Claude Mythos 5
- Provider
- Anthropic
- Status
- Restricted
- Context
- 1,000,000 tok
- SWE-bench
- 80.3%
- Price
- $10 / $50 /MTok
Claude Mythos 5 is Anthropic’s restricted, no-classifier “Mythos-class” model — the same underlying system as Claude Fable 5, but with the cybersecurity safeguards lifted. Where Fable 5 silently reroutes cyber, biology and distillation queries to the weaker Opus 4.8, Mythos 5 answers them directly. Anthropic describes it plainly: Mythos 5 “has the strongest cybersecurity capabilities of any model in the world” (Anthropic). That capability is exactly why almost nobody can use it. Launched on 9 June 2026, Mythos 5 is offered only to vetted partners — initially the cyber-defenders of Project Glasswing, as an upgrade to Claude Mythos Preview — and is not sold on the public API or consumer apps.
Availability — as of 17 June 2026: Mythos 5 is restricted, and currently suspended worldwide. It was never generally available — access is limited to vetted trusted-access partners. On top of that, on 12 June 2026 a US government export-control directive forced Anthropic to disable both Mythos 5 and Fable 5 for all customers, Glasswing partners included; as of this writing it has not been restored and there is no official return date (Anthropic statement). During the suspension, Opus 4.8 is the most capable Claude anyone can actually use.
This page covers Mythos 5 — the restricted sibling. For the public model with safeguards on, see the Fable 5 page.
Quick specs
| Provider | Anthropic |
| Tier | Mythos-class (above Opus) |
| Released | 9 June 2026 (with Fable 5) |
| Status | Restricted (trusted-access only) — and suspended worldwide since 12 Jun 2026 |
| Relationship to Fable 5 | Same underlying model; cyber safeguards lifted |
| Predecessor | Claude Mythos Preview (April 2026) |
| API model ID | claude-mythos-5 (not on the public API) |
| Context window | 1,000,000 tokens |
| Max output | 128,000 tokens |
| Knowledge cutoff | Not separately disclosed (data not available) |
| Input price | $10.00 / MTok |
| Output price | $50.00 / MTok |
| ExploitBench (cyber) | 78.0% (Anthropic-reported; Opus 4.8: 40.0%) |
| Distributed via | Project Glasswing; biology trusted-access to follow |
| Best for | Critical-infrastructure cyber defence, vulnerability research, frontier life-sciences research |
| Limitations | Not publicly available; currently suspended; vendor-run benchmarks; 30-day data retention |
What Mythos 5 is — the model with the safeguards taken off
Anthropic’s model ladder now runs Haiku → Sonnet → Opus → Mythos-class, a top tier above Opus aimed at the hardest reasoning, coding and long-horizon agentic work. Two Mythos-class models launched together on 9 June 2026, and the crucial fact is that they are the same underlying model (Anthropic):
| Model | API ID | Cyber safeguards | Availability |
|---|---|---|---|
| Claude Fable 5 | claude-fable-5 | On — cyber/bio/distillation queries route to Opus 4.8 | Public (now suspended) |
| Claude Mythos 5 | claude-mythos-5 | Lifted | Restricted — Project Glasswing partners only; successor to Mythos Preview |
In Anthropic’s words, “Fable is from the Latin fabula, ‘that which is told,’ akin to the Greek mythos. The safeguards are what distinguish the two models.” Strip the classifiers off Fable 5 and you have Mythos 5. That is the entire difference — and it is the difference between a model that declines to read a security blog post and a model Anthropic considers the most capable offensive-and-defensive cyber tool in existence.
Mythos 5 is the successor to Claude Mythos Preview, the first Mythos-class model, which Anthropic released in April 2026 to a small group of cyber-defenders through Project Glasswing. Partners with Mythos Preview access were offered the Mythos 5 upgrade from launch day; Anthropic says users will find it “comparable to, or somewhat stronger than, Mythos Preview in most cases, while costing substantially less” (Anthropic).
Why access is restricted
Anthropic’s stated reasoning is uplift. Mythos-class cyber and biology capabilities are powerful enough that, in the wrong hands, they could give a meaningful boost to attackers who couldn’t get the same help from a search engine — and much advanced AI usage is dual-use, where the same query that helps a defender helps an attacker (Anthropic). Anthropic’s position is that it has not yet built safeguards strong enough to release raw Mythos-level cyber capability to the general public, so it gates the unblocked model to organisations it has vetted, and ships the safeguarded Fable 5 to everyone else.
The Claude Mythos product page puts it directly: “Because Mythos 5 is highly capable for cybersecurity and biology research, it could be used both for good and for harm. We currently only provide access to a small, but growing, set of customers through our trusted access programs.” Two such programmes exist or are planned: Project Glasswing for cyber-defence (live), and a separate trusted-access programme for biology research (coming), each lifting only the safeguards relevant to that work. Organisations can register interest via Anthropic’s Mythos access form.
Project Glasswing — Mythos 5’s main distribution
Project Glasswing is the programme through which Mythos-class models actually reach users. Anthropic announced it on 7 April 2026 as a joint effort “to secure the world’s most critical software,” with launch partners including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks. Roughly 50 initial partners were given access to Claude Mythos Preview to scan the codebases that underpin the internet and critical infrastructure.
The early results, which are the strongest public evidence for what Mythos-class cyber capability can do, come from Mythos Preview rather than Mythos 5 (Anthropic, 22 May 2026):
- The ~50 partners collectively found more than 10,000 high- or critical-severity vulnerabilities in systemically important software; several reported their bug-finding rate rose more than tenfold.
- Cloudflare found 2,000 bugs (400 high- or critical-severity) across critical-path systems, at a false-positive rate its team rated better than human testers.
- Mozilla found and fixed 271 vulnerabilities in Firefox 150 — over ten times the number it caught in Firefox 148 using Claude Opus 4.6.
- The UK’s AI Security Institute reported Mythos Preview was the first model to solve both of its cyber ranges (simulated multi-step attacks) end to end.
- Scanning more than 1,000 open-source projects, Mythos Preview flagged an estimated 6,202 high- or critical-severity vulnerabilities (of 23,019 total). An independent example: a certificate-forgery flaw in the widely used wolfSSL library, assigned CVE-2026-5194.
On 2 June 2026 Anthropic expanded Glasswing to roughly 150 new organisations across more than 15 countries, adding sectors that were thin in the first cohort — power, water, healthcare, communications and hardware. A week later, those partners were offered the Mythos 5 upgrade. Anthropic frames the whole programme as a race: it expects other labs to field Mythos-class models within 6–12 months, possibly without safeguards, and wants defenders to build a durable lead before that happens.
A recurring theme in Glasswing’s own write-ups is that finding vulnerabilities is no longer the bottleneck — verifying, disclosing and patching them is. Anthropic notes that on average a high- or critical-severity bug found by Mythos Preview takes about two weeks to patch, and that some open-source maintainers have asked it to slow down disclosures because they cannot keep up.
Benchmark performance
All figures below are Anthropic-reported from the 9 June launch comparison and are vendor-run — treat them as the company’s own numbers pending independent replication and the model’s system card. The cyber and biology rows are the ones that matter for Mythos 5, because they reflect the unblocked model. On these exact topics the public Fable 5 falls back to Opus 4.8, so a Fable user never sees them.
Cybersecurity and biology — the unblocked capability
| Benchmark | Mythos 5 | Mythos Preview | Opus 4.8 | GPT-5.5 |
|---|---|---|---|---|
| ExploitBench (cyber) | 78.0% | 69.0% | 40.0% | 34.0% |
| BioMysteryBench (hard biology) | 46.1% | 29.6% | 40.0% | — |
ExploitBench is an academic benchmark for exploit-development capability that Anthropic helped support; Mythos Preview was already the strongest public performer on it, and Mythos 5 is reported higher again. The gap over public frontier models is the headline: on Anthropic’s numbers, Mythos 5 roughly doubles Opus 4.8 and more than doubles GPT-5.5 on exploit development. In its statement on the export-control order, Anthropic argued that the specific technique the government raised produced only minor, already-known vulnerabilities and that comparable capability is “widely available from other models (including OpenAI’s GPT-5.5)” (Anthropic) — a reminder that frontier cyber capability is not unique to Mythos, even if Anthropic claims the lead.
On biology, Anthropic reports using Mythos 5 internally — with biology safeguards removed — to accelerate parts of protein and drug design by around 10x, yielding strong candidates for 9 of 14 protein targets, and to generate novel molecular-biology hypotheses its own scientists preferred to Opus-class output ~80% of the time in blind comparison. One Mythos hypothesis, a new mechanism for an E. coli protein, was independently corroborated by a separate lab. In a week of largely autonomous work, Mythos 5 also trained a single-cell genomics model spanning 138 species that outperformed a Science-published model despite being 100x smaller.
General capability (inherited from the shared model)
Because Mythos 5 is the same model as Fable 5, it carries the same frontier scores on everyday work — Anthropic reports 80.3% on SWE-bench Pro (the top score of any model it tested), 29.3% on Cognition’s FrontierCode “Diamond” split, and 29.8% on the GDP.pdf vision eval. The full general-capability breakdown lives on the Fable 5 page; they are identical here.
Independent signal and a counterweight
Independent testers have validated the Mythos line’s cyber strength — XBOW called Mythos Preview “a significant step up over all existing models” with “absolutely unprecedented precision,” and the figures from Cloudflare, Mozilla and the UK AISI above are external. What is not yet independently confirmed is Mythos 5’s specific launch scores, which remain vendor-run. On the sceptical side, Andon Labs is reported to have tested the unblocked Mythos line on its long-horizon Vending-Bench agentic-business eval and found it made less money than Opus 4.7 and GPT-5.5, with alignment that “tracks detectability rather than real-world harm.” We’ve been unable to independently confirm this against a primary source — treat it as an early, unpublished signal rather than an established result — but it’s a useful counterweight to launch-day numbers.
Pricing
| Input (per MTok) | Output (per MTok) | |
|---|---|---|
| Claude Mythos 5 / Fable 5 | $10.00 | $50.00 |
| Claude Opus 4.8 | $5.00 | $25.00 |
| Claude Mythos Preview | (more than 2x Mythos 5) | — |
Pricing is identical to Fable 5: $10/$50, exactly double Opus 4.8 and less than half what Mythos Preview cost (Anthropic). Unlike Fable 5, Mythos 5 is not sold on Pro/Max/Team/Enterprise subscription plans at all — it reaches users only through trusted-access programmes, on terms Anthropic sets per partner. All Mythos-class traffic requires accepting a 30-day data-retention policy for safety monitoring; Anthropic says it won’t use that data to train models and will delete it after 30 days, but there is no zero-data-retention option (support docs).
How to access Claude Mythos 5
As of 17 June 2026 you almost certainly cannot — and right now, nobody can. Two gates apply, one structural and one temporary:
- It’s restricted by design. Mythos 5 is offered only to vetted partners: cyber-defenders and critical-infrastructure providers via Project Glasswing (cyber safeguards lifted), with a biology trusted-access programme to follow. There is no public API endpoint and no consumer-app access. Organisations that believe they qualify can register interest; Anthropic also runs a broader Cyber Verification Program that loosens cyber safeguards for approved security professionals using the public models.
- It’s also suspended. The 12 June export-control directive disabled Mythos 5 for everyone, Glasswing partners included, and it has not been restored.
If your goal is defensive security work on your own code today, Anthropic’s pointer is Claude Security, which uses public frontier models such as Opus 4.8 to scan codebases and propose patches — available without Mythos-class access. For most users, Opus 4.8 is the practical ceiling during the suspension.
How Claude Mythos 5 compares
vs Claude Fable 5
Same model, different safeguards. Fable 5 is the public version with classifiers that route cyber, biology/chemistry and distillation queries to Opus 4.8; Mythos 5 has the cyber safeguards lifted, which is why it posts far higher cyber scores (ExploitBench 78.0% vs an effective Opus-4.8-level 40.0% for a Fable user on the same query). For everyday coding, knowledge work and vision, the two are indistinguishable. Pick Fable 5 if you want a generally available frontier model and never touch the restricted domains; Mythos 5 only exists for vetted defenders who specifically need the unblocked cyber capability.
vs Claude Mythos Preview
Mythos 5 is the direct successor to Mythos Preview, the April research model that powered Glasswing’s early results. Anthropic positions it as comparable to or somewhat stronger than Preview across most tasks, at substantially lower cost, with the reported jump from 69.0% to 78.0% on ExploitBench as the clearest capability signal (Anthropic).
vs public frontier models (Opus 4.8, GPT-5.5)
This is the comparison the whole restriction is built around. On Anthropic’s cyber benchmarks, Mythos 5 sits far above the publicly available frontier — but Anthropic itself cautions that meaningful cyber capability is already “widely available from other models,” including GPT-5.5, and that the difference is degree rather than kind. The honest summary: Mythos 5 is Anthropic’s strongest cyber model and, by its own account, the strongest in the world, but the gap to public models is a capability lead, not a category of its own. See best AI models for where the broader field stands.
Known limitations
Not publicly available (by design). Mythos 5 is trusted-access only — Glasswing cyber partners now, biology researchers later. There is no API or consumer route for general users, and no published timeline for a broad release; Anthropic says it still lacks safeguards strong enough to open raw Mythos-level cyber capability to everyone.
Suspended worldwide (as of 17 June 2026). The 12 June US export-control directive disabled Mythos 5 for all users, including approved partners. Status is in flux — check Anthropic’s statement and status page before relying on it.
Vendor-run headline benchmarks. Mythos 5’s launch cyber/bio scores are Anthropic’s own. Independent testing has validated the Mythos line (XBOW, Mozilla, UK AISI on Mythos Preview), but not Mythos 5’s specific numbers; Andon Labs’ early Vending-Bench result was notably less flattering on economics and alignment.
Disclosure-and-patching bottleneck. The capability that makes Mythos 5 valuable — surfacing vulnerabilities at scale — outruns the human capacity to verify and patch them. Glasswing’s own data shows steep drop-offs between bugs found and bugs fixed, and some maintainers have asked Anthropic to slow disclosures.
Mandatory 30-day data retention. Mythos-class models are “Covered Models”; there is no zero-data-retention option.
Knowledge cutoff not disclosed. Anthropic hasn’t separately published a training/knowledge cutoff for the Mythos 5 / Fable 5 model at the time of writing.
Community and expert reception
Reaction to Mythos 5 has been inseparable from the politics around it. Among security professionals, the dominant theme was frustration with how aggressively the public Fable 5 gates cyber work — IBM X-Force researcher Valentina “Chompie” Palmiotti said Fable “rejects any request that could be tangentially cyber related, even innocuous tasks like reading a blog post,” and others reported that asking for a code review or “secure code” tripped the classifiers (TechCrunch). That frustration is the flip side of Mythos 5’s restriction: the capability defenders want is real, but it sits behind a vetting gate most of them can’t clear. Tolmo’s Matt Suiche was more sanguine, calling broad guardrails understandable “in the early days” and likely to relax as Anthropic works with the security industry.
Then, three days after launch, the US export-control suspension reframed the conversation entirely — away from capability and toward who gets to decide what ships. Anthropic publicly disagreed with the order, arguing a narrow, non-universal jailbreak of a model “deployed to hundreds of millions of people” shouldn’t trigger a recall, and that applying that standard industry-wide “would essentially halt all new model deployments for all frontier model providers” (Anthropic). The episode landed against a backdrop of Anthropic warning that frontier AI is approaching recursive self-improvement and pushing for coordinated brakes on development (TechCrunch) — a company arguing both that these models are dangerous enough to restrict and that this particular restriction went too far.
Version history
| Version | Released | Key points |
|---|---|---|
| Claude Mythos 5 | 9 Jun 2026 | No-classifier Mythos-class model; ExploitBench 78.0% (Anthropic-reported); Glasswing upgrade from Mythos Preview |
| — suspended | 12 Jun 2026 | US export-control directive; Anthropic disables Mythos 5 and Fable 5 worldwide |
| Claude Mythos Preview | Apr 2026 | First Mythos-class model; powered Project Glasswing’s early vulnerability-finding results |
| Claude Opus 4.8 | 28 May 2026 | The Opus tier below; the fallback target for Fable 5’s blocked queries, and the most capable Claude available during the suspension |
Glasswing’s timeline tracks the model’s rollout: announced 7 April with ~50 partners on Mythos Preview; an initial update on 22 May (10,000+ vulnerabilities found); expansion to ~150 organisations in 15+ countries on 2 June; Mythos 5 upgrade on 9 June; worldwide suspension on 12 June.
FAQ
What is Claude Mythos 5?
Anthropic’s restricted, top-tier “Mythos-class” model — the same underlying system as Claude Fable 5 but with the cybersecurity safeguards lifted. Anthropic calls it the strongest cybersecurity model in the world. It’s distributed only to vetted partners, mainly through Project Glasswing.
How is Mythos 5 different from Fable 5?
They’re the same model. Fable 5 (public) ships with classifiers that route cyber, biology/chemistry and distillation queries to Opus 4.8. Mythos 5 (restricted) has the cyber safeguards removed, so it answers those queries directly — which is why its cyber and biology benchmark scores are so much higher.
Can I get access to Mythos 5?
Almost certainly not as an individual. It’s limited to vetted cyber-defenders and critical-infrastructure providers via Project Glasswing, with a biology trusted-access programme to follow. You can register interest, but there’s no public API or app access. On top of that, it’s currently suspended worldwide.
What is Project Glasswing?
Anthropic’s programme to secure the world’s most critical software, launched in April 2026 with partners including AWS, Apple, Cisco, CrowdStrike, Google, Microsoft, NVIDIA and Palo Alto Networks. Partners use Mythos-class models to find and fix vulnerabilities; the programme expanded to ~150 organisations in 15+ countries in June 2026.
Why is Mythos 5 restricted?
Anthropic says its frontier cyber and biology capabilities could give real uplift to malicious actors, and that it hasn’t yet built safeguards strong enough to release that capability to the general public. So it gates the unblocked model to vetted partners and ships the safeguarded Fable 5 to everyone else.
How much does Mythos 5 cost?
$10 per million input tokens and $50 per million output — the same as Fable 5, double Opus 4.8, and less than half what Mythos Preview cost. It isn’t sold on standard subscription plans; access is arranged through trusted-access programmes and carries mandatory 30-day data retention.
Is Mythos 5 available right now?
No. It was restricted from launch, and since 12 June 2026 it has also been suspended worldwide under a US export-control directive, with no official restoration date as of 17 June 2026. Opus 4.8 is the most capable Claude currently available.
Last verified 17 June 2026. Availability status is changing — confirm against Anthropic’s official statement and status page before relying on it. Mythos 5’s headline cyber and biology benchmark figures are Anthropic-reported (9 Jun 2026 launch table) and vendor-run; independent corroboration exists for the Mythos line (Mythos Preview) but not yet for Mythos 5’s specific scores. Pricing and access subject to change.