In an unprecedented move that underscores the dual-use dangers of advanced AI, Anthropic has announced Project Glasswing?? sweeping cybersecurity initiative built around a frontier AI model the company itself considers too dangerous to release publicly. The model, called Claude Mythos Preview, has already identified thousands of zero-day vulnerabilities across every major operating system and web browser, and Anthropic is deploying it exclusively through a carefully curated coalition of defenders.
The Most Powerful Cyber AI Ever Built??nd Why It’s Being Locked Away
At the center of Project Glasswing sits Claude Mythos Preview, a general-purpose frontier model that represents Anthropic’s most ambitious??nd most unsettling??echnical achievement. According to the company, Mythos Preview was able to find nearly all of the vulnerabilities it surfaced, and develop many related exploits, entirely autonomously, without any human steering.
Three examples highlight the model’s extraordinary capabilities:
- A 27-year-old vulnerability in OpenBSD??idely regarded as one of the most security-hardened operating systems in the world, commonly used to run firewalls and critical infrastructure. The flaw allowed an attacker to remotely crash any machine running the OS simply by connecting to it.
- A 16-year-old vulnerability in FFmpeg??he near-ubiquitous video encoding and decoding library??n a line of code that automated testing tools had exercised five million times without ever catching the problem.
- Multiple Linux kernel vulnerabilities that Mythos Preview autonomously chained together to escalate from ordinary user access to complete control of the machine.
“We do not plan to make Claude Mythos Preview generally available due to its cybersecurity capabilities,” said Newton Cheng, Frontier Red Team Cyber Lead at Anthropic. “However, given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout??or economies, public safety, and national security??ould be severe.”
An Unprecedented Coalition of Defenders
The launch partners reading like a who’s-who of technology and finance include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. Anthropic has also extended access to more than 40 additional organizations that build or maintain critical software.
The company is committing up to million in usage credits for Claude Mythos Preview across the effort, along with million in direct donations to open-source security organizations.
Balancing Disclosure and Overwhelm
Finding thousands of zero-days at once raises a critical challenge: how do you disclose them without overwhelming open-source maintainers, many of whom are unpaid volunteers? Anthropic has built a triage pipeline specifically designed to prevent an automated firehose of unverified reports.
“We triage every bug that we find and then send the highest severity bugs to professional human triagers we have contracted to assist in our disclosure process by manually validating every bug report before we send it out to ensure that we send only high-quality reports to maintainers,” Cheng explained.
When Anthropic has access to the source code, the company aims to include a candidate patch with every report, labeled by provenance, and offers to collaborate on a production-quality fix.
Performance That Sets New Benchmarks
On the CyberGym evaluation benchmark, Mythos Preview scored 83.1%, compared to 66.6% for Claude Opus 4.6, Anthropic’s next-best model. The gap is even wider on coding benchmarks: Mythos Preview achieves 93.9% on SWE-bench Verified versus 80.8% for Opus 4.6, and 77.8% on SWE-bench Pro versus 53.4%.
The Irony of Building Your Biggest Vulnerability
The announcement arrives at a moment of extraordinary momentum??nd extraordinary scrutiny??or Anthropic. The company disclosed recently that its annualized revenue run rate has surpassed billion, up from approximately billion at the end of 2025, with more than 1,000 business customers each spending over million annually.
But the irony of a company claiming to build the most capable cyber model ever constructed while simultaneously suffering embarrassing security lapses has not been lost on observers. In late March, a draft blog post about Mythos was left in an unsecured and publicly searchable data store that exposed roughly 3,000 internal assets. Days later, anyone who ran npm install on Claude Code pulled down Anthropic’s complete original source code.
Project Glasswing represents Anthropic’s most ambitious attempt to translate frontier AI capabilities into a defensive advantage before those same capabilities proliferate to hostile actors. Whether the company can maintain that defensive edge while navigating its own security missteps remains to be seen.