Anthropic has confirmed that it plans to bring Mythos-class models to the general public after delaying the rollout due to security risks to public and private software.
Mythos was announced in April as a restricted model and was made available only to select companies, including security researchers.
At that time, Anthropic cited major “security” risks with the Mythos model and decided against a public rollout.
“The advantage will belong to the side that can get the most out of these tools,” Anthropic warned in April when it announced the Mythos model.
“In the short term, this could be attackers, if frontier labs aren’t careful about how they release these models. In the long term, we expect it will be defenders who will more efficiently direct resources and use these models to fix bugs before new code ever ships.”
AI companies typically avoid rolling out powerful models until they develop strong guardrails that prevent misuse.
It appears that Anthropic has managed to develop strong guardrails to prevent misuse of the Mythos model, which is believed to be far more powerful than Opus 4.8 and other models available on the internet.
Anthropic prepares roll out of Mythos model
In a blog post, Anthropic confirmed that it plans to release Mythos-class models to the public in the coming weeks, but it has not committed to a specific timeframe.
“We’re making swift progress on developing these safeguards and expect to be able to bring Mythos-class models to all our customers in the coming weeks,” Anthropic said in a blog post.
Anthropic says it is already allowing a small number of organizations to use Claude Mythos preview for cybersecurity work, but it is unclear if the same model will be rolled out to the public.
According to the company, the Mythos model shows major improvements in code reasoning and autonomy, far above Claude’s current flagship model, Opus 4.8.
It is also worth noting that the “Mythos-preview” model briefly appeared for some users on Claude Code before it was taken offline.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
