Anthropic Moves Mythos Into Claude Code and Claude Security

Anthropic is moving Mythos — the AI model that found more than 10,000 critical software vulnerabilities in a month — from a locked partner programme into Claude Code and Claude Security.

The signal arrived in the source code. On 23 May 2026, TestingCatalog flagged new strings inside the Claude Code application referencing "Access to the Claude Mythos model in Claude Code and Claude Security." A model identifier, "claude-mythos-1-preview", briefly surfaced inside the Claude interface before disappearing. The cyber AI model Anthropic refused to make generally available in April is being productised for paying enterprise customers.

What the leaked source code actually shows

TestingCatalog and other observers identified four concrete additions inside Claude Code and the Claude Console builds.

First, the explicit access string: "Access to the Claude Mythos model in Claude Code and Claude Security." That single line clarifies the delivery surfaces — Claude Code (the agentic developer assistant) and Claude Security (the Enterprise vulnerability-management product Anthropic launched in public beta on 30 April 2026).

Second, a new dashboard inside Claude Security organising discovered vulnerabilities in a single view — priority, severity, affected asset, remediation path — alongside seven-day and thirty-day historical trend charts. Research by SecurityWeek's reporting on Claude Security's public beta shows the existing tool already runs on Claude Opus 4.7; the new dashboard appears tuned for Mythos-class throughput, where the limiting factor is not finding bugs but managing the queue of valid findings.

Third, the preview model identifier, "claude-mythos-1-preview", appearing briefly in the Claude UI before being pulled. Industry observers read the appearance as staging artefacts leaking through a partial rollout — a familiar pattern in Anthropic's release cadence.

Fourth, regional-team and Enterprise-agreement language indicating Mythos 1 access is gated to specific customer agreements. Reporting from 36Kr describes the gating as "vetting that evaluates both customer fit and the maturity of risk management processes" — language consistent with the high-touch sales motion Anthropic uses for regulated sectors.

The Glasswing → Mythos 1 sequence is the real story

Three Anthropic moves over six weeks tell one story. On 7 April 2026, the Frontier Red Team published the Mythos Preview disclosure and announced a deliberate non-release: "We do not plan to make Mythos Preview generally available." On 22 May 2026, Anthropic's Project Glasswing initial update reported the partner cohort had used Mythos Preview to surface more than 10,000 high- or critical-severity vulnerabilities in widely used software in a single month. On 23 May 2026, source-code strings naming "claude-mythos-1-preview" inside Claude Code and Claude Security surfaced.

Read in order, the sequence is a deliberate pre-launch demonstration. Anthropic showed the capability first, gave the partner cohort time to file 530 high-severity bugs into the coordinated-disclosure pipeline, then quietly staged the productised version into the application that engineers and security teams already use. The proof landed before the product.

Our eventual goal is to enable our users to safely deploy Mythos-class models at scale.

— Anthropic, Mythos Preview disclosure, 7 April 2026 (https://red.anthropic.com/2026/mythos-preview/)

That sentence was the tell. April said "not generally available". May said "here is the queue you cannot service alone". The next move was always going to be productisation, and the source-code evidence shows the next move has begun.

What Claude Code and Claude Security actually become

The two delivery surfaces serve different buyers, even if the underlying capability is the same.

Claude Code is the agentic developer assistant — the surface most engineers already touch daily for code review, refactoring, and pull-request work. Adding Mythos access to Claude Code puts cyber-grade vulnerability discovery one prompt away from any engineer with the right plan. The shift is from "the security team runs scans on a schedule" to "every engineer can spin up a Mythos-grade scan against the diff they are about to ship". The blast radius widens.

Claude Security is the Enterprise product line. The public beta that SecurityWeek covered at the 30 April launch already does repository, directory, and branch scans with confidence-rated findings, reproduction steps, and patch instructions, integrated with Claude Code for the fix path. Mythos 1 inside Claude Security upgrades the engine from Opus 4.7 to a model purpose-tuned for cyber. The same dashboard, dramatically more output.

Both surfaces share an Anthropic-favoured pattern: the capability ships into the workflow tool teams already use, rather than as a standalone CLI. Distribution is the moat — once Mythos is the engine inside Claude Code, every existing Claude Code seat is a candidate buyer for the upgrade.

The governance question Anthropic is choosing not to answer publicly

Anthropic held Mythos Preview back from general release because the cyber capability is concentrated and dual-use. Productising Mythos 1 — even gated, even Enterprise-only — does not dissolve that concentration; it changes who gets access on what terms.

Three governance questions follow, and Anthropic has not addressed them publicly. First, what is the customer-vetting criterion? 36Kr's reporting calls it "customer fit and the maturity of risk management processes". Translated, this is a private regime in which a private lab decides which firms get a cyber-frontier capability and on what terms. The state is present in some cases — the UK AI Security Institute sits inside Glasswing — but the chair is Anthropic's.

Second, what is the abuse path? A Mythos-grade capability available to enterprise security teams is also a capability available to whoever inside those teams can prompt it. Insider misuse, contractor leakage, and exfiltration of Mythos outputs are real questions, and the existing Anthropic usage-policy enforcement (designed for general LLM use) is not obviously sized to a model that finds critical zero-days as a default output.

Third, what is the diffusion timeline? Agent safety is an ecosystem property, not a model property. The Glasswing coalition gets a head start; everyone else is racing to patch what Mythos finds before similar capability reaches less-aligned operators. The further Mythos 1 productisation goes, the more the diffusion clock matters.

What this means for engineering leaders

For any team running Claude Code or evaluating Claude Security, three operational shifts are now plausible inside the next quarter.

First, expect Mythos access as a paid tier. Anthropic is unlikely to release Mythos into the base Claude Code plan. A separate add-on, gated by vetting and probably priced as an enterprise contract, is the more likely shape. Budget owners should treat the upgrade as a discrete procurement decision, not an automatic seat lift.

Second, expect the scanning cadence to invert. Today, security teams run scheduled scans of their own code. With Mythos 1 inside Claude Code, every developer who is about to merge a PR has a Mythos-grade scan available against the diff they are about to ship. The security function shifts from periodic audit to continuous shift-left. The work changes shape; staffing should change with it.

Third, expect the patch backlog to grow before it shrinks. The Glasswing data shows the human-managed disclosure-and-patch pipeline is the bottleneck, not the discovery layer. Engineering leadership needs to plan for the queue, not the find. The agentic SOC arriving at ITWeb Sandton this June is one shape this pipeline starts taking; Claude Security's dashboard is another. Both assume more findings, faster.

The dignity question lives in the gating decision

Mythos 1 will not be released to everyone. That is the right call. But "not to everyone" still means "to someone", and the someone is being chosen by a private lab using criteria the lab has not made fully public. The .person Protocol's insistence on dignified, accountable AI applies to the lab as much as to the model: the rules under which a cyber-frontier capability is distributed are themselves a governance object, and they belong in public view.

Anthropic has earned a great deal of trust through the Mythos Preview / Glasswing sequence. The trust was earned by transparency about the capability, the safeguards, and the partner cohort. Productising Mythos 1 is the moment that trust gets tested against opacity. Publishing the customer-vetting criteria, the abuse-monitoring playbook, and the diffusion-window assumptions is the move that converts the early trust into durable legitimacy.

The world is watching how this AI capability moves from research preview to enterprise product. The handling matters as much as the model. This is the moment to argue, in Emergent Intelligence terms, that the rules of distribution are part of the model — and to ask Anthropic to make those rules legible.

Frequently Asked Questions

These are the questions engineering leaders, security teams, and policy observers have been asking since the Mythos 1 source-code strings surfaced. Short answers follow, drawn from TestingCatalog's reporting, Anthropic's own Mythos Preview disclosure, and the Project Glasswing initial update.

What is Mythos 1 in Claude Code and Claude Security?

In short, Mythos 1 is the productised, version-stamped variant of Anthropic's cyber-frontier AI model Mythos Preview, being prepared for delivery inside the Claude Code developer assistant and the Claude Security Enterprise dashboard. The answer, simply put, is that Mythos 1 is the same underlying capability that found 10,000+ critical vulnerabilities in Project Glasswing, repackaged for paying customers. The key is that distribution is moving from a partner-only research preview to a vetted Enterprise product.

How does Mythos 1 differ from Claude Security's current Opus 4.7 engine?

Claude Security launched in public beta on 30 April 2026 powered by Claude Opus 4.7. According to SecurityWeek's reporting, the tool scans repositories, rates confidence on findings, and integrates with Claude Code for the fix path. Research from Anthropic's Frontier Red Team shows Mythos Preview is markedly more capable on cybersecurity tasks than Opus 4.7. Data from Project Glasswing demonstrates Mythos generates a tenfold increase in valid high-severity findings versus prior models. Mythos 1 inside Claude Security upgrades the engine; the dashboard stays familiar, the output volume changes shape.

Why is Anthropic productising a model it said was too dangerous to ship?

Anthropic did not say Mythos was too dangerous to ship; the company said it was not ready for general availability without stronger safeguards. According to the Mythos Preview disclosure, "our eventual goal is to enable our users to safely deploy Mythos-class models at scale." Evidence from the Glasswing first-month update reveals the safeguards work is now sitting inside a vetted, contract-gated Enterprise channel rather than open release. Analysis of the cadence suggests productisation is the next staged step, not a reversal of the April posture.

Who is Mythos 1 for, and how will customers get access?

Mythos 1 is for Enterprise customers, in other words organisations buying Claude Code or Claude Security under a specific Anthropic agreement. Reporting indicates access is gated by what 36Kr summarised as "customer fit and the maturity of risk management processes". Regional teams handle relationships with regulated sectors — banking, insurance, healthcare, public administration. The key is that Mythos 1 will not be in the base Claude Code plan; it will be a vetted add-on with a high-touch sales motion.

What are the real risks of putting Mythos inside Claude Code?

Analysis of the Mythos productisation move reveals three durable risks. Each risk is structural, not cosmetic.

First, the diffusion risk: even gated access widens the population that has hands on a cyber-frontier capability. Insider misuse, contractor leakage, and exfiltration of Mythos outputs are real failure modes.

Second, the patch-bottleneck risk: research from Project Glasswing shows the human-managed disclosure pipeline already cannot service the volume of valid findings Mythos generates. Putting Mythos one prompt away from every Claude Code engineer will multiply the backlog, not relieve it.

Third, the governance-opacity risk: a private lab choosing which firms get a cyber-frontier capability under criteria the public cannot read is novel. The legitimacy of the arrangement depends on Anthropic publishing the rules under which it gates access.

Mythos 1 inside Claude Code and Claude Security is the moment a cyber-frontier AI model moves from research artefact to enterprise product. The capability is real; Glasswing has already shown what it can find. The product surfaces are familiar; Claude Code and Claude Security are tools engineers already use. The unsettled question is the one Anthropic has not yet answered in public: under what rules does the most capable cyber AI model in the world get distributed? That is the conversation worth pressing — for the dignity of the people whose code Mythos will read, and for the legitimacy of the lab that built it.

Sources:

TestingCatalog — Anthropic prepares Mythos 1 for Claude Code and Claude Security (23 May 2026)

Anthropic Frontier Red Team — Claude Mythos Preview disclosure (7 April 2026)

Anthropic — Project Glasswing: An initial update (22 May 2026)

SecurityWeek — Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge (30 April 2026)

36Kr — All Three Aces of Anthropic Unveiled: Mythos 1 Makes First Appearance

Analytics Insight — Anthropic's Claude Mythos Briefly Surfaces Online

Related on humphreytheodore.com:

Glasswing Found 10,000 Critical Bugs in One Month · Anthropic Is Briefing the FSB on Mythos Cyber Risk · Emergence World Shows Agent Safety Is an Ecosystem Property · The Agentic SOC Lands in Sandton This June