On May 1, 2026, six allied cyber agencies published joint guidance on the secure adoption of agentic AI. The recommendations map closely to non-human identity and GRC work that many programs are still building out.
Anthropic shipped Claude Opus 4.7 today as its most capable generally available model, but the cybersecurity story is bigger than the benchmarks. The model includes automated safeguards that block high-risk cyber requests, deliberately reduced offensive capabilities compared to Mythos Preview, and a new Cyber Verification Program that gates legitimate security use behind a formal application process. This is the first generally available model where Anthropic is actively testing the controls it needs before it can release Mythos-class capabilities to the public.
Anthropic launched Project Glasswing with 12 major tech companies, using its unreleased Claude Mythos Preview model to find and patch zero-day vulnerabilities at a scale and speed that didn’t exist six months ago. The implications for vulnerability management, patching cycles, and defensive security programs are enormous.