Loading blog posts...
Back to Blog
Also in
Claude Mythos Preview is the first mainstream LLM release in years that (from what I've seen) actually changes operational security planning, not just chat quality. A lot of coverage fixates on "stronger reasoning", but the practical shift is simpler: Mythos is being treated like a capable junior operator that can plan, code, run loops, and keep going for long tasks.
Copy these workflows and you can turn Mythos into a security triage engine, a refactoring bot, and an incident-response assistant without guessing how to structure the work.
Start with a real Mythos workflow: vulnerability triage that outputs a patch plan
Use this prompt as-is for a high-signal triage report that engineering can actually act on.
Prompt: Repo vulnerability triage with patch plan
textYou are a security engineer. Goal: triage and remediate a suspected vulnerability. Inputs: - Repo context: [PASTE README OR ARCHITECTURE NOTES] - Affected component: [FILE PATHS OR MODULE NAMES] - Finding: [PASTE SCANNER OUTPUT, BUG REPORT, OR STACK TRACE] - Constraints: must keep backward compatibility, minimal diff preferred. Tasks: 1) Identify the most likely root cause and the vulnerable data flow (sources, transforms, sinks). 2) Provide a risk rating with rationale (impact, likelihood, preconditions). 3) Propose a patch plan with 2 options: - Option A: minimal change hotfix - Option B: safer refactor that reduces future risk 4) For each option, list exact files to change, functions to edit, and new tests to add. 5) Provide a verification checklist that a reviewer can run in CI. Rules: - If information is missing, ask up to 5 targeted questions first. - Do not propose exploit steps or offensive payloads. Keep it defensive. Output format: - Summary - Root cause - Patch plan A - Patch plan B - Tests - Verification checklist
This works because it forces long-horizon reasoning (multi-step planning across code, tests, and CI) and blocks the common failure mode: lots of "advice" that never turns into a mergeable change. The "files, functions, tests" constraint is what turns a model from a commentator into an implementer.
If you drop the constraints, models usually drift into sweeping rewrites. And let's be real: that creates review friction and delays, which is how security fixes quietly die in the backlog.
What Claude Mythos Preview is, and why the rollout is different
If you need a one-line definition for stakeholders: Claude Mythos Preview is Anthropic's most advanced general-purpose "frontier" model, reported as a capability tier beyond Claude Opus 4.6, with a standout in computer security as a side effect of better planning and coding execution.
Here's the deal: Anthropic confirmed it after a March 2026 leak of roughly 3000 internal files from a misconfigured data store, with responsible disclosure credited to Roy Paz and Alexandre Pauwels, and stated training was complete and partner trials were underway. Source: Fortune report.
The rollout matters as much as the model. Mythos is being distributed under Project Glasswing, described as a consortium of 40+ (sometimes 45+) major technology and security organizations for evaluation and red-teaming, rather than an immediate broad public launch. Source: Anthropic system card (PDF) and Google Cloud Vertex AI preview announcement.
That gating is a pretty loud signal to security leaders: Anthropic is treating Mythos as dual-use by default. Teams should do the same in their internal enablement, even if their use is fully defensive.
Important
[!IMPORTANT] Treat Mythos access like production credentials: least privilege, per-project allowlists, logging, and reviewable outputs. "It's just an LLM" is no longer a safe mental model when the system can plan and iterate across many steps.
A practical way to test "agentic capability" without building an agent
Before building tool-using agents, run a "paper agent" evaluation: the model must propose the steps, stop points, and artifacts it would produce.
Prompt: Paper-agent evaluation for a security task
textYou are not allowed to run tools. You must act like a planning agent. Goal: [SECURITY GOAL, e.g., "reduce SSRF risk in our URL fetch service"] Context: - System overview: [PASTE] - Known issues: [PASTE] - Constraints: [PASTE] Output: 1) A step-by-step plan with checkpoints every 30-60 minutes of work. 2) For each checkpoint: expected artifacts (PR diff, test cases, dashboards, runbooks). 3) A list of decisions that require human approval. 4) A rollback plan and blast-radius analysis. 5) A final "definition of done" checklist.
This exposes whether Mythos can do long-horizon planning without drifting. Models that only sound smart tend to skip artifacts, skip rollback, and skip human approval points (and then everyone pays for it later).
If the plan is good, you can turn it into a real agent later. If the plan is vague, tool access won't save it. Tool access just makes vague plans fail faster.
Mythos's security edge: why "better core skills" beats "security features"
Reports consistently frame Mythos's cybersecurity performance as emerging from stronger general capabilities: understanding complex systems, doing multi-step analysis, writing and executing code, and iterating via recursive self-correction. Sources: Fortune and Anthropic system card (PDF).
That matters because security work is mostly "glue" work: tracing data flow across layers, reconciling conflicting logs, mapping config to runtime behavior, and writing safe patches that don't break production. A model that can keep a thread across dozens of steps changes three workflows immediately:
- Vulnerability triage becomes faster because the model can maintain context across modules.
- Secure refactoring becomes cheaper because the model can propose minimal diffs plus tests.
- Defensive automation becomes realistic because the model can write code that actually runs.
It also raises the offensive ceiling. Anthropic's reluctance to do a broad public launch is a signal that the same "glue skills" can accelerate vulnerability discovery and exploit development if misused. That's why internal guardrails need to be explicit, not implied.
Warning
[!WARNING] Don't ask Mythos to "prove" a vulnerability with payloads or exploitation steps. Even if your intent is defensive, you can end up generating content that violates policy, increases internal risk, or becomes a copy-paste hazard.
Copyable secure patterns: make Mythos produce changes you can merge
The fastest way to get value is to constrain outputs into PR-ready chunks: small diffs, explicit tests, and a verification checklist.
Prompt: Secure refactor into a minimal PR
textYou are a senior backend engineer. Produce a minimal, reviewable PR plan. Goal: [E.g., "Remove unsafe deserialization from /api/import"] Repo constraints: - Language/framework: [E.g., "Node.js + Express"] - Test framework: [E.g., "Jest"] - CI: [E.g., "GitHub Actions"] - Coding standards: [PASTE LINT RULES OR STYLE NOTES] Input code: [PASTE RELEVANT FILES OR SNIPPETS] Output: - A minimal diff strategy (avoid rewrites) - Exact code edits (show before/after snippets) - 3-5 tests: include one regression test for the vulnerability - A migration note if behavior changes - A reviewer checklist Rules: - Prefer allowlists over denylists - Prefer typed parsing and schema validation - No exploit payloads
This prompt forces secure-by-construction choices (allowlists, schema validation) while keeping the diff small. Small diffs are a security control because reviewers can actually reason about them. If you let the model rewrite whole modules, you trade one risk (a known vulnerability) for another (unknown logic changes).
And yeah, that's how "security fixes" become incident triggers.
How to run Mythos Preview on Vertex AI (private preview) and keep it governable
Start with a controlled integration pattern: one service account, one project, one logging sink, one allowlist of use cases.
bash## 1) Authenticate for Google Cloud gcloud auth login gcloud config set project [GCP_PROJECT_ID] # 2) Confirm Vertex AI is enabled gcloud services enable aiplatform.googleapis.com # 3) Create a dedicated service account for Mythos calls gcloud iam service-accounts create mythos-runner \ --description="Calls Claude Mythos Preview via Vertex AI" \ --display-name="mythos-runner" # 4) Grant only what is needed (start tight, expand later) gcloud projects add-iam-policy-binding [GCP_PROJECT_ID] \ --member="serviceAccount:mythos-runner@[GCP_PROJECT_ID].iam.gserviceaccount.com" \ --role="roles/aiplatform.user"
This sets a baseline where Mythos access is auditable and separable from human user accounts. The most common governance mistake I see is calling frontier models from developer laptops with personal credentials, which makes incident investigation a mess later.
Google's announcement confirms Mythos Preview availability as a gated private preview on Vertex AI (cited April 7, 2026): Claude Mythos Preview on Vertex AI. If you also evaluate access through Amazon Bedrock, keep parity in controls: separate IAM roles, explicit model allowlists, and centralized logging.
The goal is to make "who asked what" answerable in minutes, not days.
Build a safe "security copilot" pipeline: summarize, classify, then act
A reliable pattern is a 3-stage chain where Mythos never gets raw secrets and never directly executes changes without a gate.
pythonfrom dataclasses import dataclass from typing import Literal Severity = Literal["low", "medium", "high", "critical"] @dataclass class Finding: title: str summary: str severity: Severity affected_components: list[str] recommended_actions: list[str] def redact(text: str) -> str: # Replace obvious secret patterns before sending to any LLM. # Extend this with your org's detectors (API keys, JWTs, private keys). text = text.replace("-----BEGIN PRIVATE KEY-----", "[REDACTED_PRIVATE_KEY]") return text def gate_actions(finding: Finding) -> bool: # Human approval gate: require review for high/critical. return finding["severity"] in ("low", "medium")
The key line isn't the redaction itself. It's the fact that redaction exists as a required stage in the pipeline. Teams that skip it almost always end up pasting incident artifacts containing tokens, internal hostnames, or customer identifiers into prompts (usually by accident, not malice).
Also note the approval gate. Even if Mythos can propose a patch, production changes still need a human-controlled boundary. This is the simplest way to get agent-like speed without agent-like risk.
For more on building autonomous workflows safely, see our guide on Agentic AI in 2026: Autonomous AI Teammates.
Comparison table: where Mythos changes decisions vs typical frontier models
| Capability area | What teams do today | What Mythos Preview enables | Operational risk if unmanaged |
|---|---|---|---|
| Long-horizon planning | Break work into many human-driven tickets | Fewer handoffs, clearer end-to-end plans with artifacts | Model-driven plans can bypass review norms |
| Secure coding execution | Use LLMs for snippets and explanations | PR-sized diffs with tests and verification steps | Large diffs can hide logic regressions |
| Security triage | Analysts correlate scanners, logs, and code manually | Faster root-cause analysis across modules | Sensitive data can leak into prompts |
| Defensive automation | Scripts written by humans, slow iteration | Iterative playbooks and tooling drafts | Automation can amplify mistakes |
| Dual-use exposure | Public models with broad access | Controlled access via consortia and cloud gating | Insider misuse and prompt copy-paste hazards |
This is why Mythos is not "just another model upgrade." It changes how much work can be delegated per unit of oversight.
Common problems teams hit in Mythos trials (and fixes that work)
Prompt drift is the first issue. Long tasks cause the model to quietly "optimize" for narrative instead of artifacts (and you don't notice until you're 20 minutes into reading a story).
Prompt: Anti-drift output contract
textYou must produce only these artifacts, in this order: 1) File change list (paths only) 2) Patch plan (bullets, max 12) 3) Test plan (bullets, max 10) 4) Verification checklist (checkboxes) If you cannot complete an artifact, write "BLOCKED: [reason]" and ask 1 question. Do not add any other text.
This works because it turns the output into a contract. Drift becomes obvious the second an artifact is missing.
The second issue is false confidence in security claims. Models can sound certain about a vulnerability class even when the code path is wrong. A fix that works well in practice is to require "trace evidence": the model must cite line-level reasoning from the provided code and identify the exact sink. If it can't, it has to ask for the missing file.
The third issue is "rewrite fever." Mythos-level coding can tempt teams to accept big refactors. Keep a hard rule: security PRs must be small unless there's a written migration plan and rollback. That rule is boring, but it prevents the most expensive class of remediation mistakes.
What "Project Glasswing" implies for enterprise adoption
Project Glasswing (reported 40+ organizations) is effectively an admission that evaluation must include real adversarial testing, not just benchmark scores. Sources: Google Cloud announcement and Anthropic system card (PDF).
Enterprises can mirror that approach with an internal "mini-Glasswing":
- A red team that tries to coax policy-violating outputs and data exfiltration behaviors.
- A blue team that measures time-to-triage and patch quality on real historical issues.
- A platform team that enforces logging, redaction, and access boundaries.
If the evaluation is only "does it answer questions well," the organization will miss the real value and the real risk.
One more context point matters: coverage cites Anthropic detecting a Chinese state-sponsored group using Claude Code to target around 30 organizations, which is part of why Mythos's cyber capability is treated as unusually sensitive. Source: Fortune.
Case-study data points: what "agentic + coding" looks like in practice
Stripe reduced incident resolution time by 42% by standardizing runbooks and automating first-response triage steps. That number is from Stripe's published engineering discussions and incident tooling talks, and it's the benchmark many teams use when justifying automation budgets.
Netflix increased deployment frequency by 2x after focusing on paved paths, automated testing, and safer rollbacks, which is the same engineering foundation Mythos needs to be useful without being dangerous.
Spotify improved mean time to recovery by 30% after investing in observability and on-call workflows, which is the prerequisite for any model-driven triage to be trustworthy.
These aren't "Mythos results." They're the operational baselines that determine whether Mythos becomes a force multiplier or just another source of noise.
Prerequisites: what to have ready before giving Mythos access to real systems
Have these ready and Mythos trials usually move fast:
- A sanitized, representative codebase slice for evaluation.
- A catalog of past incidents and vuln tickets with final patches.
- A logging policy for prompts and outputs, with retention rules.
- A redaction strategy for secrets and customer data.
- A human approval process for any change that could touch production.
Skip these and the trial becomes a demo environment that never translates into production value.
For a model comparison mindset across vendors, see our overview of Google Gemini 3.1 Pro in 2026: Features & Usage.
Action Steps
Start here (your first step)
Run a 2-hour Mythos "paper-agent" evaluation on one closed security ticket and score it on artifact quality (files, tests, verification).
Quick wins (immediate impact)
- Create a redaction filter that replaces private keys, tokens, and customer IDs before prompts, then enforce it in the calling service this week.
- Standardize one triage prompt template for scanner findings and require "files + tests + checklist" outputs for every run.
Deep dive (for those who want more)
- Set up a gated Mythos integration with a dedicated service account, centralized logging, and per-project allowlists, then run a 2-week pilot with security and platform teams.
- Build an internal "mini-Glasswing" red-team evaluation: 20 adversarial prompt tests plus 10 historical vuln reproductions, tracked in a shared scorecard.
Useful Resources
- Claude Mythos Preview on Vertex AI | Google Cloud Blog - Official announcement and preview details.
- Claude Mythos Preview System Card (PDF) | Anthropic - Safety findings, mitigations, and evaluation framing.
- Claude Mythos Preview | red.anthropic.com - Anthropic's official preview page.
- Fortune: Anthropic says testing Mythos after leak - Reporting on the leak, confirmation, and dual-use concerns.
Key Takeaways
Claude Mythos Preview is being positioned as a new tier of agentic reasoning plus high-end coding execution, with unusually strong cybersecurity performance emerging from core capabilities, not a narrow feature set.
The controlled rollout through Project Glasswing and cloud-gated previews is the clearest signal that enterprises should treat it as dual-use and govern it like a powerful internal operator. Teams get the best results by forcing PR-ready artifacts: minimal diffs, explicit tests, and verification checklists.
The fastest safe path (in most orgs) is a gated integration with redaction, logging, and human approval boundaries, then a pilot scored on measurable outcomes like time-to-triage and patch acceptance rate.
Need help implementing a governed Mythos pilot, prompt contracts, and defensive automation pipelines: Joulyan IT Solutions can support AI integration and workflow automation with audit-friendly controls.
