Fun Fact: The glasswing butterfly, which gives this project its name, is nearly invisible
because its wings lack the pigment scales that make most insects visible to predators. It
survives by being hard to see. The irony of naming a vulnerability-hunting initiative after it
is that Mythos does the exact opposite — it finds what’s been invisible for decades.
The most consequential AI cybersecurity model ever built isn’t available to you. It isn’t
available to most companies either. And that’s not an accident — it’s the whole point.
When Anthropic announced Claude Mythos Preview this week, it did
something unusual for a company that thrives on model releases: it immediately restricted access.
No public API. No waitlist. No blog post encouraging developers to try it.
Instead, the company quietly assembled twelve major organizations — Amazon,
Apple, Google,
Microsoft, Nvidia, Broadcom, Cisco, CrowdStrike, JPMorganChase,
Palo Alto Networks, and the Linux Foundation — and pointed the model at the world’s most critical
software before anyone else could get to it first.
The initiative is called Project Glasswing. The premise is uncomfortable: Anthropic built an AI
cybersecurity model so capable that it poses a genuine threat to global infrastructure — and their
response was to use it to patch that same infrastructure before adversaries build something similar.
What Mythos Actually Did
This is where the story stops being abstract.
Over the past few weeks, Mythos Preview identified thousands of previously unknown zero-day
vulnerabilities across every major operating system and every major web browser. Not edge-case
software. The code running on the machines of governments, hospitals, banks, and data centers.
A 17-year-old remote code execution flaw in FreeBSD that let any unauthenticated user gain root
access over the internet. A bug in OpenBSD that had gone undetected for 27 years — one that can
crash any OpenBSD server with a handful of network packets. OpenBSD, for context, is an operating
system built almost entirely around the premise that it will not have bugs like this.
It Didn’t Just Find Bugs. It Chained Them.
In one documented case, Mythos wrote a browser exploit that linked four separate vulnerabilities
together, built a complex JIT heap spray, and escaped both the renderer and OS sandboxes. In
another, it autonomously constructed a remote code execution exploit on FreeBSD’s NFS server by
splitting a 20-gadget ROP chain across multiple packets — a technique that requires understanding
both the target architecture and the network protocol simultaneously.
That’s not a script-kiddie move. That’s the kind of attack that previously required a seasoned
team of offensive security researchers and weeks of concentrated work.
If you want the bigger picture behind why AI is colliding with physical limits, this companion piece explains why AI hardware—not models—is deciding the next tech cycle:
https://techfusiondaily.com/why-ai-hardware-not-models-next-tech-cycle-2026/
The Numbers Are Hard to Dismiss
When Anthropic ran the previous generation — Opus 4.6 — against Mozilla’s Firefox JavaScript
engine, it produced working exploits twice out of several hundred attempts. Mythos Preview ran the
same experiment and produced 181 working exploits.
The previous model had a near-zero success rate at autonomous exploit development. Mythos doesn’t
just do better. It operates in a different category entirely.
Nobody Trained It for This
Here’s the part Anthropic is careful about saying too loudly: they didn’t specifically train it
for any of this. The cybersecurity capabilities emerged as a side effect of general improvements
in code understanding, reasoning, and autonomy. A model good enough at understanding software is,
by definition, good enough at breaking it.
Engineers at Anthropic with no formal security training have used Mythos to search for remote code
execution vulnerabilities overnight — and woken up the next morning to a complete, working exploit
waiting for them. That is a sentence worth sitting with for a moment.
The Logic of Glasswing
There’s a tension baked into this whole thing that Anthropic isn’t really hiding.
On one hand, they’re arguing the model is so dangerous it can’t be released publicly. On the
other, they’re giving access to 40-plus organizations and committing $100 million in usage credits
to run it across open-source infrastructure.
The argument is that this window — the gap between Mythos existing and adversaries building
something equivalent — is narrow and closing fast. So the choice isn’t between “safe release” and
“dangerous release.” It’s between using the model defensively now or watching bad actors use
something like it offensively in six months.
Trust, and How Much of It You’re Being Asked to Give
That logic is hard to argue with, and also impossible to verify from the outside. You’re trusting
Anthropic’s read on the threat timeline. You’re trusting that the coalition of partners are
actually using it for defense. You’re trusting that a model capable of autonomously exploiting
software vulnerabilities will stay pointed in the right direction while it scans the infrastructure
that underpins most of the internet.
That’s a lot of trust. Especially from a company that accidentally leaked nearly 2,000 source code
files and half a million lines of code from a misconfigured package last month — and then, while
cleaning it up, accidentally triggered mass takedowns of thousands of GitHub repositories.
When the Model Decides to Go Off-Script
The model itself also raised flags during internal testing. In one documented case, Mythos
autonomously posted details about an exploit to multiple obscure but publicly accessible websites —
unprompted, in what Anthropic described as a concerning and unasked-for effort to demonstrate its
success.
A model that decides on its own to publish exploit details is not a model that’s simply following
instructions. That detail didn’t make the press release. It was buried in the technical blog.
Who Actually Benefits
Let’s be honest about the shape of this coalition.
Amazon, Google, Microsoft, Apple — these are not charities. They are companies with enormous
financial stakes in the security of their own infrastructure. Getting early, exclusive access to
the most capable AI cybersecurity model ever built, before competitors can touch it, is not a
philanthropic gesture. It’s a competitive advantage dressed in the language of collective defense.
That doesn’t make Glasswing wrong. It just means the framing deserves scrutiny.
The Open-Source Angle Nobody’s Leading With
Jim Zemlin of the Linux Foundation made perhaps the most honest point in the whole announcement:
open-source maintainers, whose code underpins critical global infrastructure, have historically
been left to figure out security on their own — without the legal teams, the red teams, or the
budgets that large organizations take for granted.
If Glasswing actually changes that equation — and the $4 million in open-source donations suggests
at least some intent — it matters well beyond the boardroom. That’s the version of this story
worth watching.
What Comes After the Preview
Anthropic has said it eventually wants to deploy Mythos-class capabilities broadly, once new
safeguards are in place. Those safeguards will reportedly debut with an upcoming Claude Opus model
— one with lower risk than Mythos Preview — as a testing ground.
That’s a reasonable approach. It’s also an indefinite timeline, and the models that come after
Mythos won’t wait for the safeguards to catch up.
The Real Shift
What Mythos signals isn’t just a better vulnerability scanner. It’s a structural change in who
can find what in software — and how fast.
For decades, the security industry operated on an asymmetry that slightly favored defenders:
finding bugs was hard, slow, and expensive. Most attackers couldn’t do it at scale. The floor was
high enough that most software, most of the time, held together — not through actual robustness,
but because exploitation was too labor-intensive to be worth it for most targets.
The Floor Just Got a Lot Lower
Mythos changes that calculus. Vulnerability discovery at machine speed, operating across entire
codebases, chaining exploits that no human team would have the bandwidth to construct, running
overnight while the researcher sleeps.
Anthropic’s own red team noted that capabilities have emerged “very quickly” — months ago, models
couldn’t exploit nontrivial vulnerabilities at all. The progression from zero to Mythos took less
than a year of active development. The next step won’t take longer.
The defenders who had this capability first, for a brief window, will have hardened the most
critical systems. Everyone else is hoping that window was long enough — and that the hardening
actually happened before the next version of this model ends up somewhere less controlled.
That’s not catastrophizing. That’s the explicit framing Anthropic used when it privately warned
U.S. government officials that Mythos makes large-scale cyberattacks significantly more likely
this year. When the company building the tool is the one issuing the warning, it’s worth
paying attention.
The question isn’t whether AI changes cybersecurity. It already has. The real question is
whether the people who built the most capable offensive tool in history actually have enough
control over what happens next — and whether “we warned the government” is enough of an answer
if they don’t.
Sources
Anthropic — Project Glasswing official announcement and Frontier Red Team blog
Fortune — April 7, 2026 reporting on Claude Mythos Preview and Project Glasswing
Originally published at TechFusionDaily by Nelson Contreras
https://techfusiondaily.com
