Anthropic just made one of the most significant cybersecurity announcements in recent memory. Project Glasswing brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks around a single goal: securing the world’s most critical software before AI-powered attacks make the current landscape untenable.
The catalyst is a new frontier model called Claude Mythos Preview – an unreleased, general-purpose model that has already found thousands of high-severity vulnerabilities across every major operating system and web browser. The same capabilities that make it dangerous in the wrong hands make it invaluable for defense. That tension is exactly what Project Glasswing is designed to resolve.
Why This Is Happening Now
Software has always had bugs. Many are minor. Some are serious security flaws that, if discovered, allow attackers to hijack systems, disrupt operations, or steal data. What’s changed is who can find them.
For decades, finding and exploiting software vulnerabilities required deep expertise held by only a small number of skilled security researchers. That barrier kept the attack surface manageable. AI models have now eroded it dramatically. The cost, effort, and expertise required to find and exploit vulnerabilities have all dropped. Claude Mythos Preview represents a step change in this trend – not an incremental improvement, but a qualitative leap.
The vulnerabilities it has identified survived decades of human review and millions of automated security tests. The exploits it develops are increasingly sophisticated. Ten years after the first DARPA Cyber Grand Challenge, frontier AI models are now competitive with the best humans at finding and exploiting vulnerabilities.
The global financial costs of cybercrime are difficult to estimate precisely, but current figures suggest around $500 billion per year. State-sponsored attacks from actors across China, Iran, North Korea, and Russia have already threatened infrastructure underpinning both civilian life and military readiness. Project Glasswing treats this as the urgent national security problem it is.
What Claude Mythos Preview Found
Over the past few weeks, Anthropic used Claude Mythos Preview to identify thousands of zero-day vulnerabilities – flaws previously unknown to the software’s developers – many of them critical. Three examples illustrate the scale:
A 27-year-old vulnerability in OpenBSD. OpenBSD has a reputation as one of the most security-hardened operating systems in the world and is used to run firewalls and critical infrastructure. The flaw allowed an attacker to remotely crash any machine running the OS simply by connecting to it.
A 16-year-old vulnerability in FFmpeg. FFmpeg is used by countless applications to encode and decode video. The vulnerable line of code had been hit by automated testing tools five million times without detection.
A chained kernel exploit in Linux. The model autonomously found and chained together several vulnerabilities in the Linux kernel – the software running most of the world’s servers – allowing privilege escalation from ordinary user access to complete machine control.
All three have been reported to the relevant maintainers and patched. For additional vulnerabilities still awaiting fixes, Anthropic has published cryptographic hashes of the details and will disclose specifics after patches are in place.
The benchmark numbers reinforce what these findings suggest. On CyberGym, a cybersecurity vulnerability reproduction benchmark:
CyberGym – Cybersecurity Vulnerability Reproduction
Mythos Preview 83.1%
Claude Opus 4.6 66.6%
The gap on agentic coding tasks is equally significant:
Mythos Preview 93.9%
Opus 4.6 80.8%SWE-bench Pro
Mythos Preview 77.8%
Opus 4.6 53.4%Terminal-Bench 2.0
Mythos Preview 82.0%
Opus 4.6 65.4%
What Project Glasswing Actually Does
The launch partners will use Mythos Preview as part of their defensive security work. Anthropic will share findings so the broader industry can benefit. Access has also been extended to over 40 additional organizations that build or maintain critical software infrastructure.
Anthropic is committing up to $100M in usage credits for Mythos Preview across these efforts, covering substantial usage throughout the research preview period. After that window, the model will be available to participants at $25 per million input tokens and $125 per million output tokens, accessible via the Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry.
Beyond model access, Anthropic has donated $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5M to the Apache Software Foundation – enabling open-source maintainers to respond to this changing landscape. Open-source maintainers interested in access can apply through the Claude for Open Source program.
The practical work will focus on local vulnerability detection, black box testing of binaries, securing endpoints, and penetration testing. Within 90 days, Anthropic will report publicly on vulnerabilities fixed, improvements made, and lessons learned that can be disclosed.
What Partners Are Seeing
Several Project Glasswing partners have had access to Mythos Preview for weeks before today’s announcement. The consensus is consistent: the model identifies complex vulnerabilities that prior-generation models missed entirely, and the pace of discovery changes the calculus for defenders and attackers alike.
Cisco’s SVP and Chief Security and Trust Officer described AI capabilities crossing a threshold that fundamentally changes the urgency required to protect critical infrastructure. Microsoft tested Mythos Preview against CTI-REALM, their open-source security benchmark, and found substantial improvements over previous models. CrowdStrike noted that the window between vulnerability discovery and exploitation has collapsed – what once took months now happens in minutes.
The Linux Foundation pointed to a structural problem the project addresses: open-source maintainers, whose software underpins much of the world’s critical infrastructure, have historically been left to figure out security on their own. Giving them access to models that can proactively identify and fix vulnerabilities at scale changes that equation.
The Bigger Picture
Anthropic has been in ongoing discussions with US government officials about Mythos Preview and its offensive and defensive cyber capabilities. The position is direct: securing critical infrastructure is a top national security priority, and the emergence of these capabilities is another reason the US and its allies need to maintain a decisive lead in AI technology.
Project Glasswing is framed explicitly as a starting point, not a solution. The work of defending the world’s cyber infrastructure may take years. Frontier AI capabilities are likely to advance substantially over just the next few months. For defenders to come out ahead, the initiative needs to move now.
Anthropic does not plan to make Claude Mythos Preview generally available. The longer-term goal is to enable safe deployment of Mythos-class models at scale – for cybersecurity, but also for the broader benefits such capable models will bring. That requires developing safeguards that detect and block the model’s most dangerous outputs. New safeguards are planned for an upcoming Claude Opus model, where they can be refined without the same level of risk Mythos Preview carries.
In the medium term, Anthropic envisions an independent third-party body – bringing together private and public sector organizations – as the permanent home for continued work on large-scale cybersecurity projects. Project Glasswing is an invitation to the rest of the industry to help build it.
Key Numbers at a Glance
$4M direct donations to open-source security organizations
40+ additional organizations with model access
12 major launch partners
1000s zero-day vulnerabilities identified
27 years oldest vulnerability found (OpenBSD)