Model Release

Claude Mythos 5 already found 10,000 critical bugs, and Anthropic is terrified of what it can do

Anthropic's Claude Mythos 5, a powerful new model for cybersecurity and biology, has already found over 10,000 critical software vulnerabilities through Project Glasswing. Access is limited to vetted partners, with pricing at $10 per million input tokens.

Emmanuel Fabrice Omgbwa Yasse

2026-07-06 · 2 min read

Claude Mythos 5 already found 10,000 critical bugs, and Anthropic is terrified of what it can do

Anthropic formally launched Claude Mythos 5 on June 9, 2026, calling it its most capable large language model to date, purpose-built for cybersecurity and biology research. For now, access is restricted to a small circle of initial testing partners through a trusted access program. Broader availability is expected eventually.

Key capabilities and benchmarks

Mythos 5 is being described as state-of-the-art in cybersecurity, biology research, and healthcare. It succeeds Mythos Preview and delivers notable gains across these fields. The model is engineered for tasks including vulnerability discovery, code analysis, and biological research, drug discovery and protein design among them.

Project Glasswing: Real-world impact

A centerpiece of the Mythos 5 rollout is Project Glasswing, a partnership announced April 7, 2026, that brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The initiative aims to shore up the world's most critical infrastructure.

By May 22, 2026, roughly 50 partners using Claude Mythos Preview had already uncovered more than 10,000 high- or critical-severity vulnerabilities across the most systemically important software globally. As of June 2, 2026, Project Glasswing is being extended to about 150 new organizations in over fifteen countries.

Access and pricing

Claude Mythos 5 is currently only available to a small group of vetted organizations for cybersecurity research; biology research access is slated to follow. Anthropic says it aims to broaden its trusted access programs to safely allow more organizations to secure their code and pursue life-changing research.

Pricing starts at $10 per million input tokens and $50 per million output tokens, putting it at a premium compared to mainstream models.

Safeguards and dual-use risks

Anthropic acknowledges that Mythos 5's advanced capabilities in cybersecurity and biology could be used for both good and harm. The company has implemented additional safeguards, including a 30-day data retention policy for safety monitoring. For queries in these domains that may be too risky, the model automatically routes them to a fallback, Opus 4.8.

Anthropic also introduced Claude Fable 5, which uses the same underlying model as Mythos 5 but with robust safeguards that block or limit its performance in these risky areas. This lets Anthropic release Mythos-level capabilities for knowledge work and coding while containing dual-use risks.

On July 1, 2026, export controls on Claude Mythos 5 were lifted for a set of US organizations following US government approval, though the model had been temporarily unavailable since June 12, 2026.

Context and significance

Claude Mythos 5 represents a new frontier in dual-use AI. Its ability to autonomously find thousands of critical vulnerabilities in widely used software is unprecedented, but it also raises serious concerns about potential misuse for offensive cyber operations or bioweapons development. The strict access model, with vetted partners, data retention, and automatic fallback, is a case study in responsible deployment of frontier AI.

Anthropic's approach is closely watched by regulators, including the US government, which recently approved lifting export controls for certain US organizations.