Anthropic deploys Claude Mythos 5 with US government through Project Glasswing, calls it the world’s strongest cybersecurity AI model

Anthropic on Monday deployed Claude Mythos 5, its most capable cybersecurity-focused artificial intelligence model, to the US government and a select group of cyber defenders, through its ongoing Project Glasswing initiative.

Mythos 5 is the same underlying model as Claude Fable 5, the company’s new flagship AI which it released to the general public on the same day, but with cybersecurity safeguards lifted for vetted users. Anthropic said in its announcement that Mythos 5 has “the strongest cybersecurity capabilities of any model in the world”, and described it as an upgrade to the earlier Claude Mythos Preview that has been in use by Project Glasswing partners since April.

The decision to keep Mythos 5 restricted is tied to the dual-use nature of advanced AI in cybersecurity. The same capabilities that allow the model to help defenders identify and patch software vulnerabilities can also, if misused, make it easier and cheaper to carry out cyberattacks. Anthropic said in its announcement that Mythos-class models excel at discovering and exploiting software vulnerabilities, and also show strong skills in what it called “agentic hacking”, which involves automating multiple stages of a cyberattack including reconnaissance, discovery, and lateral movement.

To prevent that capability from leaking to malicious actors, Anthropic has built cybersecurity classifiers into the public-facing Fable 5 version. When the classifiers detect a cybersecurity-related query, the request is automatically routed to the older Claude Opus 4.8 model instead. The company said external red-teaming over more than 1,000 hours of bug bounty testing had found no universal jailbreaks of these safeguards, though it noted that the United Kingdom’s AI Safety Institute had made progress towards one within an initial testing window.

Mythos 5’s release also comes with a new data retention policy. Anthropic said all traffic on Mythos-class models will be retained for 30 days, with new privacy protections including logging of all human access to the data and deletion after the retention period in almost all cases. The data will be used only for safety analysis, the company said, and will not be used to train new models.

For Project Glasswing partners, including critical software infrastructure providers, the upgrade to Mythos 5 will offer capabilities comparable to or stronger than Mythos Preview, at less than half the cost. Anthropic said it is consulting with the US government on the steady expansion of access, and plans to open a trusted access programme that will let cybersecurity organisations apply more systematically.

Project Glasswing was launched in April this year with a smaller pool of partners, and was expanded recently to approximately 150 organisations across more than fifteen countries. The company has previously said the programme is aimed at deploying advanced AI to defenders before similar capabilities can be misused by attackers.