Anthropic just made the kind of move that reshapes an entire industry. On April 7, 2026, the company launched Project Glasswing — a $100 million cybersecurity initiative backed by a coalition that reads like a who’s-who of Big Tech: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The goal? Use an unreleased AI model called Claude Mythos Preview to find and fix zero-day vulnerabilities before attackers can exploit them.
This isn’t a research paper. It’s not a proof of concept. Mythos has already found thousands of zero-day vulnerabilities across every major operating system and web browser — including a 27-year-old bug in OpenBSD that nobody caught and a 16-year-old flaw in FFmpeg that survived 5 million automated fuzzing attempts. And now Anthropic is handing this capability to the organizations responsible for defending the world’s critical infrastructure.
What Is Claude Mythos Preview and Why Does It Matter?
Claude Mythos Preview is a frontier AI model that Anthropic has specifically designed for security research. It hasn’t been released to the public — only to Project Glasswing’s launch partners. And the performance numbers explain why Anthropic is being careful with distribution.
On Anthropic’s CyberGym benchmark, Mythos scores 83.1% compared to Claude Opus 4.6‘s 66.6%. But the coding benchmarks tell an even bigger story:
- SWE-bench Verified: 93.9% (vs. Opus 4.6 at 80.8%)
- SWE-bench Pro: 77.8% (vs. 53.4%)
- SWE-bench Multilingual: 87.3% (vs. 77.8%)
- Terminal-Bench 2.0: 82.0% (vs. 65.4%)
- OSWorld-Verified: 79.6% (vs. 72.7%)
Those aren’t marginal improvements. Mythos is operating at a level where it can, in Anthropic’s words, “surpass all but the most skilled humans” at identifying and exploiting software vulnerabilities. That sentence should make every security professional sit up and pay attention — both for the defensive possibilities and the implications of what happens when models like this become more widely available.
The Zero-Day Discoveries That Prove the Point
Numbers on benchmarks are one thing. Actually finding vulnerabilities that have been hiding in production code for decades is another. Here are three discoveries that demonstrate what Mythos can do in practice:
A 27-Year-Old OpenBSD Vulnerability
OpenBSD is widely considered one of the most security-focused operating systems ever built. Its developers have spent nearly three decades hardening the codebase. Mythos found a vulnerability that every human auditor, every automated scanner, and every previous AI model missed for 27 years. That’s not just impressive — it fundamentally challenges assumptions about what “well-audited” code actually means.
A 16-Year-Old FFmpeg Flaw
FFmpeg processes video and audio for billions of devices worldwide. Traditional automated testing — fuzzing — attempted to find this vulnerability over 5 million times and failed. Mythos found it. The difference between brute-force pattern matching and genuine code comprehension couldn’t be more starkly illustrated.
Linux Kernel Privilege Escalation Chain
Perhaps most impressively, Mythos didn’t just find isolated bugs in the Linux kernel — it autonomously identified multiple vulnerabilities and chained them together into a working privilege escalation exploit. This is the kind of work that typically requires a skilled red team spending weeks or months on a target. Mythos did it on its own.
The $100 Million Coalition: Who’s Involved and What They’re Doing
Anthropic is committing $100 million in model usage credits for Mythos Preview, plus an additional $2.5 million to Alpha-Omega and OpenSSF (open-source security foundations) and $1.5 million to the Apache Software Foundation. But the financial commitment is only part of the picture — the partner list is what makes Glasswing credible as an industry-wide initiative rather than a marketing exercise.
The 12 launch partners — AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks — collectively secure a substantial portion of the world’s digital infrastructure. An additional 40+ organizations maintaining critical infrastructure will receive extended access.
Here’s what key partners are saying about the urgency:
Microsoft CTO Igor Tsyganskiy framed the time pressure starkly: “The window between vulnerability discovery and exploitation has collapsed — what took months now happens in minutes.” That compression means traditional patch cycles are increasingly inadequate. By the time a security team triages a vulnerability, threat actors may already be exploiting it.
AWS VP Amy Herzog pointed to scale as the core challenge: “AI is central to our ability to defend at scale” against threats analyzed across 400 trillion daily network flows. No human team can process that volume. AI isn’t optional — it’s the only path to matching the scope of modern attacks.
Linux Foundation Executive Director Jim Zemlin highlighted the open-source angle: “This offers a credible path to changing the equation” for maintainers who lack the resources to hire dedicated security teams. Open-source projects power most of the internet, but many are maintained by volunteers who can’t afford professional security audits. Glasswing could change that calculus entirely.
How Glasswing Actually Works: From Detection to Disclosure
Glasswing covers six primary use cases: local vulnerability detection, black-box testing of compiled binaries, endpoint security, penetration testing, open-source software scanning, and supply chain security. The model can analyze source code, compiled binaries, and running systems — essentially covering the full spectrum of how software exists in production environments.
The disclosure process is equally important. When Mythos finds a vulnerability:
- Private disclosure: Anthropic reports the vulnerability directly to the software maintainer
- 90-day public reporting: Anthropic commits to publishing lessons learned within 90 days
- Cryptographic verification: Hashes are released for unpatched vulnerabilities so the discovery can be verified later without exposing details
- Full disclosure after patch: Complete technical details are released once the fix is deployed
This process mirrors industry-standard responsible disclosure practices (similar to what OpenAI’s bug bounty program follows), but with AI doing the initial discovery work that would normally require expensive human researchers.
The Pricing Signal: What Mythos Costs After the Research Phase
Anthropic has already announced post-preview pricing for Mythos: $25 per million input tokens and $125 per million output tokens. For context, that makes Mythos significantly more expensive than any current Claude model — roughly 2.5x the cost of Opus 4.6 on the input side. The output pricing is particularly steep, reflecting the computational intensity of deep code analysis.
Access will be available through the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry. That multi-cloud distribution strategy mirrors how Anthropic already distributes Claude’s existing product line, but with tighter access controls appropriate for a model with Mythos’s offensive capabilities.
The Dual-Use Problem: Why This Is So Complicated
There’s an uncomfortable truth embedded in Project Glasswing that Anthropic acknowledges directly: the same AI capabilities that find vulnerabilities defensively can also be used offensively. A model that can autonomously chain Linux kernel vulnerabilities into a privilege escalation exploit is, by definition, a model that could be weaponized.
Anthropic’s approach to this dual-use problem has several layers. First, Mythos isn’t being released to the general public — it’s restricted to vetted partners during the research preview. Second, Anthropic plans to launch additional safeguards alongside the upcoming Claude Opus model release. Third, the company is working toward establishing an independent third-party oversight body to govern how models with these capabilities are distributed and used.
The company has also been in discussions with U.S. government officials about the national security implications. As they put it: “Securing critical infrastructure is a top national security priority for democratic countries.” That language suggests Glasswing has geopolitical dimensions beyond commercial cybersecurity — this is partly about ensuring that Western AI capabilities in vulnerability detection stay ahead of adversaries.
This challenge isn’t unique to Anthropic. OpenAI faces similar questions with its own coding agents, and the industry is still working out the right balance between capability and safety in security-adjacent AI systems.
What This Means for the AI Security Landscape
Project Glasswing fundamentally changes the economics of vulnerability research. Today, a skilled security researcher costs $200,000-$400,000 per year. A dedicated red team engagement runs $50,000-$150,000 for a few weeks of work. If Mythos can replicate even a fraction of that capability at API pricing — even at $25/$125 per million tokens — the cost-per-vulnerability-discovered drops by orders of magnitude.
For open-source projects, the implications are transformative. The Linux Foundation and Apache Software Foundation funding means critical open-source infrastructure — the code that runs servers, databases, and web frameworks globally — will get professional-grade AI security auditing that most projects could never afford.
For enterprise security teams, Glasswing signals a future where AI-powered vulnerability scanning becomes a standard part of the development pipeline. Companies already using AI coding tools like Claude Code to write software will likely use models like Mythos to audit that software before deployment — an AI security loop where AI checks AI’s work.
The Competitive Response
Google and Microsoft — both Glasswing partners — have their own AI security research programs. But by positioning Mythos as a shared resource rather than a competitive weapon, Anthropic has created a dynamic where the biggest tech companies are collaborating on defense even as they compete on everything else. That’s unusual and, if it holds, genuinely valuable for the industry.
CrowdStrike CTO Elia Zaitsev captured the urgency: “That is not a reason to slow down; it’s a reason to move together, faster.” The message is clear — the threat landscape is evolving too quickly for any single company to handle alone, and AI-powered offense means AI-powered defense isn’t optional.
Why “Glasswing” and What Comes Next
The project is named after the glasswing butterfly (Greta oto), whose transparent wings let it hide in plain sight — much like the vulnerabilities Mythos is designed to find. It’s an apt metaphor: these aren’t obvious bugs. They’re the kind of subtle, deeply embedded flaws that survive decades of human review and millions of automated tests.
Looking ahead, Anthropic plans to use Glasswing’s findings to establish practical recommendations for vulnerability disclosure processes, software update procedures, supply chain security, and patching automation. The 90-day public reporting commitment means the broader security community will benefit from Mythos’s discoveries even if they don’t have direct access to the model.
The bigger question is what happens when models with Mythos-level capabilities become more widely accessible. Anthropic is building the institutional framework — disclosure processes, oversight bodies, partner agreements — now, while they still have some control over distribution. Whether that framework holds as AI cybersecurity capabilities proliferate to smaller, less cautious actors will determine whether Glasswing is remembered as the project that secured the internet or the one that started an AI-powered vulnerability arms race.
Either way, the era of AI-powered cybersecurity isn’t coming. It’s here. And Anthropic just fired the starting gun.
Source: Anthropic — Project Glasswing
