Listen to this article:
What is Claude Mythos and why it's stirring such emotions
Claude Mythos is a model from the new "Capybara" series, which outperforms Anthropic's current flagship — Claude Opus 4.7. According to internal documents that leaked publicly on March 26, 2026 due to a misconfigured content management system, it is a model "far ahead of any other AI model in cyber capabilities."
The leak caused an immediate market shock. CrowdStrike shares dropped by 7.5%, Palo Alto Networks by more than 6%, and the entire cybersecurity sector shed billions of dollars in a single trading session. The market's logic was ruthless: if the next generation of AI can find and exploit software vulnerabilities faster than human defenders, the value of cybersecurity companies fundamentally changes.
From the leak to Project Glasswing
On April 7, Anthropic responded to the leak by launching Project Glasswing — a controlled release of the Mythos Preview to approximately 50 vetted organizations. Among the first recipients were companies such as Amazon, Apple, Google, Microsoft, JPMorgan Chase, and CrowdStrike. The goal was clear: give defenders a head start over attackers.
Results were not long in coming. Within two weeks, Mozilla used Mythos to find and fix 271 vulnerabilities in the Firefox browser. In early May, researchers at Calif.io used Mythos to create an exploit targeting a flaw in the Apple M5 chip. The model also discovered a 27-year-old vulnerability in the OpenBSD operating system that had previously escaped the attention of security experts.
It is paradoxical that Anthropic itself lost control over the model's announcement due to a basic CMS configuration error — precisely the type of vulnerability that Mythos is meant to uncover in others.
Why Japan?
Japan had been preparing for access to Mythos for several weeks. According to Japanese media, US Treasury Secretary Scott Bessent played a key role, discussing the matter directly with Minister Takaichi during his visit to Tokyo. Meanwhile, the Japanese government created a special AI cybersecurity task force and is preparing new defense guidelines.
The reason for Japan's interest is pragmatic. The three largest Japanese banks — MUFG, Sumitomo Mitsui (SMBC), and Mizuho — manage trillions of dollars in assets and are attractive targets for cyberattacks. With the rise of agentic AI that can autonomously scan thousands of systems simultaneously, traditional security practices are becoming insufficient.
Japan is not the only Asian player seeking Mythos. China requested access from Anthropic but was rejected. On the other hand, Japanese tech firm NEC had previously announced a partnership with Anthropic for enterprise AI deployment.
The Pentagon paradox: banned, yet deployed
The situation around Mythos reveals deep contradictions in US security policy. In February 2026, the Pentagon labeled Anthropic a "supply chain risk" and ordered federal agencies to stop using its technologies. The reason was Anthropic's refusal to amend contract terms to allow unrestricted military use of Claude, including fully autonomous weapons.
Yet according to investigative outlet Politico, the Pentagon created a special task force exploring the use of Mythos for offensive cyber operations. And the NSA, according to available information, is already using Mythos — despite being part of the Pentagon. Meanwhile, federal judge Rita F. Lin issued a preliminary injunction calling the Pentagon's actions "a classic retaliation violating the First Amendment."
What it means for Europe and Czechia
For European companies and institutions, the Japanese precedent is an important signal. It shows that access to the most advanced AI models for cybersecurity is becoming a matter of geopolitical alliances and bilateral agreements, not the free market. Claude Mythos is not, and likely will not be, publicly available — neither via API nor web interface.
For the Czech Republic, this means that access to similar tools will depend on cooperation within the EU and NATO. The European Union is meanwhile finalizing the implementation of the AI Act, which accounts for "high-risk" models — Mythos would almost certainly fall into this category. European banks and financial institutions, including Czech ones, should closely monitor developments. If the model's capabilities are confirmed, they will need to reassess their security strategies.
Anthropic is also negotiating with the Japanese side about broader cooperation, including participation in Japan's cyber defense alliance. This suggests the model will not only serve banks but also the country's critical infrastructure.
A race without a finish line
According to the leaked documents, Mythos "heralds the coming wave of models that can exploit vulnerabilities in ways far exceeding the capabilities of defenders." And this wave is no longer theoretical — it is in testing. Japan has decided not to fall behind. The question is not whether such models will change the cybersecurity landscape. The question is who will gain access first — and which side they will stand on.
Is Claude Mythos available in Czech or to Czech companies?
No. Claude Mythos is not publicly available at all — neither via API nor web. Anthropic provides it only to vetted organizations (about 50 entities) as part of Project Glasswing. Czech companies currently do not have access, and no Czech institution is known to have requested it. In the future, access will likely be contingent on government agreements rather than a commercial offering.
How does Claude Mythos compare to models from OpenAI or Google?
According to Anthropic's internal documents, Mythos achieves "dramatically higher scores" in software development, academic reasoning, and cybersecurity tests than any previous model. OpenAI has meanwhile released GPT-5.3 Codex, classified as "highly capable" for cybersecurity tasks, and Google DeepMind offers Gemini 3.5 Flash. However, none of these models has been officially labeled as "far ahead" of the competition in cyber capabilities — that assessment currently applies only to Mythos.
What is the difference between Claude Opus and Claude Mythos?
Claude Opus (currently version 4.7) is Anthropic's publicly available flagship — used for writing, programming, analysis, and conversation. Claude Mythos is part of a separate "Capybara" series that outperforms Opus. It focuses specifically on cybersecurity — it can autonomously search for code vulnerabilities, test systems, and create exploits. According to Anthropic, its operation is "very expensive" for both the company and customers, which is why it is not yet intended for general use.
