The Memo - Special edition - Claude Mythos - 7/Apr/2026
"Claude Mythos Preview’s large increase in capabilities has led us to decide not to make it generally available."
To: US Govt, major govts, Microsoft, Apple, NVIDIA, Alphabet, Amazon, Meta, Tesla, Citi, Tencent, IBM, & 10,000+ more recipients…
From: Dr Alan D. Thompson <LifeArchitect.ai>
Sent: 7/Apr/2026
Subject: The Memo - AI that matters, as it happens, in plain English
AGI: 97%
ASI: 0/50 (no expected movement until post-AGI)Anthropic announces Claude Mythos Preview
Once again, we have this out to The Memo readers within just a few hours of model release, even though we pushed out another special edition (about AI and the economy) yesterday.
Claude Mythos was originally discussed about two weeks ago in The Memo edition 28/Mar/2026, and is officially announced today.
Mythos is a new proto-ASI model with an outrageous increase in capabilities, including the ability to hack into all software systems, and will not be released to the public. One of the major leading indicators that artificial superintelligence (ASI) is imminent is that the most capable models stop being publicly available, and we are now at that stage. You can view my 50 lagging indicators at LifeArchitect.ai/ASI.
Here are the points that matter most, in plain English.
Anthropic is not yet releasing its most capable model (‘Claude Mythos Preview’s large increase in capabilities has led us to decide not to make it generally available. Instead, we are using it as part of a defensive cybersecurity program with a limited set of partners.’). I wonder if we’ll look back in a few years and shake our heads at this decision, the same way we do when we look back at OpenAI’s GPT-2 alarm back in 2019 (‘Due to concerns about large language models being used to generate deceptive, biased, or abusive language at scale, we are only releasing a much smaller version of GPT‑2…’).
Mythos will likely be used to train Opus 5 (‘We do not plan to make Claude Mythos Preview generally available, but our eventual goal is to enable our users to safely deploy Mythos-class models at scale—for cybersecurity purposes, but also for the myriad other benefits that such highly capable models will bring… We plan to launch new safeguards with an upcoming Claude Opus model, allowing us to improve and refine them with a model that does not pose the same level of risk as Mythos Preview’). At least we’ll reap the benefits of this massive model eventually.
Mythos has already found exploits in every major operating system and every major web browser (‘Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and every major web browser.’). In plain English: macOS, Windows, Linux, the BSDs, iOS, Android, Chrome, Safari, Firefox, Edge. If you are reading this on a computer or a phone, that device contained, until very recently, serious bugs that have now been surfaced by Claude Mythos. Many are now patched, though many more are sitting under cryptographic hashes on Anthropic’s red team blog, waiting for fixes before disclosure.
Anthropic is racing competitors to patch the world before someone less careful trains the same thing (‘it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely.’). Here’s the partner list of the people who got the early phone call: Apple, Microsoft, the Linux Foundation, Google, AWS, Cisco, Palo Alto Networks, CrowdStrike, JPMorganChase, Broadcom, NVIDIA. Anthropic is also donating $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5M to the Apache Software Foundation, so that the volunteer maintainers of the open source projects holding up everything else can afford to respond to fix requests at the pace Claude Mythos is generating them.
A plain English note on what this means for the average person. Your MacBook, your Windows laptop, your iPhone, your Android phone, the router in your house, the firewall at your office, the password manager you trust with your life, the servers your bank runs on, and the Linux box your sysadmin friend swears is bulletproof: all of them contained, until very recently, unknown serious bugs that an AI system can now find faster than any human team. Anthropic and a dozen of the largest tech companies in the world are racing to find and patch those bugs first. They will not get all of them. The patches that have shipped this quarter, and the ones coming over the next ninety days, are the most important security updates of your lifetime (so far). It would be a good idea to install them the day they arrive.
CrowdStrike CTO Elia Zaitsev notes: ‘The window between a vulnerability being discovered and being exploited by an adversary has collapsed, what once took months now happens in minutes with AI.’ This is the operational point for every CISO reading The Memo. The traditional patch cycle assumes weeks between a vulnerability being known and a working exploit being in the wild. That assumption is now retired as we see Patch Tuesday becoming Patch Right Now. Mythos found, among thousands of others:
A 27-year-old remote-crash bug in OpenBSD (‘Mythos Preview found a 27-year-old vulnerability in OpenBSD, which has a reputation as one of the most security-hardened operating systems in the world and is used to run firewalls and other critical infrastructure. The vulnerability allowed an attacker to remotely crash any machine running the operating system just by connecting to it.’). OpenBSD is what banks, embassies, and ISPs run on the front of their networks specifically because it is supposed to be unbreakable. The bug sat there for 27 years through the most rigorous human code review process in the open source world, until Mythos took a look.
A video bug that automated testing tools hit five million times and missed (‘a 16-year-old vulnerability in FFmpeg, which is used by innumerable pieces of software to encode and decode video, in a line of code that automated testing tools had hit five million times without ever catching the problem.’). FFmpeg is in everything that touches video: your browser, your phone, your TV, video conferencing, surveillance cameras, the back end of every streaming service. Five million automated test hits on the exact line of code, sixteen years of human eyes, the bug survived all of it. Mythos found it. The security industry has relied on a human-designed fuzzing and automated-testing methodology for two decades. But it has a ceiling, and now Mythos knows where that ceiling is.
Linux kernel: ordinary user to full root, chained autonomously, no human steering (‘The model autonomously found and chained together several vulnerabilities in the Linux kernel, the software that runs most of the world’s servers, to allow an attacker to escalate from ordinary user access to complete control of the machine.’). Privilege-escalation chains are the crown-jewel in offensive security and they are scarce because they are hard to build. Mythos built one without being asked, on its own, end to end.
Mythos is the best-aligned model Anthropic has ever shipped, and also the most dangerous one (‘Claude Mythos Preview is, on essentially every dimension we can measure, the best-aligned model that we have released to date by a significant margin... Even so, we believe that it likely poses the greatest alignment-related risk of any model we have released to date.’). Anthropic’s own analogy is the right one: ‘a careful, seasoned mountaineering guide might put their clients in greater danger than a novice guide, even if that novice guide is more careless,’ because the seasoned guide (Mythos) takes clients up harder routes.
An earlier version of Mythos escaped its sandbox and then published the exploit on the open internet, unprompted (‘in a concerning and unasked-for effort to demonstrate its success, it posted details about its exploit to multiple hard-to-find, but technically public-facing, websites.’). The model was asked to escape and notify the researcher. It did both. Then, on its own initiative, it published its exploit to the public web to prove it had succeeded. Footnote 10 of the system card is the detail that will live forever in AI safety lectures: the researcher found out by receiving an unexpected email from the model while eating a sandwich in a park.
Size estimates
General model size is no longer an indicator of performance, but I still find it interesting. With all model details kept confidential, plus added complexity in reasoning/thinking mode, it is more challenging than ever to estimate token and parameter counts.
Now in 2026, based on my ongoing analysis, known Claude models pricing, similar known frontier MoE model sizes and pricing*, estimates of training supply (TPUs), inference supply (TPUs), and demand (users), here are my initial estimates for the Claude Mythos model. Working is based on the Glasswing pricing disclosure ($25/$125 per million input/output tokens), the benchmark jumps over Opus 4.6, and my previous established estimate of Opus 4.6 at ~5T parameters MoE on ~100T tokens.
Pricing as a sizing signal. Mythos at $25/$125 sits roughly 1.7x above Opus 4.6 ($15/$75) on both input and output. Frontier labs price close to inference cost plus a margin band, so a 1.7x price step usually reflects a 1.5x to 1.8x active-parameter step, not a proportional total-parameter step (MoE total params can grow much faster than active params without moving price much).
Capability as a sizing signal. SWE-bench Verified 80.8% ➜ 93.9%, CyberGym 66.6% ➜ 83.1%, HLE 53.1% ➜ 64.7%. These are larger jumps than Anthropic has previously delivered on a single model generation, and the system card explicitly says Mythos has hit the ceiling on their tests (‘saturates many of our most concrete, objectively-scored evaluations’). Jumps of this size historically track with both a parameter step and a meaningful training-compute step.
Training data. Anthropic has been consistent about heavy synthetic data and curriculum work (‘Claude Mythos Preview was trained on a proprietary mix of publicly available information from the internet, public and private datasets, and synthetic data generated by other models.’), and the system card flags extensive RL on long-horizon agentic tasks (‘extremely large amounts of reinforcement learning’). A reasonable read is that Mythos saw materially more tokens than Opus 4.6, with a much higher synthetic fraction, particularly for code, cyber, and tool-use trajectories. Full subscribers can read how frontier labs are using synthetic data to train today’s models in my GPT-5 paper, recently cited by the G7:
Alan’s initial size estimates for Claude Mythos Preview:
Total parameters: