In a normal week, the launch of a flagship frontier model would dominate the AI news cycle. The week of 16 April 2026 was not a normal week. Anthropic shipped Claude Opus 4.7 to general availability — and in the same breath admitted that an even stronger internal model, codenamed "Mythos", was too dangerous to release. That admission, more than the launch itself, is the story of the year so far.
This post walks through what actually shipped, what Mythos is doing behind the curtain in Project Glasswing, and why this matters if you build, secure, or simply use modern AI systems.
What Anthropic Actually Released
Claude Opus 4.7 launched on 16 April 2026 across Anthropic's API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry. Anthropic's own framing is unusually modest — they describe it as a "notable improvement on Opus 4.6 in advanced software engineering" — but the upgrade is more interesting than that sentence suggests.
The Headline Capabilities
- 1M-token context window with up to 128k output tokens, identical to Opus 4.6 but now paired with a smarter tokenizer.
- High-resolution vision for the first time in the Claude family — maximum input resolution jumped from 1,568 px / 1.15 MP to 2,576 px / 3.75 MP, which materially changes what the model can do with screenshots, PDFs, and CAD-style imagery.
- Task budgets, a new agentic-loop primitive that lets you cap the total tokens Claude spends on thinking, tool calls, and final output for a single task.
- An
xhigheffort level sitting betweenhighandmax, giving developers finer-grained control over the latency-versus-reasoning tradeoff. - A new tokenizer that uses roughly 1x to 1.35x as many tokens per piece of text — a hidden cost change to budget for.
- Pricing unchanged at $5 per million input tokens and $25 per million output tokens.
These don't sound revolutionary on paper. In practice, they make Opus 4.7 the first Claude model that most engineers I know are happy to hand a multi-hour autonomous coding task with no babysitting.
Why The Tokenizer Change Matters
The tokenizer rewrite is easy to miss in the release notes, but it has real implications. If your application is anywhere near your context budget on Opus 4.6, you should re-measure on 4.7 before flipping the flag. A 35% inflation in token count can quietly push prompts past the 1M-token ceiling, especially for code-heavy workloads where tokens already pack densely.
A 1M context window is generous. It is not infinite. Token bloat in a new tokenizer is exactly the kind of thing that breaks production agentic pipelines silently.
Now Meet Mythos
The more consequential announcement is the one Anthropic didn't turn into a product page. On 7 April 2026, the company previewed Claude Mythos — a frontier general-purpose language model that performs strongly across the board but is unusually strong at one specific thing: computer security.
According to Anthropic's own preview and follow-up reporting in Axios and CNBC, Mythos can identify and exploit zero-day vulnerabilities in every major operating system and every major web browser when directed by an authorized user to do so. Several of the vulnerabilities it surfaced were ten or twenty years old. The oldest — a now-patched flaw in OpenBSD — had been sitting in the codebase for 27 years.
Anthropic decided not to release Mythos publicly. The reasoning is straightforward: the same model that finds long-buried bugs in defenders' code can find them in everyone else's. The asymmetry of "one weekend with a frontier model" against decades of accumulated software is too dangerous to ship.
Project Glasswing: Mythos Goes To Work
Holding a model back is one thing. Letting it sit on a shelf is another. Anthropic's solution is Project Glasswing — a coalition that gives Mythos access to highly targeted codebases inside a small set of trusted partners, so the model finds and reports vulnerabilities to the people who can patch them, not the people who can exploit them.
The reported participant list is striking:
| Company | Industry | Role in Glasswing |
|---|---|---|
| AWS | Cloud | Infrastructure code review |
| Apple | Devices / OS | Operating system hardening |
| Microsoft | Cloud / OS | Cross-stack vulnerability research |
| Cloud / Browser | Chromium and platform hardening | |
| Cloudflare | Edge / Networking | Network-layer review |
| CrowdStrike | Endpoint security | Detection rules and EDR validation |
| Palo Alto Networks | Network security | Defensive product testing |
Cybersecurity News reports that in its first month Glasswing surfaced over 10,000 high- and critical-severity zero-day vulnerabilities across these codebases. Two have already been documented with CVEs:
- CVE-2026-5194 — a critical flaw in the wolfSSL cryptography library
- CVE-2026-4747 — a remote code execution bug in FreeBSD that Mythos discovered and fully autonomously exploited
A separate 16-year-old bug in FFmpeg was disclosed and patched after evading every prior round of human code review and automated testing. None of these are toy findings. They are the kind of bugs that shape decade-long CVE histories.
Why Anthropic Chose To Hold Mythos Back
This is the part of the story that matters most for anyone thinking seriously about AI safety. Anthropic operates under a Responsible Scaling Policy (RSP) — an internal commitment to gate releases on demonstrated risk thresholds. Mythos crossed a threshold. Opus 4.7, evidently, did not.
The framing is interesting: this is the first time a major lab has publicly conceded that the next model in the pipeline is stronger than the one they're shipping, and they're shipping the weaker one on purpose. The Register's coverage suggests Anthropic plans to release Mythos-class capabilities once they have stronger safeguards — including agentic monitoring, structured access patterns, and abuse detection. There is no public timeline yet.
You can argue both sides of this. Critics, including Artificial Intelligence Made Simple, have framed the announcement as marketing — a way to make the publicly available Opus 4.7 look safer by anchoring it against an unreleased big sibling. Defenders point to the actual CVE pipeline coming out of Glasswing as evidence that the capability is real.
Both can be true at once.
A 5-Minute Walkthrough
If you want a tight visual summary of what shipped, this overview covers Opus 4.7's benchmarks, vision upgrades, and pricing:
What This Means If You Build With Claude
Three concrete implications for engineers shipping production systems on Claude:
- Re-measure your token usage on Opus 4.7. The new tokenizer can push you 10–35% over your old budgets. Treat it as a regression test, not a free upgrade.
- Use task budgets for long agentic loops. If you've been doing your own token accounting around
claude-opus-4-6, the nativetask_budgetparameter in 4.7 is simpler and more accurate. - Adopt
xhighbeforemax. For most production workloads,xhighgives most of the reasoning quality ofmaxat a noticeably better latency profile.
What This Means For Security
This is the part that should keep CISOs up at night — in both directions. The same capability that powers Project Glasswing's defensive work will, eventually, be available to attackers in some form. Anthropic has bought time. They have not changed the trajectory.
- Vendors should expect a sharp uptick in drive-by vulnerability disclosures as Mythos-class capability diffuses.
- Defenders should expect their incident response cadence to compress. Patch windows will shrink.
- Software supply chain scrutiny will move up the priority list for every regulator that hasn't already moved it.
The deeper question — covered well in the World Economic Forum's analysis — is whether AI-assisted vulnerability discovery ultimately favors offense or defense. Mythos finds bugs in days that took humans decades to miss. The same capability, in the right hands, also fixes them.
The Road Ahead
Three things are worth watching from here:
- Mythos's public release. Anthropic has signaled that it is coming once safeguards mature. Whatever the gating mechanism turns out to be — structured access, post-deployment monitoring, hardened agentic guardrails — it will set the template for every frontier model release that follows.
- The next benchmark. Opus 4.7 has clearly been overshadowed in-house. The interesting question is what benchmarks Anthropic uses internally to decide a Mythos-class model is safe to ship.
- Competing labs' response. OpenAI, Google DeepMind, and others almost certainly have their own internal models at this capability level. Whether they make the same disclosure choice will tell us how much of this is industry policy and how much is one lab's decision.
Whatever happens next, the line between "model release" and "policy decision" is now permanently blurred. That, more than any benchmark, is the real Mythos moment.
Sources & Further Reading
- Anthropic — Introducing Claude Opus 4.7
- Anthropic Red — Claude Mythos Preview
- Anthropic Docs — What's new in Claude Opus 4.7
- Axios — Anthropic releases Claude Opus 4.7, concedes it trails unreleased Mythos
- CNBC — Anthropic releases Claude Opus 4.7, a less risky model than Mythos
- The Register — Anthropic to release Mythos-class models to the public
- The Hacker News — Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
- Cybersecurity News — Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing
- World Economic Forum — Anthropic's Mythos moment: how frontier AI is redefining cybersecurity
- AWS Blog — Introducing Anthropic's Claude Opus 4.7 in Amazon Bedrock