What happened
Anthropic confirmed that Claude Mythos 5 will be redeployed to a defined set of U.S. organizations that operate and defend critical infrastructure.
The redeployment follows a government-led review process that began after Anthropic unexpectedly suspended access to both Claude Mythos 5 and Claude Fable 5 on June 12, 2026.
Claude Mythos 5 is described as Anthropic’s strongest cybersecurity model. It first drew attention in April 2026 when Anthropic characterized it as a potential “cybersecurity reckoning” because of its ability to autonomously discover software vulnerabilities.
The model reportedly uncovered thousands of high-severity flaws across major operating systems and web browsers. Reported examples included a 27-year-old vulnerability in OpenBSD, a 16-year-old flaw in FFmpeg, and chained Linux kernel exploits capable of full privilege escalation.
The model also reportedly achieved a 72% success rate in generating working exploits and chaining vulnerabilities on the first attempt, compared with 0% from Anthropic’s previous Opus model.
Because of these capabilities, Anthropic launched Project Glasswing, a closed trusted-access program that restricted access to approximately 200 vetted organizations. These included U.S. government agencies and major technology partners such as Apple, Amazon, and Microsoft. Anthropic also committed up to $100 million in Claude usage credits to support the effort.
On June 27, 2026, Anthropic said the U.S. government had notified the company that Claude Mythos 5 could be redeployed to a set of U.S. organizations responsible for operating and defending critical infrastructure.
Anthropic said it is moving quickly to restore access for validated entities. The company also said it continues working with the government toward broader Mythos 5 access and the return of Claude Fable 5, its most capable general-use model.
Who is affected
U.S. critical infrastructure organizations selected for redeployment are directly affected because they will regain access to Claude Mythos 5’s advanced cybersecurity capabilities.
The announcement is especially relevant to defenders in sectors such as energy, healthcare, financial services, and telecommunications, where vulnerability discovery, threat detection, and defensive prioritization can have national security implications.
Organizations that were part of Project Glasswing are also affected because the June 12 suspension temporarily removed access to Anthropic’s most advanced cybersecurity model during the review period.
The broader cybersecurity community is affected because the redeployment signals how frontier AI capabilities may be selectively made available for defensive use while remaining restricted because of dual-use risks.
Why CISOs should care
This development shows how frontier AI cybersecurity tools are moving into a controlled-access model. Anthropic is not releasing Claude Mythos 5 broadly. Instead, redeployment is limited to validated U.S. organizations involved in operating and defending critical infrastructure.
For CISOs, the issue is not only whether advanced AI can find vulnerabilities. The bigger question is how organizations safely govern access to AI systems that can identify flaws, generate exploits, and chain vulnerabilities at scale.
The temporary suspension also highlights operational dependency risk. If defenders rely on a powerful AI tool for threat detection or vulnerability identification, access changes caused by government review, vendor policy, or dual-use risk controls can affect security operations.
The phased restoration reflects the tension CISOs will need to manage: frontier AI may improve defensive speed and coverage, but the same capabilities can create offensive risk if access is not tightly controlled.
3 practical actions
- Create governance rules for high-capability AI security tools: Claude Mythos 5 is being redeployed only to selected critical infrastructure organizations. CISOs should define who can access advanced AI security tools, what use cases are approved, and how outputs involving vulnerabilities or exploit chains are reviewed.
- Plan for AI tool access disruptions: Anthropic suspended access to Claude Mythos 5 and Claude Fable 5 on June 12 before the partial redeployment. Security teams should avoid depending on a single AI platform for critical workflows and maintain fallback processes for vulnerability analysis and threat detection.
- Separate defensive AI use from exploit operationalization: The model reportedly demonstrated strong exploit-generation and vulnerability-chaining capabilities. CISOs should ensure AI-assisted vulnerability discovery is paired with controls around responsible disclosure, patch validation, access logging, and restrictions on offensive use.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.