Anthropic just released a model they themselves refuse to make publicly available. It's called Mythos, announced April 7, 2026, and it can discover thousands of zero-days across all major OS and browsers, then chain them into complete exploits. The general public won't have access. Twelve hand-picked partners will. Three weeks later, OpenAI locked down its own Cyber model in turn.
What Mythos can do
The game-changing capability isn't simply bug detection. It's chaining. Mythos takes an isolated bug, understands the attack surface, identifies a second exploitable bug, and composes the whole thing into a complete end-to-end exploit chain. That's exactly the work of the world's top security researchers, counted in the dozens globally.
Project Glasswing: a closed circle of 12
Anthropic launched Glasswing on April 7, 2026, the same day as the model announcement. No public waitlist with a form. No usage-based pricing. Each partner is validated individually, with a contract, NDA, usage audit, and a pre-defined usage framework.
The public list includes Apple, AWS, Microsoft, and Google. Not all 8 others are named publicly, but press leaks point to major banks (CNBC) and licensed offensive security software vendors (government and private red teams).
The doctrine shift
| Release model | Before (through 2025) | Today (Mythos) |
|---|---|---|
| Access | Open API, pay-per-use | Vetted access, custom contract |
| Time to start | Minutes | Weeks minimum |
| User volume | Unlimited | Strictly limited |
| Audit | Best-effort on usage | Continuous, by Anthropic |
| Pricing | Public | Confidential |
This is a clean break from the "public release" doctrine that drove the industry since GPT-3. The lab economics were: open API, public pricing, volume that pays for the GPUs. With Mythos, that model is inverted: few clients, custom contracts, opaque pricing, and contractually governed usage.
The leak, on day one
Anthropic is investigating a group of unauthorized users who gained access to Mythos through a private forum, on the very day of the official Project Glasswing announcement.
The symbolism is uncomfortable. The entire Glasswing pitch rests on the idea that a closed circle is safer than an open API. And the circle leaked immediately.
Bloomberg and TechCrunch confirmed the incident on April 21, 2026. Anthropic says it's investigating. As of today, no official communication explains the leak vector, nor whether a Glasswing partner was compromised or the leak came from an internal employee.
OpenAI: the cascade in three weeks
In late April 2026, OpenAI announced that its own Cyber model, long presented as an assistant accessible to red teams via the standard API, would now also be placed under restricted access. That same week, Sam Altman had publicly criticized Anthropic for blocking Mythos.
- Apr 7, 2026Anthropic announces Mythos and Glasswing
Model revealed in preview, access limited to 12 validated partners.
- Apr 21, 2026Bloomberg confirms the leak
An unauthorized group accessed Mythos through a private forum.
- Late Apr 2026OpenAI locks down Cyber
Three weeks after its own criticism, OpenAI moves its model to vetted access.
- May 8, 2026CNBC documents banking adoption
Major US banks adopt Mythos for internal red teaming.
The taboo fell in three weeks. The head-to-head competition between OpenAI and Anthropic no longer revolves around "who makes AI most accessible," but "who contracts better access to sensitive capabilities." That's a total reversal of the 2023-2024 discourse.
Capability overhang: what it changes for everyone
Real frontier models will no longer ship as open APIs. That's the underlying signal. The general public keeps very capable models, Claude Opus 4.7 and GPT-5.5 for example, but ones that remain constrained on the most offensive capabilities. Truly dangerous capabilities now live behind contracts and gated status.
“Mythos's capability on exploit chains is unlike anything we have previously released. Standard public release is no longer the right path for this type of model.
”
The technical term for this phenomenon is capability overhang: a capability exists in the labs without being publicly deployed, because deploying it would arm too many actors too quickly. Before Mythos, capability overhang was theoretical. Since April 7, it has a proper name, a dedicated program, and a list of 12 partners.
Genuine safety or a new B2B model?
That's the critical reading to hold. Two interpretations overlap:
What matters for the ecosystem is less the motivation than the consequence. From now on, the real capability of frontier models becomes invisible to the public. You evaluate Claude Opus 4.7 and think you're seeing the frontier. In reality, the frontier is elsewhere, behind Glasswing.
Frequently asked questions
Is Mythos accessible via a public waitlist?
No. Glasswing has no open form. Anthropic directly contacts organizations it deems relevant, and the majority of rejections are never formally communicated.
Does Claude Opus 4.7 contain parts of Mythos?
No. Mythos is a separate model, trained specifically for cyber capabilities. Opus 4.7 remains a general-purpose model with standard safety restrictions on offensive topics.
What can a small company do in response to this shift?
Concretely: nothing on model access, but a lot on security posture. The Mythos signal means the technical barrier to attack is lowering for those who have access. Your potential adversaries now include red teams armed with an ultra-capable copilot, across 12 organizations whose contractors are not all identified.
Will OpenAI ever reopen Cyber?
Unlikely in the short term. The April 2026 shift crystallizes an industry norm. Reopening would mean walking back the safety reading, which no lab will do as long as regulatory pressure doesn't ease.
Going further
Project Glasswing isn't an incident, it's the new release norm for truly frontier models. The question is no longer "when do we get access," it's "who decides who gets access." If you want to understand what this changes for your AI stack, let's talk.
Discuss your AI strategy with Blokby