Claude Mythos & Project Glasswing: When AI Gets Too Good at Hacking, It Becomes the Defenders' Weapon

A Model Too Dangerous for Public Release

On April 7, 2026, Anthropic did something unusual: announced a new frontier model – and simultaneously declared it would not be publicly available.

Claude Mythos Preview is a general-purpose model that demonstrates one capability changing everything: it can find and exploit software vulnerabilities – better than virtually any human expert.

This isn't a marketing claim. Mythos Preview has already found thousands of zero-day vulnerabilities – including critical bugs in every major operating system and every major web browser.

What Mythos Preview Found

Three examples illustrate the scale:

1. A 27-year-old vulnerability in OpenBSD – an operating system known for its security. The bug allowed anyone to remotely crash any machine by simply connecting to it.

2. A 16-year-old bug in FFmpeg – software used in countless applications for video encoding. Automated testing tools had hit this line of code five million times without catching the flaw.

3. A Linux kernel exploit chain – the model autonomously found and chained multiple vulnerabilities to escalate from ordinary user access to complete machine control.

The remarkable part: Mythos Preview found most of these vulnerabilities entirely autonomously – without any human steering.

The Leap Over Opus 4.6

The numbers are dramatic. On the CyberGym benchmark, Mythos Preview scores 83.1% – compared to 66.6% for Opus 4.6.

Even more striking is the exploit comparison: in a Firefox JavaScript engine test, Opus 4.6 could develop a working exploit in only 2 out of several hundred attempts. Mythos Preview succeeded 181 times.

General coding benchmarks tell the same story:

• SWE-bench Verified: 93.9% (vs. 80.8%)
• SWE-bench Pro: 77.8% (vs. 53.4%)
• Terminal-Bench 2.0: 82.0% (vs. 65.4%)

These capabilities weren't explicitly trained – they emerged as a side effect of improved code, reasoning, and autonomy capabilities.

Project Glasswing: The Defense Initiative

Instead of making Mythos Preview public, Anthropic launched Project Glasswing – named after the glasswing butterfly with its transparent wings (symbolizing the initiative's commitment to transparency and vulnerability disclosure).

The 12 Founding Partners

Project Glasswing brings together an unprecedented consortium:

• Amazon Web Services
• Apple
• Broadcom
• Cisco
• CrowdStrike
• Google
• JPMorganChase
• Linux Foundation
• Microsoft
• NVIDIA
• Palo Alto Networks
• Anthropic

Plus over 40 additional organizations that build or maintain critical software infrastructure.

The Investment

• $100 million in usage credits for Mythos Preview
• $4 million in direct donations to open-source security organizations

Why This Is Strategically Significant

1. Anthropic Redefines Its Safety Leadership

Until now, Anthropic's safety narrative has been largely theoretical: Responsible Scaling Policy, Constitutional AI, alignment research. With Glasswing, Anthropic demonstrates a concrete, productive application of safety – one that creates real economic and security value.

2. The Business Model Shifts

A model that isn't publicly available but is licensed through controlled partnerships represents a new paradigm. Anthropic becomes the defense contractor of the digital age – with a product so powerful that its controlled deployment is itself a competitive advantage.

3. The Cybersecurity Landscape Changes Fundamentally

The core insight from the Frontier Red Team Blog: the same capabilities that make models better at fixing bugs also make them better at exploiting them. This means:

• Short-term: Attackers could benefit if frontier labs aren't careful
• Long-term: Defenders will be more efficient, finding and fixing bugs before code ever ships

The transition period will be turbulent.

What Companies Should Do Now

Project Glasswing isn't an abstract research project – it has direct implications:

Security teams should evaluate how AI-powered vulnerability scanning can be integrated into their workflows. If Mythos Preview finds bugs in every major OS, the next comparable model will find them in your software too.

CTOs and CISOs need to reassess the threat landscape. The window between vulnerability discovery and exploit has collapsed from months to minutes.

Open-source maintainers should explore access through the Linux Foundation – the initiative offers enterprise-grade security tools for projects that normally couldn't afford them.

Our Take

Claude Mythos Preview and Project Glasswing mark a turning point. Not because a single model delivers impressive benchmarks – but because Anthropic draws the institutional consequence from it.

Choosing not to release a model because its capabilities are too dangerous, and instead launching an industry-wide defense initiative – that's a move we haven't seen before in the AI industry.

The question is no longer whether AI will transform cybersecurity. The question is whether defenders are fast enough to leverage the head start that initiatives like Glasswing provide.

For companies positioning themselves now, this is an enormous opportunity. For everyone else, the clock is ticking.