16APR

Anthropic withholds Mythos from public release

2 min read

13:29UTC

Anthropic's most capable model scored 83.1% on vulnerability reproduction but will not be released publicly, going instead to twelve partners through a $100 million restricted programme.

← Back to Three federal surveys, one 34-to-1 gap Jump to analysis ↓

EconomicDeveloping

Key takeaway

Anthropic set the precedent for withholding a frontier model from public release over systemic risk.

Anthropic released Claude Mythos Preview exclusively to twelve partner organisations through Project Glasswing on 8 April 2026, backed by $100 million in model usage credits ¹. The model autonomously identified thousands of zero-day vulnerabilities across every major operating system and browser, including a 27-year-old OpenBSD flaw that had survived five million automated tests. On the CyberGym benchmark it scored 83.1% on vulnerability reproduction, compared with 66.6% for Anthropic's previous top model.

Anthropic has explicitly stated it will not release Mythos to the public. The twelve Glasswing partners include AWS, Apple, Google, Microsoft, CrowdStrike, Palo Alto Networks, and JPMorgan. Goldman Sachs, another partner, published displacement research the same week showing AI substitutes 25,000 jobs per month , placing these institutions on both sides of the AI capability and labour displacement story.

A Tom's Hardware review challenged the marketing: the "thousands" claim rested on only 198 manual reviews, and many flagged flaws were in outdated software ². The Bessent-Powell emergency meeting suggests federal regulators took the risk seriously regardless.

Deep Analysis

In plain English

Every major AI model so far has been made available to the public, either free or via subscription. Anthropic has broken that pattern. Claude Mythos Preview is restricted to twelve partner organisations, including tech giants and financial institutions. The model can automatically find previously unknown security flaws in software at a scale that has never been seen from an AI system. Anthropic's position is that the capability is powerful enough that releasing it widely would create unacceptable risk, the same software that makes it useful to defenders could be used by attackers. So it is being distributed under a controlled programme called Project Glasswing, with $100 million in subsidised usage credits. A technical review by Tom's Hardware found that some of the specific claims were overstated, but the underlying capability gap the model represents is real.

Deep Analysis

Root Causes

Anthropic's capability assessment rests on the CyberGym benchmark jump from 66.6% to 83.1%, a 16.5-percentage-point improvement in autonomous vulnerability reproduction. Anthropic's own research on 'observed exposure' shows computer programmers face 75% task coverage from Claude-class models; Mythos's security capabilities represent the first instance where the coverage figure has operational implications beyond individual productivity.

The restriction decision reflects Anthropic's founding premise that AI safety and capability development must remain linked. Project Glasswing's $100 million credit allocation is structured as a subsidy for defensive deployment, not a commercial launch, which is itself novel for a frontier model.

What could happen next?

Precedent
The first frontier AI model explicitly withheld from public release establishes capability-gating as a legitimate deployment option for safety-constrained AI systems.
Medium term · 0.85
Risk
The twelve Glasswing partners, which include both defensive (CrowdStrike, Palo Alto) and dual-use (AWS, Google, Microsoft) organisations, may deploy Mythos capabilities in ways beyond Anthropic's stated defensive intent.
Short term · 0.62
Opportunity
Security professionals who can interpret and direct AI-identified vulnerability data at scale represent a new premium-tier role the model creates even as it automates routine scanning.
Medium term · 0.71

Source Landscape

Primary parallel: The 1975 Asilomar conference, at which biologists voluntarily halted recombinant DNA research pending safety framework development. The moratorium held for roughly 18 months before guidelines were agreed and research resumed. The parallel is structural: a field self-imposing limits on a capability it had just demonstrated, pending institutional capacity to manage the risk.

Counter-parallel: The US government's 1994 restrictions on strong encryption export, which attempted to control dual-use cryptographic capabilities. Within five years, equivalent encryption was globally available and the restrictions collapsed. Technical capability restrictions at the frontier tend not to hold against commercial and geopolitical pressure.

Consensus view: The Carnegie Endowment for International Peace's Jon Bateman and the Royal United Services Institute's Tim Stevens assess the Glasswing structure as the first operationally significant instance of capability-gated AI deployment, where the developer, not a regulator, restricts access based on dual-use risk assessment.

Counter-view: Chinese cybersecurity researchers at the Institute of Information Engineering (Chinese Academy of Sciences) have noted that restricting Mythos to Western tech and financial partners accelerates an offensive capability gap that adversarial states will close through their own development, without the safety constraints Anthropic has imposed on its own model.

Key tension: Whether Anthropic's voluntary capability gating sets a durable precedent for responsible frontier AI deployment, or simply buys time before equivalent capabilities emerge from actors with no interest in gating.

Sources:Anthropic

Mentions:Goldman Sachs →Carnegie Endowment for International Peace →Prima →Project Glasswing →Anthropic →Claude Mythos Preview →Amazon →Apple →Google →Microsoft →CrowdStrike →Palo Alto Networks →CyberGym →RUSI →JPMorgan Chase →

First Reported In

Update #5 · The model they won't release

Anthropic· 10 Apr 2026

Read original →

Causes and effects

This Event

Anthropic withholds Mythos from public release

The first frontier AI model deliberately withheld from public deployment establishes a precedent for capability-gated release in the industry.

Led to

Anthropic drops ASL, expands Glasswing partners

Anthropic's 7 April system card and Glasswing expansion directly extended the Glasswing programme launched on 8 April with the original twelve partners.

Occurred 7 Apr 2026

Read story →

Dimon: JPMorgan displaced workers from AI

JPMorgan is one of the original twelve Glasswing partners, creating the contradiction of a bank attending emergency Treasury meetings about AI risk while internally displacing staff through AI deployment.

Occurred 24 Feb 2026

Read story →

Different Perspectives

TSMC and Taiwan chip supply chain

Nvidia's 17% headcount growth to 42,000 on $81.6 billion in quarterly revenue depends on TSMC's CoWoS advanced packaging capacity constraining H100 and B200 supply, sustaining margins above 70%. The AI build-out's sole headcount-growth story runs through a Taiwan supply chain that has no parallel in downstream software.

Displaced tech workers globally

CrowdStrike's SEC disclosure puts AI attribution on a material regulatory record for the first time, but Oracle's Massachusetts WARN clock expired unfiled after up to 14 workers were logged as remote despite office proximity. The legal apparatus cannot enforce what it cannot see: hybrid reclassification, GCC transfers, and hires never made.

UK workforce and policymakers

ONS recorded UK vacancies at 705,000, below the pre-pandemic baseline for the first time, as payrolled employment fell 210,000 year on year with real wage growth at 0.1%. The Bank of England's AI worst case assumed 500,000 additional unemployed from a baseline above 730,000; the UK is already below that floor, and ONS still publishes no AI-exposure breakdown.

India IT workforce and graduates

NASSCOM's FY2026 data shows net sector growth of 140,000, but entry-level hiring fell 20-25% as the growth concentrated in in-house GCC offices requiring mid-career specialists. Indian graduates who previously entered through TCS, Infosys and Wipro fresher programmes find that channel closing at both ends: outsourcers cutting and GCCs not hiring at the junior level.

IG Metall and European trade unions

European labour bodies see the market reward pattern, cuts on record revenue, as investor preference for short-term margin extraction over validated AI productivity. They note the EU Digital Omnibus provisional deal has dropped binding employer AI-literacy obligations at the precise moment the ILO-NASK index has quantified that 3.3% of global workers are in the highest AI exposure category.

Federal Reserve Board

Governor Cook told Stanford's SIEPR on 27 May that speculative-grade software bond spreads have widened on AI-disruption concern, moving AI displacement from a labour observation into the Fed's financial-stability mandate. The Fed cannot resolve structural labour transformation through rate policy, so Cook routed the concern through the one channel the Fed does control.