On the morning of March 24, 2026, an internal Anthropic data exposure surfaced a codename no one was supposed to see: Mythos. Within 48 hours, Fortune had confirmed it. Within two weeks, Anthropic had formally announced what its own internal documents described as a step change in capability. And then, for the first time in the modern AI era, a major laboratory announced a frontier model and deliberately chose not to release it.
Section 01
The Leak
The name itself leaked first. A data exposure in late March 2026 surfaced internal Anthropic model references, and the codename Mythos appeared in developer logs before the company had made any public announcement. Fortune broke the story on March 26th, and Anthropic confirmed the model's existence the same day - describing it as "a step change in AI performance" and "the most capable we have built to date."
The announcement that followed on April 7th was unlike anything the AI industry had produced before. Anthropic released a technical preview, published evaluation results, and in the same breath announced that the model would not be made available through the Claude API or Claude.ai. The stated reason was the model's performance on cybersecurity tasks specifically. Before they could responsibly let Mythos near the internet, they needed to understand what it was actually capable of.
What they found during internal testing was striking enough to override the commercial logic of a major model launch. The details that emerged over the following weeks explained why.
Section 02
What Mythos Can Do
SWE-Bench Verified is the software engineering industry's most rigorous benchmark: real open-source GitHub issues, real codebases, no scaffolding. Mythos scored 93.9% - the highest figure ever publicly documented for any AI model. For context, Claude Opus 4.6 scored approximately 72%. GPT-5.5, released publicly in April 2026, sits around 78%. Mythos's score is not a marginal improvement; it is in a different tier of capability.
On the USAMO 2026 - the United States Mathematical Olympiad, which tests the 500 strongest high school mathematicians in the country - Mythos scored 97.6%, roughly 31 percentage points above Opus 4.6. These are problems designed to defeat most professional mathematicians. Mythos solves them at near-perfect accuracy.
The cybersecurity results are what convinced Anthropic to withhold the model. In controlled evaluation, Mythos identified thousands of previously unknown zero-day vulnerabilities across every major operating system and web browser - flaws that had survived decades of professional security review. When given a known vulnerability to reproduce, it developed a working exploit on the first attempt in over 83% of cases. Tasks that would require a skilled human security researcher two to three days of work were completed in under an hour.
A zero-day is a software flaw unknown to the software's vendor - and therefore unpatched. The name comes from the fact that defenders have zero days to respond. Finding a zero-day requires deep expertise, hours of reverse-engineering, and often years of accumulated knowledge about a specific codebase. Mythos did this across multiple operating systems simultaneously, at scale, without being asked to look for any particular class of flaw.
This is not a model that can assist a hacker with instructions. This is a model that can autonomously conduct the most technically demanding part of a cyberattack - the discovery and exploitation of vulnerabilities - faster and at higher success rates than almost any human on the planet.
Section 03
The 16-Hour Threshold
METR - the Model Evaluation and Threat Research organization - specializes in exactly the kind of evaluation that tells you whether an AI is approaching something genuinely dangerous. Their framework asks a deceptively simple question: how long a task can the model complete without requiring human input?
METR defines a model's "time horizon" as the length of task it can complete with 50% success, where success means doing the entire task autonomously - no prompting, no course-correction, no handholding. A 30-minute horizon means the model can reliably run a contained, well-defined task for half an hour on its own. A 16-hour horizon means something qualitatively different: a full working day of autonomous decision-making across a complex, multi-stage project.
For Mythos Preview, METR's evaluation placed the median time horizon at 16 hours, with a 95% confidence interval of 8.5 to 55 hours. In concrete terms: Mythos can read an unfamiliar codebase, understand its architecture, formulate an implementation plan, write the code, debug it, and test it - all without a human in the loop - for projects that would occupy a skilled engineer for most of a working day.
Previous frontier models plateaued in the 30-minute to 2-hour range. The jump from 2 hours to 16 hours is not incremental. It represents a model that can independently own and execute what METR calls a "complete engineering sub-project." This is the capability that has changed the terms of the AGI conversation.
"A step change in AI performance - the most capable we have built to date."Anthropic spokesperson, Fortune, March 26, 2026
Is Mythos AGI? The careful answer is no. AGI - artificial general intelligence - implies a system that can learn and generalize across arbitrary domains at human level, with the kind of open-ended adaptability that humans bring to genuinely novel situations. Mythos is not that. What Mythos is, is a documented crossing of a practical threshold: autonomous, long-horizon execution in complex technical domains, at a level that exceeds the vast majority of human practitioners in those domains.
The "action singularity" framing circulating in AI research circles is more useful than the AGI framing. Mythos represents the point at which an AI crosses from "talking about" tasks to "executing" them - from a tool that assists humans to a system that can own a task end-to-end. That is not AGI. But it is, arguably, the more consequential threshold for the near term. An AI that can plan, build, test, and deploy without supervision is one whose effects on labor, on security, and on the pace of scientific research are real, immediate, and compounding.
Section 04
Project Glasswing
Anthropic's decision not to release Mythos is historically unusual. Every previous frontier model from every major lab has followed the same pattern: announce, release via API, iterate publicly. The commercial logic is overwhelming - a frontier model generates revenue, attracts developers, and anchors the platform. Withholding it sacrifices all of that.
Anthropic's answer is Project Glasswing: a restricted access program that offers Mythos to a small number of vetted organizations specifically engaged in cybersecurity defense. The name evokes transparency without openness - a glasswing butterfly's wings appear invisible, but the structure is still there. Access requires institutional vetting, defined use-case constraints, and active monitoring. The model is not available to individuals, and it is not available through any public API endpoint.
The UK's AI Security Institute evaluated Mythos Preview's capabilities and published its findings. The AISI's assessment confirmed the exploit-generation findings and placed the model in a new tier of cybersecurity capability - one that outpaces current defensive infrastructure by a meaningful margin. The assessment stopped short of recommending a ban, but explicitly noted that the model's autonomous exploit generation capacity warranted "the most restrictive deployment tier we have evaluated to date."
What Anthropic has demonstrated with Glasswing is that at least one frontier AI laboratory believes the calculus on model release can be different from what the industry has assumed. The question this opens is governance: if a model is powerful enough to withhold, who decides? Anthropic made the call internally. The White House is now drafting an executive order that would require pre-release government vetting for new frontier models - an FDA-for-AI framework that the Mythos situation has made suddenly urgent. Whether that framework arrives in time to matter is a different question.
For now, Mythos sits inside its containment ring - accessible to eight categories of authorized organizations, invisible to everyone else. The most capable AI system ever documented exists, is running, and is shaping the cybersecurity research of the people who have access to it. The rest of the world is working with models that are, by the available evidence, a generation behind.
Buy me a coffee