In a move that has sent shockwaves through both the AI and cybersecurity communities, Anthropic has previewed what it’s calling its most powerful cyber capability ever developed??nd then explicitly decided not to release it publicly.
Dubbed Claude Mythos Preview (internal project name: Project Glasswing), the model represents a dramatic escalation in the intersection of artificial intelligence and offensive security operations. The company has assembled an unprecedented coalition of 12 major technology partners to help test and constrain the model: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks.
What Glasswing Can Do??nd Why It’s Being Locked Down
The model has demonstrated the ability to discover and exploit vulnerabilities at a scale previously unseen. According to sources familiar with the project, Glasswing has independently identified:
- A 27-year-old vulnerability in OpenBSD that went undetected through decades of security research
- A 16-year-old flaw in FFmpeg affecting countless media processing systems worldwide
- Multiple previously unknown vulnerabilities in the Linux kernel
These findings underscore both the power and the danger of deploying advanced AI in vulnerability research. Unlike traditional security tools, Glasswing doesn’t just find weaknesses??t can reason about exploit chains, privilege escalation paths, and real-world attack scenarios.
The Ethical Calculus: Coordinated Disclosure and Responsible AI
Anthropic’s decision to withhold Glasswing from public release is a notable contrast to the open-source ethos that dominates much of the AI landscape. The company has committed to a coordinated vulnerability disclosure process, working directly with affected vendors to patch issues before any public disclosure.
The ethical implications are profound. When a single AI model can find more vulnerabilities in months than the global security research community has found in decades, the question becomes not just “can we build it?” but “should we?”
The Business Picture: Run Rate and Explosive Growth
Beyond the technical achievements, Anthropic’s business trajectory remains staggering. The company is reportedly operating at a billion annual revenue run rate??nd doubled its number of million+ customers in just two months. This growth is powered partly by massive infrastructure commitments, including million in usage credits distributed to enterprise partners, and million in direct grants to open-source security organizations.
The Road Not Taken
Project Glasswing stands as a stark illustration of the dual-use dilemma in AI development. The same capabilities that make it extraordinarily valuable for defensive security research also make it extraordinarily dangerous in the wrong hands. By choosing constraint over commercialization, Anthropic has made a statement about the kind of AI company it wants to be??ven as it races ahead of competitors in raw capability.
The cybersecurity industry will be watching closely to see whether this model, or derivatives of it, ever sees the light of day??nd what precedents that might set for the industry at large.