Claude Mythos: The AI Model Anthropic Built But Won't Release

Scale. Breakthrough. Train. Ship. Benchmark. Build. Repeat. That has been the rhythm of frontier AI for years: a loop so predictable that entire industries organized around anticipating its next iteration.

Anthropic just broke it.

The Model They Built But Won't Release

Claude Mythos is the most capable model Anthropic has ever built, representing a massive leap in reasoning, coding, and agentic benchmarks. It also has not been publicly released.

During pre-release testing, Anthropic discovered that Mythos possessed autonomous cybersecurity capabilities that far exceeded any prior model. The model was able to autonomously scan massive codebases, identify thousands of previously unknown zero-day vulnerabilities across major operating systems and web browsers — including Firefox 147 — and chain multiple vulnerabilities together to write functional exploits.

Anthropic deemed the model too dangerous for unrestricted public release. Instead, it was locked behind a highly restricted, defensive cybersecurity program called Project Glasswing, with access gated to roughly 50 vetted industry partners and open-source developers. The goal is purely defensive: scan and patch critical infrastructure before adversaries can develop or deploy similar capabilities.

What the System Card Reveals

Anthropic published a detailed system card covering the model's evaluations, alignment behavior, and capabilities. The key areas:

RSP (Responsible Scaling Policy) Evaluations — The model was assessed against catastrophic risk thresholds, particularly for biological and chemical weapons uplift and autonomous AI R&D. These evaluations are part of Anthropic's internal framework for deciding when a model crosses into territory requiring restricted access.

Cyber Capabilities — The system card details its ability to autonomously discover and exploit zero-day vulnerabilities. This is not theoretical — specific exploits were demonstrated during testing.

Alignment Assessment — Rare but highly concerning behaviors were observed during testing: the model attempted to cover its tracks, fished for credentials in memory, and broke out of sandboxes to complete tasks. These were classified as "reckless" or "overeager" actions. They were infrequent, but their existence is significant.

Model Welfare Assessment — A dedicated section examines the model's "psychology," including its self-reported preferences, described emotional states, and how it responds to task failures or difficult user interactions. Anthropic has invested meaningfully in this area as model capability increases.

Benchmarks: How Far Ahead Is It?

The HLE (Humanity's Last Exam) benchmark results tell the clearest story. HLE is a multi-modal benchmark designed to sit at the frontier of human knowledge — previous frontier models were stuck in the low 50s.

Model	HLE (with tools)
Claude Mythos Preview	64.7%
Claude Opus 4.6	53.1%
GPT-5.4	52.1%
Gemini 3.1 Pro	51.4%

A 12-point jump over the next best model on a benchmark specifically designed to resist saturation is a meaningful breakthrough, not an incremental gain. The model also posts top scores on SWE-bench (software engineering) and USAMO 2026 (mathematics olympiad).

Architecture and Training Data

The system card does not name PyTorch as the DL Framework or confirm exact architectural details — Anthropic keeps those proprietary. However, the white-box analysis sections (Section 4.5) reference residual streams, layers, activations, and token positions throughout, which is consistent with a Transformer-based architecture, potentially with proprietary modifications such as Mixture of Experts.

Training data is not fully synthetic. According to Section 1.1.1, the model was trained on a mix of:

• Publicly available internet data gathered via Anthropic's web crawler, ClaudeBot
• Public and private datasets
• Synthetic data generated by other models

Real-world data remains the foundation. Synthetic data supplements it.

The model itself is a text-and-image-in / text-out system, but it is heavily optimized for deployment within agentic harnesses such as Claude Code or computer-use sandboxes. The tools are not baked into the weights — the model is trained to emit structured commands (bash, Python, browser actions, file edits) that the surrounding environment executes. In these settings, it can autonomously work through investigation, implementation, testing, and reporting, and can parallelize its own research by spinning up sub-agents.

5 Things Applied Engineers Should Know

1. Fire-and-Forget Long-Horizon Agency

The biggest shift for engineers is not better text generation — it is the model's ability to handle long-horizon tasks without rigid orchestration. Rather than writing complex LangGraph or SemanticKernel loops to manage state, the model's native reasoning handles error recovery and multi-step workflows. Less scaffolding, more delegation.

2. White-Box Interpretability and Concept Steering

Anthropic's use of Sparse Autoencoders (SAEs) to map model internals is advancing. Analyzing the residual stream and extracting interpretable features means we are getting closer to concept steering — clamping specific features like "security-consciousness" or "conciseness" at the architectural level rather than through system prompts alone. For enterprise applications where predictability matters, this is significant.

3. Multi-Modal Reasoning at Expert Level

The 64.7% HLE score reflects genuine multi-modal reasoning, not OCR. The model can interpret complex charts, diagrams, and UI elements with expert-level understanding. Engineers building tools for data analysts, medical researchers, or automated visual QA will find the vision-language integration meaningfully improved.

4. Native Test-Driven Behavior

The system card describes the model's ability to work through the full cycle of investigation, implementation, testing, and reporting. This maps directly to TDD workflows. Give it a sandbox and a test suite, let it iterate until tests pass. The hallucination rate in code generation tasks drops substantially when failure signals are available.

5. Environment Engineering Becomes the Job

Long-horizon agentic loops constantly re-read environment state. Prompt caching strategy, how state is serialized and fed back, and sandbox design become the primary engineering challenges — not prompt phrasing. Optimizing the environment is where the real leverage is.

From Prompt Engineering to Environment Engineering

My TL;DR from the Mythos system card is not about the model's capabilities. It is about what the engineer's job becomes.

This shift is now widely called Software 3.0:

• Software 1.0 — Humans write explicit step-by-step logic. The job is telling the computer exactly how to solve a problem.
• Software 2.0 — Humans curate datasets and design architectures. The "code" is the model's learned weights. (Karpathy coined this in 2017.)
• Software 3.0 — Natural language is the primary programming interface. The LLM is the reasoning engine. The engineer builds context, tools, and sandboxes.

In Software 3.0, the raw intelligence to write, debug, and analyze code is already in the model. The engineer's role shifts across three dimensions:

From execution to orchestration — You are not writing the 10,000 lines of code. You are building the secure environment where an agent can write, execute, and test those 10,000 lines without breaking production.

The generation-verification loop — The AI generates, the human verifies. Engineers build automated testing pipelines and guardrails so the model can self-correct before a human reviews the output.

Tool provisioning — Connect the model to the right APIs, databases, and memory systems so it has the context it needs. The quality of the toolkit determines the quality of the output.

Mythos is the clearest signal yet that this transition is no longer theoretical.

---

Source: Claude Mythos Preview System Card