Anthropic has announced Project Glasswing, a sweeping cybersecurity initiative that centers on an AI model the company considers too dangerous to release publicly. The model, called Claude Mythos Preview, has already identified thousands of high-severity zero-day vulnerabilities across every major operating system and web browser.
The launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. Anthropic is committing up to 100 million dollars in usage credits for Claude Mythos Preview and 4 million dollars in direct donations to open-source security organizations.
Why Anthropic Built a Model It Won’t Release
We do not plan to make Claude Mythos Preview generally available due to its cybersecurity capabilities, said Newton Cheng, Frontier Red Team Cyber Lead at Anthropic. However, given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely.
The technical results are striking. Mythos Preview found a 27-year-old vulnerability in OpenBSD, a flaw that allowed an attacker to remotely crash any machine running the OS simply by connecting to it. It also discovered a 16-year-old vulnerability in FFmpeg that automated testing tools had exercised five million times without catching. Most alarming, Mythos Preview autonomously found and chained together several vulnerabilities in the Linux kernel to escalate from ordinary user access to complete machine control.
Responsible Disclosure at Scale
Finding thousands of zero-days at once presents a logistical challenge. Anthropic has built a triage pipeline to manage disclosure responsibly. The company has contracted professional human triagers to manually validate every bug report before sending it out to ensure that only high-quality reports reach maintainers.
The company follows a coordinated vulnerability disclosure framework, generally waiting 45 days after a patch is available before publishing full technical details. This gives downstream users time to deploy fixes before exploitation information becomes public.
Industry Partners Validate the Approach
CrowdStrike CTO Elia Zaitsev frames the initiative in terms of collapsing timelines: The window between a vulnerability being discovered and being exploited by an adversary has collapsed. What once took months now happens in minutes with AI.
AWS Vice President and CISO Amy Herzog said her teams have been testing Mythos Preview against critical codebases, where the model is already helping us strengthen our code.
The Timing and Business Context
Project Glasswing arrives during a pivotal week for Anthropic. The company disclosed that its annualized revenue run rate has surpassed 30 billion dollars, up from approximately 9 billion dollars at the end of 2025. The number of business customers each spending over 1 million dollars annually now exceeds 1,000, doubling in less than two months.
Simultaneously, Anthropic announced a multi-gigawatt compute deal with Google and Broadcom, with about 3.5 gigawatts worth of computing capacity coming online beginning in 2027. The company is also reportedly evaluating an IPO as early as October 2026.
The Defensive Bet
Anthropic is effectively arguing that the tool it created is powerful enough to reshape the cybersecurity landscape, and that the only responsible course is to keep it restricted while giving defenders a head start. Project Glasswing represents Anthropic’s most ambitious attempt to translate frontier AI capabilities into a defensive advantage before those same capabilities proliferate to hostile actors.