The same capability that patches 10,000 holes could, in the wrong hands, open them.
Claude Security Ships in Public Beta on Opus 4.7
Anthropic opened Claude Security in public beta for Enterprise customers. Running on Opus 4.7, the tool scans codebases, triages vulnerabilities, and generates fixes — and Anthropic says it has already helped patch more than 2,100 corporate vulnerabilities ahead of the wider release.
This is the productized, defensive face of the same technology behind Glasswing: take the model’s knack for finding flaws and point it at the customer’s own code before an attacker does. For security teams drowning in alerts, the pitch is less “another scanner” and more “a triage analyst that reads the whole repo and writes the patch.”
Opus 4.7 Ships With Live Cyber-Safeguard Classifiers
The flip side of all this capability is a new layer of guardrails. Opus 4.7 ships with real-time classifiers that evaluate each request and block ones that signal prohibited or high-risk cyber uses — ransomware development, data exfiltration, and the like — before the model responds. The checks run inline, not as an after-the-fact review.
For legitimate security work, those blocks are a problem, which is why Anthropic pairs them with the Cyber Verification Program: an application-based path that lifts the dual-use restrictions for approved organizations doing defensive vulnerability research, pen-testing, and red-teaming. The net design is “blocked by default, unlocked by verification” — the same trust-gated pattern showing up across Anthropic’s enterprise stack.
MIND Becomes the First Data-Security Firm in the Cyber Verification Program
Data-security vendor MIND said it’s the first company in its category accepted into Anthropic’s Cyber Verification Program. Membership lifts the default dual-use blocks for verified defensive work, letting MIND apply Claude to deeper threat modeling, exfiltration-pattern analysis, and adversarial simulation grounded in defensive objectives.
It’s a small announcement with an outsized signal: the CVP is becoming a real channel, and security companies see being inside Anthropic’s verified circle as a competitive edge. Expect a steady drip of “first in our category” press releases as vendors race to claim the badge.
Big Tech Lines Up Behind Glasswing
The roster of Glasswing partners reads like a who’s-who of platform owners: Microsoft, Apple, Google, and Cloudflare are among the roughly 50 organizations feeding their most critical software through Claude Mythos Preview for vulnerability hunting. These are the companies whose code underpins much of the internet — and they’re effectively beta-testing Anthropic’s most dangerous model under controlled access.
It’s a notable alignment. Rivals in most markets are cooperating here because the upside — finding the holes first — is shared, and because Anthropic controls the access. For Anthropic, having the largest software shops vouch for the program’s value is exactly the cover it needs to argue a wider release can be done responsibly.
The Mythos Question: Who Gets the Sharpest Knife?
For weeks the enterprise story dominated this brief — SAP, KPMG, the legal stack, the Compliance API. Today the spotlight swings to the other end of Anthropic’s strategy: a model so good at offensive security the company wasn’t sure it should ever ship. The pivot from “indefinitely restricted” to “gated rollout via Claude Code and Claude Security” isn’t a reversal so much as the playbook becoming visible. Build the dangerous capability, prove its defensive value at scale through Glasswing, wrap it in classifiers and a verification program, then let it out a crack at a time.
The uncomfortable truth underneath the 10,000-bug headline is that capability is symmetric. A model that finds critical flaws faster than any human team is, by definition, a model that could weaponize them just as fast. Anthropic’s bet is that controlled, defense-first distribution — verified researchers, big-tech partners, inline guardrails — keeps the advantage on the defenders’ side. It’s a reasonable bet, but it rests entirely on the gates holding. Watch how tightly Mythos is fenced as it lands in Claude Code; that, not the benchmark, is the real test.