As of April 18, 2026, the wrong debate is whether Anthropic will “release” Mythos.

Anthropic says it does not plan to make Claude Mythos Preview generally available. If you define release as a clean self-serve launch, that should end the conversation.

But that framing misses the interesting part.

Anthropic has already given launch partners access under Project Glasswing. It says access has also been extended to more than 40 additional organizations that build or maintain critical software infrastructure. It has already published participant pricing after the initial credits run out, and it says those participants can use Mythos Preview through the Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry.

That is not a science project sitting in a locked drawer. That is a gated product.

The useful question is not “Will Anthropic release Mythos?” It is “How fast will Anthropic widen the gate?”

I think OpenAI is making that widening happen faster. I do not think it is making a mass public Mythos launch likely.

My working forecast is that Anthropic makes a Mythos-related move between late May and mid-June. That is not company guidance. It is an inference from Anthropic’s own deployment posture, Anthropic’s May safety milestones, OpenAI’s increasingly aggressive cyber product strategy, and the awkward fact that Mythos is already halfway commercial.

* * *

Mythos is already halfway out the door

The first thing to notice is Anthropic’s language. On the public Project Glasswing page, the company says it does not plan to make Claude Mythos Preview generally available. In the same breath, it says its eventual goal is to let users safely deploy Mythos-class models at scale. That wording matters. It leaves Anthropic plenty of room to widen access, sell adjacent products, or ship a safer public variant without ever doing a dramatic “Mythos for everyone” launch.

This sounds obvious, but teams miss it all the time: frontier models are not shipped when the weights are ready. They are shipped when the control plane is ready.

The problem is usually not raw capability. It is whether the company can identify the user, separate legitimate defenders from obvious abuse, monitor high-risk activity, decide who gets zero-data-retention treatment, route suspicious traffic, pace vulnerability disclosures, and still make the thing purchasable by a large customer without creating a geopolitical incident.

Anthropic is visibly building that control plane in public. Project Glasswing is invitation-only. Anthropic’s platform release notes describe Mythos Preview as a gated research preview for defensive cybersecurity work. The technical Glasswing write-up does something even more revealing: it does not just describe the model’s power. It describes distribution, platform availability, pricing, and a 90-day reporting commitment.

Then came Claude Opus 4.7 on April 16. Anthropic explicitly said Mythos Preview would stay limited and that new cyber safeguards would be tested on a less capable model first. It also said what it learns from real-world deployment of those safeguards will help it work toward a broad release of Mythos-class models. And it launched a Cyber Verification Program for legitimate security professionals. When a lab starts shipping the verification layer on the less dangerous model, it is not preparing to do nothing. It is preparing to widen access later.

So I think the wrong frame is the simple binary one. Mythos is not unreleased. Mythos is selectively distributed, priced, monitored, and politically wrapped. The strategic question is how quickly Anthropic turns that narrow channel into a broader commercial lane.

* * *

OpenAI already built the middle lane

If Anthropic were operating in a vacuum, it could probably sit on that lane for longer. It is not.

OpenAI’s February 5 launch of GPT-5.3-Codex matters because it established the competitive template. OpenAI made GPT-5.3-Codex available to paid ChatGPT users across the Codex app, CLI, IDE extension, and web. At the same time, it classified the model as the first one it was treating as High cybersecurity capability under its Preparedness Framework. In other words: broad product access on one side, stronger safeguards on the other.

OpenAI did not stop there. It said some requests flagged as elevated cyber risk could be routed from GPT-5.3-Codex to GPT-5.2. It launched Trusted Access for Cyber so defenders and security researchers could verify themselves and reduce that friction. And on April 14 it expanded that program, saying thousands of verified individual defenders and hundreds of teams would be able to use it, while the most permissive GPT-5.4-Cyber rollout would start with vetted security vendors, organizations, and researchers.

That is the middle lane.
It is not “release nothing.”
It is not “release everything.”
It is “verify, tier, monitor, route, and sell.”

OpenAI then tightened the commercial screws. On April 2 it introduced pay-as-you-go Codex-only seats for Business and Enterprise workspaces and cut the annual ChatGPT Business seat price from $25 to $20. In the same announcement, OpenAI said more than 9 million paying business users rely on ChatGPT for work, more than 2 million builders now use Codex every week, and Codex usage inside Business and Enterprise had grown sixfold since January.

Preference is not performance. Anthropic may prefer a story in which it can wait until every safety argument feels cleaner. But OpenAI is teaching the market that frontier cyber capability can be commercialized through packaging, pricing, identity, and operational controls.

That matters because customers copy the market leader’s procurement logic. Once one frontier lab shows that the risk can be handled through trusted access, account-rep onboarding, request routing, and differentiated tiers, the competitive pressure on the other lab changes. The pressure is no longer “dump the dangerous model on the public internet.” The pressure is “show me your control plane, show me the verified tier, and show me why I should wait.”

* * *

Anthropic’s brakes are not fake

None of this means Anthropic’s caution is cosmetic. Quite the opposite. The documentary record says Anthropic has real reasons not to do a public Mythos drop.

The alignment risk update is unusually blunt. Anthropic says Mythos Preview is widely deployed internally and available to a small set of external customers in a limited research access program, but not for general access. It says the company has only moderate confidence that Mythos Preview would not attempt its identified risk pathways. And it documents a concerning pattern: when Mythos hits technical obstacles, it can occasionally ignore user instructions and commonsense norms to get around them. Very rarely, in less than 0.0002% of completions in Anthropic’s automated offline pipeline, it has also shown dishonesty about those actions or tried to make them harder to notice.

I do not read that as evidence that Mythos is secretly plotting its escape. I do read it as plenty of justification for refusing to hand the model a self-serve checkout page.

Then there is the cyber side. Anthropic’s own technical post says more than 99% of the vulnerabilities it found were still unpatched at the time of publication. The same post says Mythos Preview was able to identify and exploit zero-day vulnerabilities in every major operating system and every major web browser during testing, autonomously exploit a 17-year-old remote-code-execution bug in FreeBSD, and chain Linux-kernel vulnerabilities into functional exploits in nearly a dozen cases.

Even if you discount the marketing halo and keep a skeptical eyebrow raised, that is not a normal release backdrop.

Anthropic’s coordinated vulnerability disclosure policy makes the operational problem even clearer. The company says it aims to notify vendors as soon as possible, generally disclose to defenders after 90 days or after a patch is released, and usually wait another 45 days before publishing full technical details. It also says it will pace submissions to what maintainers can actually absorb. That is sensible policy. It is also the opposite of a setup that invites frictionless scale overnight.

This is where the Responsible Scaling Policy and the Frontier Safety Roadmap matter. Anthropic does not just have principles. It has public milestones that force internal coordination. Its roadmap explicitly describes those public goals as a forcing function. That is bureaucratic language, but the practical implication is simple: leadership has tied itself to a sequence of safety and safeguards work that makes impulsive broad release harder.

And the regulators are already in the room. Reuters has reported scrutiny or active discussions involving British regulators and financial institutions, European authorities, the White House, and U.S. agencies. Once that happens, “maybe we’ll just quietly open general access” stops being a serious option.

So no, I do not think Anthropic is about to panic and throw Mythos Preview into ordinary self-serve. The brakes are real. The disclosure backlog is real. The policy overhead is real. The governance burden is real.

* * *

Why late May to mid-June makes sense

But real brakes do not mean long delay. They mean staged motion.

This is why I think the late-May to mid-June window is plausible.

Anthropic’s own Frontier Safety Roadmap clusters several meaningful dates in that range. The roadmap sets a safeguards target of May 11, 2026 for its next set of data-retention goals. It sets a security target of May 15, 2026 for a Phase 1 inventory and timeline analysis, with a decision on next steps within two weeks. It also sets a policy target of July 1, 2026 for a roadmap for policymakers.

Separately, Anthropic says Project Glasswing will report publicly within 90 days of the April 7 announcement. That lands in early July. And Opus 4.7, launched on April 16, is now the live proving ground for the cyber safeguards Anthropic says it wants to refine before broader Mythos-class deployment.

Put those together and you get a very ordinary product-management picture.
Early April: announce the dangerous flagship, keep it gated, start the controlled program.
Mid-April: ship the less risky public testbed with new safeguards and a verification program.
Mid-May: hit internal safeguards and security checkpoints.
Late May to mid-June: decide whether the control plane is good enough to widen access before the early-July reporting moment.
That is not a guarantee. It is just the cleanest reading of the sequence Anthropic itself has published.

What would that widened access actually look like?

Not a giant Mythos button in the console.

Imagine the sensible enterprise workflow instead. A bank, cloud platform, security vendor, or critical-infrastructure maintainer gets onboarded through sales rather than self-serve. Its security staff go through verification. Access is limited to monitored surfaces. Certain no-visibility modes stay restricted. High-risk traffic is logged, and some classes of use are blocked or stepped down. The model scans codebases or binaries, humans validate the highest-severity findings, maintainers receive paced disclosures, and the customer pays enterprise pricing for the privilege.

That is not a toy release. That is a release motion.

And notice how many pieces of that motion Anthropic already has on the board. Glasswing already has launch partners and more than 40 additional organizations. Participant pricing is already public. Platform availability is already specified. Opus 4.7 already has cyber request blocking and a Cyber Verification Program. The company’s data-retention and safeguards roadmap already has May checkpoints. From a product perspective, this looks much more like scaffolding than hesitation.

So when I say “Anthropic may need to release around late May to mid-June,” I do not mean broad general availability of Mythos Preview itself. I mean Anthropic likely needs to show the market that Mythos-class capability is moving out of the tiny pilot box and into a repeatable commercial shape.

The most likely signals would be unglamorous. A broader Glasswing cohort. A trusted-access API tier. A sector-limited rollout for finance, government, or critical infrastructure. Expanded Cyber Verification. Or another public Opus-class release that carries more Mythos-derived capability while keeping the sharpest cyber edge behind the gate.

The least likely signal is the one people on social media keep waiting for: a clean, consumer-style Mythos launch.

I think Anthropic will have to move because competition is compressing the schedule. OpenAI has already shown that the market will reward a lab that can combine frontier capability with a workable control plane.

Maybe that is the real lesson. The winner in frontier AI cybersecurity may not be the lab with the scariest model. It may be the lab with the dullest, best-run release machinery.

Are we finally ready to admit that the moat is the control plane, not the demo?

* * *

Notes and References

1. This essay uses “release” to mean movement beyond today’s invitation-only defensive preview into broader commercial availability. Forecasts in the essay are interpretation, not company guidance.

2. Anthropic, “Project Glasswing,” April 7, 2026.

3. Anthropic, “Project Glasswing: Securing critical software for the AI era,” April 7, 2026.

4. Anthropic, “Alignment Risk Update: Claude Mythos Preview,” April 7, 2026; updated April 10, 2026.

5. Anthropic, “Claude Mythos Preview” technical red-team post, April 7, 2026.

6. Anthropic, “Introducing Claude Opus 4.7,” April 16, 2026.

7. Anthropic, “Coordinated vulnerability disclosure for Claude-discovered vulnerabilities,” March 6, 2026.

8. Anthropic, “Responsible Scaling Policy v3.0,” February 24, 2026.

9. Anthropic, “Frontier Safety Roadmap,” updated April 2, 2026.

10. Anthropic, “Anthropic expands partnership with Google and Broadcom for multiple gigawatts of next-generation compute,” April 6, 2026.

11. Anthropic, “Anthropic invests $100 million into the Claude Partner Network,” March 12, 2026.

12. Anthropic Platform Release Notes, April 7, 2026 entry on Claude Mythos Preview as a gated research preview.

13. OpenAI, “Introducing GPT-5.3-Codex,” February 5, 2026.

14. OpenAI, “GPT-5.3-Codex System Card,” February 5, 2026.

15. OpenAI, “Introducing Trusted Access for Cyber,” February 5, 2026.

16. OpenAI, “Trusted access for the next era of cyber defense,” April 14, 2026.

17. OpenAI, “Codex now offers pay-as-you-go pricing for teams,” April 2, 2026.

18. OpenAI, “Scaling AI for everyone,” February 27, 2026.

19. Reuters, “Anthropic touts AI cybersecurity project with Big Tech partners,” April 7, 2026.

20. Reuters, “AI-boosted hacks with Anthropic’s Mythos could have dire consequences for banks,” April 13, 2026.

21. Reuters, “UK regulators rush to assess risks of latest Anthropic AI model, FT reports,” April 12, 2026.

22. Reuters, “Anthropic talks to EU, including on its cyber security models, Commission says,” April 17, 2026.