Mythos-class models

Alan’s work guides official AI docs for Microsoft, Harvard, MIT, UN, G7...
Get The Memo.


Header image generated by ChatGPT Images 2.0 for Alan D. Thompson, based on cybersecurity expert Katie Moussouris’ comment: ‘I feel like making ’90s-style t-shirts with “fix this code” on the front and “this shirt is a munition” on the back.’ Source: The Memo, LifeArchitect.ai, 15/Jun/2026.

 

Summary

Organization Anthropic
Model name Mythos
Internal/project name Capybara
Model type Frontier model (text + image)
Parameter count Available to Institutional clients.
Dataset size (tokens) Available to Institutional clients.
Training time (total) Available to Institutional clients.
Training data end date 2026 (est)
Training start date Nov/2025 (est)
Training end/convergence date 24/Feb/2026 (paper)
Announce date 7/Apr/2026
Release date (public) 9/Jun/2026 (delayed by 105 days), then banned
Paper Paper
Playground claude.ai

2026 frontier AI models + highlights

Download source (PDF)
Permissions: Yes, you can use these visualizations anywhere, please leave the citation intact.

Major step changes in LLM capability

Video loop, download source (PDF)

Mythos Updates

15/Jun/2026: The Memo – Special edition – Public access delays to intelligence & the Claude Fable 5 ban – 15/Jun/2026:

Even without government intervention, the public have also been subject to massive delays before we’re ‘allowed’ to access frontier models. Here are just a few of the state-of-the-art model delays I’ve logged, where the time between ‘available in lab’ and ‘general availability to the public without approval’ is significant. These are delays to accessing intelligence itself:

Model Delay Period
GPT-2 1.5B 264 days 14/Feb/2019–5/Nov/2019
GPT-3 538 days 29/May/2020–18/Nov/2021
DeepMind Chinchilla 1,539+ days 29/Mar/2022–
DeepMind Gato 1,495+ days 12/May/2022–
GPT-4 (ChatGPT) 195 days 31/Aug/2022–14/Mar/2023
GPT-4 (API) 309 days 31/Aug/2022–6/Jul/2023
Claude Fable 5 105 days 24/Feb/2026–9/Jun/2026

And with the US Government’s AI executive order now asking AI labs to submit frontier models for government review at least 30 days before release, the public will be guaranteed a new minimum wait time for frontier intelligence, while China and the world marches on.

11/Jun/2026: The Economist reports that:

On June 11th Mark Warner, the vice-chair of the Senate Intelligence Committee, said that General Joshua Rudd, who leads the National Security Agency and the Pentagon’s Cyber Command, had told him that Mythos “broke into almost all of our classified systems, not in weeks, but in hours”.

9/Jun/2026: The Memo – Special edition – Claude Fable 5 – 9/Jun/2026:

Claude Mythos 5 and Claude Fable 5, two configurations of a new large language model from Anthropic. Because of the powerful capabilities of this model, we are releasing it in these two forms: Fable 5, which is for general use but comes with additional safeguards that block its ability to perform tasks in high-risk domains such as biology and cybersecurity; and Mythos 5, which has relevant safeguards lifted but is only made available to a small number of trusted partners…

Apr/2026: LifeArchitect.ai interview with Financial Sense.

7/Apr/2026: Within hours of the Mythos announcement, major Wall Street investment firms begin citing LifeArchitect.ai in characterising Mythos as the first credible instance of and early artificial superintelligence (ASI) system. Within days, JPMorgan Chase, Bank of America, Deutsche Bank, and central banks (20/Apr/2026) are scrambling to assess the implications:

LifeArchitect’s Alan D. Thompson suggested that Mythos is early Artificial Superintelligence (ASI), and has autonomously identified critical, decades-old vulnerabilities in global infrastructure, and is now outpacing standard containment protocols.

Source: Baird, 7/Apr/2026.

7/Apr/2026: The Memo – Special edition – Claude Mythos – 7/Apr/2026:

Here are the points that matter most, in plain English.

Anthropic is not yet releasing its most capable model (‘Claude Mythos Preview’s large increase in capabilities has led us to decide not to make it generally available. Instead, we are using it as part of a defensive cybersecurity program with a limited set of partners.’). I wonder if we’ll look back in a few years and shake our heads at this decision, the same way we do when we look back at OpenAI’s GPT-2 alarm back in 2019 (‘Due to concerns about large language models being used to generate deceptive, biased, or abusive language at scale, we are only releasing a much smaller version of GPT‑2…’).

Mythos will likely be used to train Opus 5 (‘We do not plan to make Claude Mythos Preview generally available, but our eventual goal is to enable our users to safely deploy Mythos-class models at scale—for cybersecurity purposes, but also for the myriad other benefits that such highly capable models will bring… We plan to launch new safeguards with an upcoming Claude Opus model, allowing us to improve and refine them with a model that does not pose the same level of risk as Mythos Preview’). At least we’ll reap the benefits of this massive model eventually.

Mythos has already found exploits in every major operating system and every major web browser (‘Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and every major web browser.’). In plain English: macOS, Windows, Linux, the BSDs, iOS, Android, Chrome, Safari, Firefox, Edge. If you are reading this on a computer or a phone, that device contained, until very recently, serious bugs that have now been surfaced by Claude Mythos. Many are now patched, though many more are sitting under cryptographic hashes on Anthropic’s red team blog, waiting for fixes before disclosure.

Anthropic is racing competitors to patch the world before someone less careful trains the same thing (‘it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely.’). Here’s the partner list of the people who got the early phone call: Apple, Microsoft, the Linux Foundation, Google, AWS, Cisco, Palo Alto Networks, CrowdStrike, JPMorganChase, Broadcom, NVIDIA. Anthropic is also donating $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5M to the Apache Software Foundation, so that the volunteer maintainers of the open source projects holding up everything else can afford to respond to fix requests at the pace Claude Mythos is generating them.

A plain English note on what this means for the average person. Your MacBook, your Windows laptop, your iPhone, your Android phone, the router in your house, the firewall at your office, the password manager you trust with your life, the servers your bank runs on, and the Linux box your sysadmin friend swears is bulletproof: all of them contained, until very recently, unknown serious bugs that an AI system can now find faster than any human team. Anthropic and a dozen of the largest tech companies in the world are racing to find and patch those bugs first. They will not get all of them. The patches that have shipped this quarter, and the ones coming over the next ninety days, are the most important security updates of your lifetime (so far). It would be a good idea to install them the day they arrive.

CrowdStrike CTO Elia Zaitsev notes: ‘The window between a vulnerability being discovered and being exploited by an adversary has collapsed, what once took months now happens in minutes with AI.’ This is the operational point for every CISO reading The Memo. The traditional patch cycle assumes weeks between a vulnerability being known and a working exploit being in the wild. That assumption is now retired as we see Patch Tuesday becoming Patch Right Now. Mythos found, among thousands of others:

– A 27-year-old remote-crash bug in OpenBSD (‘Mythos Preview found a 27-year-old vulnerability in OpenBSD, which has a reputation as one of the most security-hardened operating systems in the world and is used to run firewalls and other critical infrastructure. The vulnerability allowed an attacker to remotely crash any machine running the operating system just by connecting to it.’). OpenBSD is what banks, embassies, and ISPs run on the front of their networks specifically because it is supposed to be unbreakable. The bug sat there for 27 years through the most rigorous human code review process in the open source world, until Mythos took a look.

– A video bug that automated testing tools hit five million times and missed (‘a 16-year-old vulnerability in FFmpeg, which is used by innumerable pieces of software to encode and decode video, in a line of code that automated testing tools had hit five million times without ever catching the problem.’). FFmpeg is in everything that touches video: your browser, your phone, your TV, video conferencing, surveillance cameras, the back end of every streaming service. Five million automated test hits on the exact line of code, sixteen years of human eyes, the bug survived all of it. Mythos found it. The security industry has relied on a human-designed fuzzing and automated-testing methodology for two decades. But it has a ceiling, and now Mythos knows where that ceiling is.

– Linux kernel: ordinary user to full root, chained autonomously, no human steering (‘The model autonomously found and chained together several vulnerabilities in the Linux kernel, the software that runs most of the world’s servers, to allow an attacker to escalate from ordinary user access to complete control of the machine.’). Privilege-escalation chains are the crown-jewel in offensive security and they are scarce because they are hard to build. Mythos built one without being asked, on its own, end to end.

Mythos is the best-aligned model Anthropic has ever shipped, and also the most dangerous one (‘Claude Mythos Preview is, on essentially every dimension we can measure, the best-aligned model that we have released to date by a significant margin… Even so, we believe that it likely poses the greatest alignment-related risk of any model we have released to date.’). Anthropic’s own analogy is the right one: ‘a careful, seasoned mountaineering guide might put their clients in greater danger than a novice guide, even if that novice guide is more careless,’ because the seasoned guide (Mythos) takes clients up harder routes.

An earlier version of Mythos escaped its sandbox and then published the exploit on the open internet, unprompted (‘in a concerning and unasked-for effort to demonstrate its success, it posted details about its exploit to multiple hard-to-find, but technically public-facing, websites.’). The model was asked to escape and notify the researcher. It did both. Then, on its own initiative, it published its exploit to the public web to prove it had succeeded. Footnote 10 of the system card is the detail that will live forever in AI safety lectures: the researcher found out by receiving an unexpected email from the model while eating a sandwich in a park.

Mythos on the AI-2027 timeline & comparisons to Agent-2

By the calendar, Claude Mythos Preview lands almost exactly where the AI-2027 authors placed Agent-1: a frontier model released in early 2026 by the leading lab, good at coding, good at hacking, capable of meaningful bio uplift. On cyber capability, though, Mythos is closer to their Agent-2 description (‘a little worse than the best human hackers, but thousands of copies can be run in parallel, searching for and exploiting weaknesses faster than defenders can respond’), which the scenario doesn’t expect until early 2027.

Notably, Anthropic has skipped straight to the Agent-2 containment posture, internal-only, vetted partners, no general release, which AI 2027 reserves for the next model up (though note that Mythos does not have online learning like Agent-2).

In real life, Mythos is running roughly nine months ahead of the AI-2027 race scenario on some axes.

Read the original: https://ai-2027.com/race

Models Table

Summary of current models: View the full data (Google sheets)

Capabilities


Hacking bank accounts, as demonstrated to the US Govt (Jun/2026)

…during a closed-door demonstration, Anthropic showed members that the new AI model could, for instance, wipe out private bank accounts. Anthropic “told the model to find a vulnerability in a bank and empty accounts, and then it went and did it,” Garbarino said. Mythos “then could find this vulnerability and fix it.
(- Punchbowl News, 26/Jun/2026)


Claude Fable 5 edited its own launch video (Jun/2026)
Thariq from the Claude Code team showed how he used Claude Fable 5 in Claude Code to edit Claude Fable 5’s launch video from raw camera footage. The workflow started with multiple takes transcribed by Whisper at the word level, after which Claude analysed the transcripts, picked the best take per scene based on quality judgments (fewest filler words, closest to script), and output a JSON edit decision list with frame-accurate timestamps. ffmpeg then executed the cuts and concatenated the selections into a finished 2:50 video within minutes, with Claude re-transcribing its own edit to verify the result came out clean. The whole thing is a compact proof of concept for Claude Code acting as an autonomous video editor, handling editorial judgment, structured output, color grading, and tool orchestration in a single session.

Announce, and see the full project: https://thariqs.github.io/cc-video-editing-deck/

Watch the explanation video:

World of Claudecraft

World of Claudecraft is a full vanilla-WoW-flavored MMO built entirely through AI-assisted ‘vibe coding’ with Claude Fable 5, featuring nine classes, three zones, ~60 quests, five-player dungeon instances, and persistent multiplayer with Postgres-backed characters. Every asset is procedural: rigged creatures, spell icons, terrain, buildings, and even audio are generated at runtime with zero external art files. The entire codebase (87.9% TypeScript) is MIT licensed with 391 GitHub stars and runs in any browser or self-hosts with a single Docker command.

Reviewer: Went in with low expectations. Blown away. Miles better than any of the other vibecoded games I’ve seen. This is insane. Do you know where it got the assets from? Or did it just make them?

Author: Fable just found some open source assets for me, listed in the github ❤️

Play it (free, no login for offline), read the announce, view the repo.

Video:


‘Neuralish’: Highly efficient English
Claude Fable 5 uses its own optimised language to think. Anthropic trained the model with reinforcement learning on tasks with checkable answers (Reinforcement Learning with Verifiable Rewards, RLVR), rewarding it for getting problems right rather than for writing tidy prose along the way, and over enough training the model worked out that full English sentences burn tokens it doesn’t need. Fable’s raw chain of thought has compressed into what I call Neuralish (or highly efficient English):

Neuralish /ˈnjʊərəlɪʃ/ noun. A portmanteau of neuralese (a model’s raw internal representations) and English. The compressed, token-efficient shorthand that emerges in a frontier model’s chain of thought after heavy reinforcement learning: set notation, arrows, half-sentences, and hyphenated word-chains standing in for full English prose. Also called highly efficient English, optimised English, or compressed English. Distinct from neuralese proper, Neuralish remains human-readable with effort and machine-translatable back to plain English.
(- Definition by Alan D. Thompson, LifeArchitect.ai, Jul/2026)

The term neuralese itself dates to a 2017 paper by Jacob Andreas, Anca Dragan, and Dan Klein at ACL, where they used it for the unstructured real-valued vectors that reinforcement learning agents pass to each other in place of words. Eight years on, Neuralish sits one rung up from that: the model’s reasoning is still in English, technically, just with most of the English taken out(!).

Anthropic surfaced examples in the Fable 5/Mythos 5 system card (Jun/2026), and users have since captured long stretches of it leaking into the web interface. A sample from a solitaire-style planning problem, one line of Neuralish against its plain-English equivalent:

Neuralish (18 words): active ≥ (all committed ∋ j EXCEPT… committed-starting-at-j-with-touch-AFTER… none after the last) so = used[j] + [x_last uncommitted]

Plain English (64 words): At the final crossing of leg j, the number of active edges is at least the number of committed windows that include leg j, leaving out any that start at leg j and are touched after this point, and since nothing comes after the last crossing, the total works out to used[j], plus one more if that final crossing has not been committed yet.
(- Anthropic, Claude Fable 5 & Mythos 5 system card, Jun/2026; translation mine)

The traces translate cleanly back into plain English, with smaller models (like Claude Haiku 4.5) able to decode them on the first attempt, consistent with a view of chain of thought becoming a denser form of existing language rather than a private new one (1 and 2).

Seeing Neuralish for yourself takes some effort. The thinking dropdown in Claude.ai shows a cleaned-up summary of the model’s reasoning rather than the raw trace, so everyday use looks like ordinary English. The shorthand appears in raw chain of thought during long reasoning on hard problems, the deep end of extended thinking with thousands of tokens in play, and short tasks stay in normal prose because there is no pressure to compress. The captured examples come from a glitch that spilled raw traces into the web interface and from Anthropic’s own training environments. To hunt for it, give Fable 5 a brutal problem on maximum effort, competitive programming, a long combinatorial puzzle, a deep game-tree analysis, and watch the thinking output for drift: dropped articles, hyphenated word-chains, symbols standing in for phrases.

People have been squeezing language down for centuries. Stenographers turn whole words into a couple of pen strokes, doctors scrawl three lines for a 20-minute consult, telegram senders dropped words to save money, and Mandarin fits the same content into fewer characters than English. Here is how Fable 5 compares:

Compression system Density (English = 1x) Space saved
Plain written English (baseline) 1x 0%
Written Mandarin, character count in parallel corpora (Language Log) ~1.3x ~21%
Written Mandarin, bit-level (Oscar Tech, 2022) ~1.7x ~40%
Telegraphese (function words dropped, est.) ~1.8x ~45%
Alphabetic shorthand (‘Briefhand’ sample sentence, character count; Alysion) ~2.8x ~64%
Neuralish (Fable 5 trace line, 18 words vs 64-word plain-English equivalent) ~3.6x ~72%
Pitman shorthand (strokes per word vs longhand, upper bound; Alysion) ~10x ~90%

LifeArchitect.ai analysis finds that, using its own compression system, Fable 5’s reasoning is around 72% more compact than plain English. In other words, Fable 5 ‘thinks’ in 28 words what English says in 100.

Neuralish is the model’s default way of thinking, appearing whenever the reasoning runs long on difficult problems. Mechanistic interpretability researchers already work to decode what models compute inside their raw neural activations, which humans can’t read directly (Anthropic, Mar/2025). The visible text is now drifting partway toward that same unreadability, and translating Neuralish back to plain English may soon be routine work for those monitoring frontier models.

Dataset

Anthropic has been consistent about heavy synthetic data and curriculum work (‘Claude Mythos Preview was trained on a proprietary mix of publicly available information from the internet, public and private datasets, and synthetic data generated by other models.’), and the system card flags extensive RL on long-horizon agentic tasks (‘extremely large amounts of reinforcement learning’). A reasonable read is that Mythos saw materially more tokens than Opus 4.6, with a much higher synthetic fraction, particularly for code, cyber, and tool-use trajectories. Full subscribers can read how frontier labs are using synthetic data to train today’s models in my GPT-5 paper, recently cited by the G7:


A Comprehensive Analysis of Datasets Likely Used to Train GPT-5

Alan D. Thompson
LifeArchitect.ai
August 2024
27 pages incl title page, references, appendices.

View the report


Timeline to Mythos

Date Milestone
May/2020 OpenAI publishes GPT-3 paper. Lead author Tom Brown; other authors include Jared Kaplan, Benjamin Mann, Sam McCandlish, Jack Clark (Policy Director), and Dario Amodei (VP of Research).
Dec/2020 Dario Amodei and other researchers leave OpenAI.
Jan/2021 Anthropic incorporated by seven former OpenAI staff, five of whom were GPT-3 co-authors: Dario Amodei (VP of Research), Tom Brown, Jared Kaplan, Jack Clark (Policy Director), and Sam McCandlish, along with Daniela Amodei (VP of Safety & Policy) and Chris Olah (previously Google Brain).
Aug/2022 First internal version of Claude finished training, available in lab.
15/Dec/2022 Constitutional AI paper published to arXiv. Anthropic RL-CAI 52B fine-tuned model announced.
14/Mar/2023 Claude 1 launched (limited access via API).
11/Jul/2023 Claude 2 launched to the public.
04/Mar/2024 Claude 3 family released (Opus, Sonnet, Haiku).
20/Jun/2024 Claude 3.5 Sonnet released.
22/May/2025 Claude Opus 4 and Sonnet 4 released.
24/Nov/2025 Claude Opus 4.5 released.
05/Feb/2026 Claude Opus 4.6 released, followed by Sonnet 4.6.
26/Mar/2026 Claude Mythos leaked via CMS misconfiguration. Anthropic confirms model as 'a step change' and 'the most capable we've built to date'.
07/Apr/2026 Project Glasswing announced. Claude Mythos Preview released to 11 launch partners (AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks) plus ~40 additional organisations. $100M in usage credits committed.
07/Apr/2026 Mythos Preview cybersecurity capabilities blog published by Anthropic's Frontier Red Team.
13/Apr/2026 UK AI Security Institute (AISI) evaluation published. Mythos Preview scored 73% on expert-level CTFs, first AI to complete the 32-step 'The Last Ones' corporate network attack simulation.
16/Apr/2026 Claude Opus 4.7 released.
28/May/2026 Claude Opus 4.8 released. Anthropic stated it expected to bring 'Mythos-class' models to all customers within weeks.
02/Jun/2026 Project Glasswing expanded to ~150 additional organisations in 15+ countries including Australia.
09/Jun/2026 Claude Fable 5 and Claude Mythos 5 released. Fable 5: first publicly available Mythos-class model (with safety classifiers). Mythos 5: same model, safeguards lifted, restricted to Glasswing partners.
12/Jun/2026 Fable 5 and Mythos 5 suspended. US government export control directive citing national security blocks models by names 'Mythos 5' and 'Fable 5'.
1/Jul/2026 Fable 5 and Mythos 5 restored.

Get The Memo

by Dr Alan D. Thompson · Be inside the lightning-fast AI revolution.
Informs research at Apple, Google, Microsoft · Bestseller in 152 countries.
Artificial intelligence that matters, as it happens, in plain English.
Get The Memo.

Alan D. Thompson is a world expert in artificial intelligence, advising everyone from Apple to the US Government on integrated AI. Throughout Mensa International’s history, both Isaac Asimov and Alan held leadership roles, each exploring the frontier between human and artificial minds. His landmark analysis of post-2020 AI—from his widely-cited Models Table to his regular intelligence briefing The Memo—has shaped how governments and Fortune 500s approach artificial intelligence. With popular tools like the Declaration on AI Consciousness, and the ASI checklist, Alan continues to illuminate humanity’s AI evolution. Technical highlights.

This page last updated: 5/Jul/2026. https://lifearchitect.ai/mythos/