The agent market in 2026 is not consolidating. It is splitting.
On one side sits OpenClaw, the open-source, local-first personal AI assistant with over 347,000 GitHub stars, running on user-owned hardware across 24+ messaging channels. On the other sits Anthropic’s Mythos, an unreleased frontier model so potent in cybersecurity that Anthropic deemed it too dangerous for public release, restricting access to roughly 50 vetted organizations under Project Glasswing.
An MSN landscape analysis published May 11 frames this as the defining strategic divergence in the agent market. The split is not primarily about which models power the agents. Both camps leverage Claude, GPT, and open-weight alternatives. The split is about deployment philosophy: who owns the infrastructure, who controls access, and who decides what the agent can do.
Two Deployment Philosophies, Zero Overlap
OpenClaw’s architecture is built on a single premise: the user runs the agent. The gateway is a local control plane. Skills are modular instruction packs the community writes and shares. The agent answers on WhatsApp, Telegram, Discord, Signal, and two dozen other channels because the user chose those channels. There is no cloud dependency and no vendor approval process.
Mythos operates on the opposite premise. Anthropic trained a general-purpose frontier model that, during testing, discovered thousands of previously unknown zero-day vulnerabilities across every major operating system and web browser. The UK’s AI Safety Institute independently assessed the model’s cyber capabilities as a “step up” over other frontier models, according to Just Security. Anthropic’s response was not to open-source it. It was to form a coalition: AWS, Apple, Microsoft, Google, CrowdStrike, JPMorgan Chase, Palo Alto Networks, and others. Anthropic committed up to $100 million in usage credits and $4 million in direct donations to open-source security organizations.
The buyer profiles for these two architectures are almost entirely distinct. OpenClaw’s users are developers, tinkerers, and small teams who want a personal assistant they control. Mythos’s users are enterprises and governments that need auditable, vetted, high-assurance tooling for critical infrastructure.
The Control Question
The divergence matters because it creates fundamentally different trust models.
OpenClaw users accept a tradeoff: full autonomy in exchange for full responsibility. The project’s 104 CVEs (catalogued by Adversa AI) are public, filed against an open codebase, and patched in the open. The security model depends on the user configuring it correctly. When they don’t, as a recent NCT audit documented, the results include raw API keys in wrong files, disabled exec confirmation, and failing CVSS scores.
Mythos users accept the opposite tradeoff: restricted access and vendor dependence in exchange for Anthropic’s curation and safety engineering. “We do not plan to make Claude Mythos Preview generally available,” Anthropic states on the Glasswing page, “but our eventual goal is to enable our users to safely deploy Mythos-class models at scale.” The timeline is deliberately vague.
Neither tradeoff is obviously wrong. But they produce incompatible procurement decisions. An enterprise that standardizes on Mythos-class tooling under Project Glasswing is not going to simultaneously deploy OpenClaw on employee laptops. A developer who chose OpenClaw because they want to inspect every skill file and control every API call is not going to wait for Anthropic’s access committee to approve their use case.
The Reproducibility Complication
CNBC reported on May 8 that cybersecurity firms have been reproducing Mythos’s vulnerability discoveries using publicly available models through orchestration techniques. “What we are seeing across the industry now is that people are able to reproduce the vulnerabilities found with Mythos through clever orchestration of public models to get very, very similar results,” Ben Harris, CEO of watchTowr, told CNBC. Vidoc Security CEO Klaudia Kloc confirmed that her team ran “older models against the same code base” and found the same vulnerabilities “with both OpenAI and Anthropic’s older models.”
This complicates Anthropic’s positioning. If the capabilities are reproducible with public models, the value proposition of restricted access shifts from “we have something nobody else has” to “we package it with safety guarantees nobody else offers.” That is still a valid product, but it is a different one, and it sits closer to the enterprise SLA market than the capability frontier.
Anthropic’s own estimate, per the Glasswing announcement, is that similar capabilities will proliferate from other labs within six to eighteen months. Rest of World reported that Chinese AI companies have “repeatedly managed to match U.S. frontier models within months, in part by distilling capabilities” from those models. The clock on Mythos’s exclusivity is ticking.
Where This Leaves Builders
The practical consequence for agent builders is that they face a binary architectural decision that gets harder to reverse the longer they wait.
Build on OpenClaw’s model and you get full transparency, community-driven skills, cross-platform deployment, and a growing but fragmented ecosystem now facing competitive pressure from Hermes Agent (135,000+ GitHub stars, per The Neuron). You also inherit every security misconfiguration your team introduces.
Build on Mythos-class tooling and you get Anthropic’s safety engineering, vetted deployment, and enterprise SLAs. You also accept that your agent’s capabilities are gated by a vendor’s access committee, your roadmap depends on Anthropic’s timeline, and if a competitor gets Glasswing access before you do, that is a structural disadvantage you cannot engineer around.
The MSN analysis calls this a “maturation of the agent market from one-size-fits-all chatbot to layered, architecture-specific solutions.” That framing is generous. A more precise description: the agent market is splitting into two camps that share almost no infrastructure, no trust model, and no buyer base. The question for the next 24 months is not which camp wins. It is whether anything bridges them.