Claude Mythos 5: 78% ExploitBench, Restricted Access (2026)

Claude Mythos 5 by Anthropic (June 2026): unrestricted Mythos-class AI for vetted partners. 1M context, $10/$50 per MTok, 78% ExploitBench for cyber defense.

Claude Mythos 5 is Anthropic's unrestricted Mythos-class model released June 9, 2026, sharing Fable 5's 1M context and 95.0% SWE-bench Verified capabilities with safety classifiers removed for authorized partners. Available through Project Glasswing for vetted cybersecurity and biology researchers at $10/$50 per 1M tokens, it scores 78.0% on ExploitBench versus 40.0% for Opus 4.8 and 34.0% for GPT-5.5.

Claude Mythos 5, released June 9, 2026 by Anthropic, is the unrestricted Mythos-class configuration of Claude Fable 5 with safety classifiers removed, available only through Project Glasswing to vetted cybersecurity and biology partners. At $10/$50 per 1M tokens, it scores 78.0% on ExploitBench versus 40.0% for Opus 4.8 and 34.0% for GPT-5.5, and shares Fable 5's 1M context and 95.0% SWE-bench Verified performance.

Provider: Anthropic · Family: Claude Mythos

Context window: 1,000,000 tokens · Max output: 128,000

Input modalities: text, image, pdf, tool-calls · Output: text, tool-calls

About Claude Mythos 5

Claude Mythos 5 is Anthropic's Mythos-class AI released on June 9, 2026 as a restricted-access configuration for authorized partners. It shares the same underlying model architecture as Claude Fable 5, the publicly available counterpart, but ships without the three safety classifier systems, granting access to capabilities that Fable 5 blocks for general users. Access is restricted to approved customers through Project Glasswing, Anthropic's collaboration with US government and vetted cybersecurity organizations, and a separate trusted access program for biology researchers who need the biology and chemistry classifiers lifted. The model supersedes Claude Mythos Preview, which served the same restricted partner group since April 2026. Anthropic has not disclosed the parameter count or architecture type; Mythos 5 inherits all of Fable 5's capabilities including adaptive thinking always on, a 1M token context window, and 128K max output. Claude Mythos 5 shares Fable 5's benchmark performance on general evaluations: 95.0% SWE-bench Verified, 80.3% SWE-bench Pro, 91.5% MMLU Pro, 66.0% HealthBench Professional, and 29.3% on FrontierCode Diamond. The benchmark that distinguishes Mythos 5 from Fable 5 is ExploitBench, a cybersecurity-specific evaluation covering offensive exploitation and vulnerability research tasks. Mythos 5 scores 78.0% on ExploitBench compared to Claude Mythos Preview at 69.0%, Claude Opus 4.8 at 40.0%, and GPT-5.5 at 34.0%. This gap reflects the impact of removing the cybersecurity classifier: Fable 5's classifier would have blocked the tasks ExploitBench tests, making ExploitBench a Mythos-specific metric. GDPval-AA preference evaluation gives Mythos 5 a score of 1932, identical to Fable 5, since the shared base weights drive general preference quality. Anthropic did not publish GPQA Diamond, AIME 2025, or ARC-AGI 2 scores at launch. Claude Mythos 5 ships with a 1 million token context window at standard pricing, with up to 128,000 output tokens per request, identical to Fable 5. The entire 1M context is billed at the same per-token rate with no long-context surcharge. Prompt caching applies across the full context window: 5-minute cache writes cost $12.50 per million tokens, 1-hour writes cost $20 per million, and cache reads cost $1 per million, making repeat-context research workloads substantially cheaper. Anthropic reports the model maintains focus across millions of tokens in long-running agentic tasks. The native memory tool is supported, enabling agents to store and retrieve information across conversation boundaries, which is particularly valuable for long-running cybersecurity research sessions spanning multiple days or autonomous vulnerability assessment pipelines. Mythos 5 accepts text, images, PDFs, and tool calls as inputs, and produces text and tool calls as outputs. Vision is fully live at launch, enabling the model to read charts, analyze screenshots, and extract data from PDF figures and reports. Audio and video inputs are not available. Adaptive thinking is always active on Mythos 5 with no option to disable it; depth is controlled via the effort parameter. Unlike Fable 5, Mythos 5 does not include the cybersecurity, biology/chemistry, or distillation safety classifiers, allowing it to engage with tasks in offensive security research, risky biological research, and capability extraction that Fable 5 would block. The biology trusted access program provides Fable 5 with specifically the biology and chemistry classifiers removed, not the full Mythos 5 configuration. Supported API features include function calling, parallel tool use, the memory tool, task budgets (beta), context editing, and compaction. Mythos 5 is priced at $10 per million input tokens and $50 per million output tokens, identical to Fable 5 and described as less than half the price of Claude Mythos Preview during its preview period. The Batch API halves both rates to $5 input and $25 output per million, with results returned within 24 hours. Cache reads cost $1 per million (0.1x input), 5-minute writes cost $12.50 per million, and 1-hour writes cost $20 per million. US-only data routing (inference_geo: "us") adds a 1.1x multiplier on all token categories. All Mythos 5 sessions carry mandatory 30-day data retention with no zero-retention option, mirroring the Fable 5 policy. A research pipeline consuming 3 million input tokens and 500,000 output tokens would cost $55 at standard rates or $27.50 via the Batch API. Claude Mythos 5 is not generally available. Access is granted through Project Glasswing, Anthropic's collaboration with vetted US government and cybersecurity organizations, and through a separate trusted access program for authorized biology researchers. Prospective partners contact their Anthropic, AWS, or Google Cloud account team for access review and vetting. Once approved, Mythos 5 is accessible via the Anthropic API and through Bedrock or Vertex AI for partners using those cloud platforms. Broader availability through a trusted access program is planned for the future. The API model ID is claude-mythos-5. Authentication follows the same patterns as Fable 5: API key for the Anthropic API, AWS IAM for Bedrock, and GCP IAM for Vertex AI. Claude Mythos 5 ships without the three safety classifier systems that Fable 5 includes. The cybersecurity classifier (blocking exploit development, vulnerability discovery, and agentic hacking tasks), the biology and chemistry classifier (blocking risky biological research including AAV design), and the distillation classifier (blocking capability extraction attempts) are all absent on Mythos 5. Anthropic's safety evaluation found Mythos 5's misaligned behavior to be low and similar to that of Opus 4.8, suggesting that removing the classifiers does not create a fundamentally misaligned model but removes guardrails that prevent dual-use capabilities from surfacing. All Mythos 5 sessions carry mandatory 30-day data retention for safety monitoring; Anthropic logs all access and does not use this data for training. The external bug bounty program found no universal jailbreaks in over 1,000 hours of effort on the Mythos-class architecture. A broader cross-session attack pattern detection system is in place for the mandatory retention window. Mythos 5 is specifically designed for authorized cybersecurity researchers who need a model capable of offensive security tasks: exploit development, vulnerability research, and autonomous cyber operations testing. Its ExploitBench score of 78.0% versus 40.0% for Opus 4.8 and 34.0% for GPT-5.5 demonstrates a capability gap that matters for professional red-team work. In a research demonstration, the Mythos-class model family found 271 Firefox zero-days in a controlled research context. Biology researchers with trusted access credentials use Mythos 5 to engage with risky biological research that Fable 5 would refuse. Teams that do not qualify include any organization that has not been vetted through Project Glasswing: there is no self-serve enrollment. Standard software engineering, consumer product development, and any team without active Glasswing approval should use Claude Fable 5, which delivers identical general-purpose benchmark performance without the restricted access requirement. Anthropic has not disclosed the training data cutoff or composition for Mythos 5; it shares the same training base as Fable 5. All sessions carry mandatory 30-day data retention. Anthropic does not train on retained Mythos 5 data, using it exclusively for safety monitoring including detection of complex cross-session attack patterns that require longer observation windows than zero-retention models allow. The 319-page system card published alongside the launch covers evaluations including Firefox zero-day discovery, OSS-Fuzz, CyberGym, and CyScenarioBench. Responsible Scaling Policy (RSP) governs deployment. EU AI Act general-purpose AI provisions with systemic risk obligations apply. SOC 2 and GDPR compliance postures depend on the specific cloud platform used by approved Glasswing partners. Claude Mythos 5 supersedes Claude Mythos Preview as the Mythos-class offering for restricted partners, launching June 9, 2026. Versus Claude Mythos Preview, Mythos 5 improves ExploitBench from 69.0% to 78.0%, SWE-bench Pro from 77.8% to 80.3%, and HealthBench Professional from 64.7% to 66.0%. The API model ID changes from the Mythos Preview identifier to claude-mythos-5. Anthropic's migration guide covers the transition for existing Mythos Preview partners. Pricing is described as less than half the rate of Mythos Preview during its preview period, making the upgrade economically favorable for high-volume research pipelines. The API model ID is claude-mythos-5.

Pricing

$10/$50 per 1M input/output tokens (same as Fable 5; less than half the price of Claude Mythos Preview). Batch API: $5/$25 per 1M (50% off, async within 24h). Cache read: $1/MTok (0.1x input rate). 5-min cache write: $12.50/MTok; 1-hr cache write: $20/MTok. US-only inference (inference_geo: 'us') adds 1.1x multiplier on all token categories. Access requires Project Glasswing approval; pricing applies to approved partners only.

Key Features

Pros

Cons

Benchmarks

Frequently Asked Questions

What is Claude Mythos 5 and how does it differ from Claude Fable 5?

Claude Mythos 5 is Anthropic's restricted-access Mythos-class AI model released on June 9, 2026, sharing the same underlying architecture as Claude Fable 5 but shipping without the three safety classifier systems that Fable 5 includes. Fable 5 is generally available to any developer; Mythos 5 is available only to vetted partners through Project Glasswing, Anthropic's collaboration with US government and cybersecurity organizations. The practical difference is that Mythos 5 engages with offensive cybersecurity tasks (exploit development, vulnerability discovery), risky biological research (including AAV vector design), and capability extraction that Fable 5 refuses via its classifier systems. On general benchmarks (SWE-bench Verified 95.0%, MMLU Pro 91.5%, SWE-bench Pro 80.3%), both models perform identically since they share the same base weights. The unique Mythos 5 benchmark is ExploitBench, where it scores 78.0% versus 40.0% for Opus 4.8 and 34.0% for GPT-5.5, a metric Fable 5 cannot produce because its classifier blocks those tasks. The model supersedes Claude Mythos Preview as the Mythos-class offering for Glasswing partners, with improved scores across ExploitBench (69.0% to 78.0%) and reduced pricing.

How much does Claude Mythos 5 cost per 1M tokens?

Claude Mythos 5 costs $10 per million input tokens and $50 per million output tokens, the same price as Claude Fable 5 and less than half the price of Claude Mythos Preview during its preview period. Cache reads cost $1 per million tokens (0.1x the input rate); 5-minute cache writes cost $12.50 per million (1.25x) and 1-hour writes cost $20 per million (2x). The Batch API delivers a 50% discount: $5 input and $25 output per million, with results returned within 24 hours. For a worked example, an autonomous vulnerability assessment consuming 3 million input tokens and 500,000 output tokens costs $55 at standard rates or $27.50 via the Batch API. US-only data routing using inference_geo: 'us' adds a 1.1x multiplier on all token categories. Pricing applies only to approved Project Glasswing partners; standard API accounts do not have access to the claude-mythos-5 model ID. Self-hosting is not available: Mythos 5 is closed-weights and API-only.

What is Claude Mythos 5's context window and max output?

Claude Mythos 5 supports a 1 million token context window, identical to Fable 5, with up to 128,000 output tokens per request. The full 1M context is billed at the standard per-token input rate with no long-context surcharge. For cybersecurity research, this enables ingesting entire large codebases in a single API call for vulnerability analysis without chunking. Prompt caching applies across the full context: a 200K-token system prompt containing code context or research background costs $2.50 for a 5-minute write and $0.20 to read on subsequent calls. Anthropic reports the model stays focused across millions of tokens in long-running agentic research tasks, though independent needle-in-haystack evaluations for the full 1M range were not published at launch. The native memory tool is supported, enabling agents to store vulnerability findings or research notes across conversation boundaries in long research sessions. For comparison, this context size is sufficient to ingest and reason across the full source of medium-sized open source projects in a single pass.

How does Claude Mythos 5 perform on cybersecurity benchmarks vs competitors?

Claude Mythos 5 scores 78.0% on ExploitBench, the primary evaluation for offensive cybersecurity capability, compared to Claude Mythos Preview at 69.0%, Claude Opus 4.8 at 40.0%, and GPT-5.5 at 34.0%. This represents a 38-point gap over GPT-5.5 and a 9-point improvement over the previous Mythos Preview model. In a research demonstration, the Mythos-class architecture found 271 Firefox zero-days in a controlled environment, a result that established the capability level which led to the restricted access model. On general benchmarks, Mythos 5 matches Fable 5: 95.0% SWE-bench Verified, 80.3% SWE-bench Pro, 91.5% MMLU Pro, and 66.0% HealthBench Professional. The ExploitBench numbers are vendor-reported; independent third-party verification was in progress as of launch. Fable 5 cannot produce comparable ExploitBench scores because its cybersecurity classifier blocks the benchmark tasks. No published comparison covers GPQA Diamond, AIME 2025, or ARC-AGI 2 for Mythos 5.

Who can access Claude Mythos 5 and how do you apply?

Claude Mythos 5 is available exclusively through Project Glasswing, Anthropic's program for vetted US government and cybersecurity organizations, and through a separate biology trusted access program for authorized researchers. There is no self-serve enrollment: prospective partners must contact their Anthropic, AWS, or Google Cloud account team and go through a vetting process. The biology trusted access program provides a different configuration (Fable 5 with only the biology/chemistry classifier removed), not the full Mythos 5 configuration. For organizations that do not qualify or while waiting for Glasswing approval, Claude Fable 5 delivers identical general-purpose benchmark performance. Once approved, Mythos 5 is accessible via the Anthropic API using the model ID claude-mythos-5, and likely via Amazon Bedrock and Google Vertex AI for Glasswing partners on those cloud platforms. Broader availability through a trusted access program for additional vetted users is planned for the future, according to the launch announcement.

What modalities does Claude Mythos 5 support?

Claude Mythos 5 accepts text, images, PDFs, and tool calls as inputs. Output modalities are text and tool calls. Vision is fully live at launch: the model reads charts, interprets screenshots, and extracts data from PDF figures and technical reports. Audio input and output are not supported on Mythos 5. Video input is not supported. Function calling is native and supports parallel tool execution across multiple tools in a single turn. Structured JSON output is supported. Unlike Fable 5, which returns stop_reason: 'refusal' for cybersecurity-related requests, Mythos 5 has no classifier to trigger refusals in those domains. Supported API features include the memory tool for persistent storage, task budgets (beta) for token-aware agentic planning, context editing for pruning tool results, and compaction for long session management. Compared to Fable 5, the modality support is identical; the key difference is behavioral rather than input/output format.

Does Claude Mythos 5 train on user data?

Claude Mythos 5 does not train on API inputs from approved Glasswing partners. However, all Mythos 5 sessions are subject to mandatory 30-day data retention: inputs and outputs are retained for safety monitoring, and this cannot be opted out of on any platform regardless of contract terms. Anthropic commits explicitly to not using retained Mythos 5 data for model training; the data is used exclusively for safety monitoring including detecting complex jailbreak attempts and cross-session attack patterns that require longer observation windows. All human access to retained data is logged, and data is deleted after 30 days in most cases. Zero-data-retention is not available for Mythos 5 on any platform, which is a relevant constraint for government partners with strict data compartmentalization requirements. SOC 2 and GDPR compliance postures depend on the specific cloud platform used by Glasswing partners. HIPAA eligibility is not confirmed for Mythos 5 given the cybersecurity-focused use case and mandatory retention policy.

Who is Claude Mythos 5 best for and who should use Fable 5 instead?

Claude Mythos 5 is exclusively for vetted Project Glasswing partners: authorized offensive security researchers who need a model capable of exploit development and vulnerability research (78.0% ExploitBench, versus 40.0% for Opus 4.8), US government and infrastructure cyber defense organizations running attack simulation, and biology researchers with trusted access approval for work involving AAV design or risky biological tasks. Any team that has not been approved through Glasswing should use Claude Fable 5 instead, which delivers identical general-purpose performance (same SWE-bench, MMLU Pro, and HealthBench scores) without the restricted access requirement. Teams running voice-first applications, requiring zero data retention, or needing on-device inference should use neither Mythos 5 nor Fable 5: look at Opus 4.8 (for zero retention) or Sonnet 4.6 (for cost-efficient workloads). Mythos 5 is not appropriate for any deployment to unapproved end users, consumer applications, or general-purpose development workflows outside the approved Glasswing use cases.

Visit Claude Mythos 5 Official Page