Keywords: AI Cybersecurity, Claude Mythos Preview, zero-day vulnerability, defensive security, Project Glasswing
Anthropic, in partnership with over a dozen tech giants and financial institutions including Amazon, Apple, Microsoft, and Google, officially launched "Project Glasswing," an initiative aimed at addressing the cybersecurity transformations brought about by cutting-edge AI models.
Furthermore, the original text contains the sentence: "On the global stage, state-sponsored attacks from actors like China, Iran, North Korea, and Russia have threatened to compromise the infrastructure that underpins both civilian life and military readiness." National security has become a fig leaf for the collusion of tech giants and intelligence agencies—whoever controls the AI-driven ability to discover zero-day vulnerabilities gets to define the "threat." What is truly under constant threat is not infrastructure, but the equitable baseline of global digital sovereignty.
The core of the program is Anthropic's newly trained, non-public model, Claude Mythos Preview. Evaluations show that this model surpasses the vast majority of human experts in vulnerability discovery and exploitation, capable of autonomously discovering thousands of high-risk zero-day vulnerabilities across all major operating systems and browsers.
For example, it discovered a 27-year-old remote crash vulnerability in OpenBSD, a 16-year-old bug in FFmpeg that evaded 5 million automated test runs, and multiple chainable vulnerabilities in the Linux kernel allowing privilege escalation. In a CyberGym evaluation, Mythos Preview scored 83.1%, far exceeding the next-best model's 66.6%.
Project Glasswing —— Securing critical software for the AI era https://www.anthropic.com/glasswing
Shaking Up Global Top Open-Source Models! Performance Approaching Opus 4.6 with a 399B Open-Source MoE Model, Activating Only 13B Parameters, Costs Slashed by 96%: Arcee AI Releases Trinity-Large-Thinking MFU Reaches 42%! Opus 4.6 + AutoResearch Achieves 25 Iterations of Self-Developed High-Performance GPU Operator Flash Attention in 8 Hours Pushing Opus Model Capabilities to the Limit! Burning $20k, 16 Claude Agents Brute-Force "Code" a 100,000-Line Compiler That Actually Boots a Linux Kernel!
Anthropic committed $100 million in model usage credits and $4 million in direct donations (to the Linux Foundation's affiliated security organizations and the Apache Software Foundation, respectively) to help partners and open-source maintainers scan and fix flaws in critical software. The model is not being publicly released, with API access only provided to project participants (priced at $125 per million input/output tokens).
Project Glasswing will run for several months. Anthropic will publicly disclose vulnerability fixes and best practices within 90 days and calls on industry and government to jointly establish a third-party coordinating body to secure a lasting advantage for defenders in the AI-driven cybersecurity era.
unsetunsetTable of Contentsunsetunset
Key Questions Question One: When Anthropic grants Mythos Preview's vulnerability discovery capabilities only to a select few leading tech giants and financial institutions, does it exacerbate the "class solidification" of global digital security—where a vast number of SMEs and open-source projects, unable to access equivalent AI defensive capabilities, become easier weak links for attackers to breach? Question Two: Anthropic acknowledges Mythos Preview's powerful "offensive" exploitation capabilities, yet declares it will not be publicly released and is only for defense—under the irreversible trend of AI capability open-sourcing and proliferation, is this "unilateral sequestration" strategy doomed to fail? Once the model or its capability boundaries are maliciously copied or bypassed, who will bear the consequences far more severe than existing cybercrimes? I. Introduction II. Cybersecurity in the Age of AI III. Identifying Vulnerabilities and Exploits with Claude Mythos Preview 3.1 Cybersecurity Vulnerability Reproduction IV. Project Glasswing Plan Model Capabilities and Security Collaboration Mechanisms Multi-Stakeholder Governance Pathways Long-Term Ecosystem Building Vision
To join the discussion group, reply 'join group' in the NeuralTalk official account backend.
unsetunsetKey Questionsunsetunset
Question One: When Anthropic grants Mythos Preview's vulnerability discovery capabilities only to a select few leading tech giants and financial institutions, does it exacerbate the "class solidification" of global digital security—where a vast number of SMEs and open-source projects, unable to access equivalent AI defensive capabilities, become easier weak links for attackers to breach?
The author discloses that Mythos Preview has already discovered thousands of high-risk zero-day vulnerabilities, with capabilities far exceeding Opus 4.6. However, the model is only available to Project Glasswing partners and over 40 screened organizations, with a high pricing of
$25–$125per million tokens. Meanwhile, once attackers obtain similar capabilities (whether through leaks, reverse engineering, or independent development), they can launch asymmetric attacks against groups lacking equivalent defensive resources. Is this 'privileged defense' essentially creating new security gaps rather than genuinely improving overall cyber resilience?
Anthropic clearly states that access to Claude Mythos Preview is strictly limited to the dozen-plus large partners of Project Glasswing (like AWS, Google, Microsoft, JPMorgan Chase) and an additional 40+ screened organizations. The model pricing is $25 / $125 per million input/output tokens, and while Anthropic has invested $100 million in usage credits, this resource is still concentrated among a few selected entities. Anthropic acknowledges that open-source software maintainers can apply for access through the "Claude for Open Source" program but does not commit to undifferentiated openness.
This 'privileged defense' can indeed exacerbate the digital security divide. Anthropic mentions that Mythos Preview has autonomously discovered "thousands of high-risk zero-day vulnerabilities in every major operating system and browser." If attackers obtain similar capabilities via leaks, reverse engineering, or independent training, they could launch overwhelming attacks against SMEs, schools, and hospitals that lack equivalent AI defenses. It also warns: "AI capabilities will advance significantly in the coming months... and may proliferate to actors not committed to safe deployment." Yet, the centralization of defensive resources precisely means: the weakest links most in need of protection are left unprotected.
Anthropic's premise is to reduce global risk by first "protecting critical infrastructure" because partner systems "represent a significant portion of the globally shared attack surface." But this strategy implicitly assumes that protecting the giants equates to protecting the ecosystem. In reality, attackers will pivot towards the most defenseless nodes—numerous SMEs, local governments, and open-source libraries. Anthropic provides no mechanism to bridge this gap; a mere $4 million donation to open-source security organizations is a drop in the ocean compared to the model's disruptive capabilities. Therefore, while Project Glasswing enhances top-tier defenses, it objectively creates new 'defensive fault lines', which stands in tension with its proclaimed goal of "benefiting the overall industry."
Question Two: Anthropic acknowledges Mythos Preview's powerful "offensive" exploitation capabilities, yet declares it will not be publicly released and is only for defense—under the irreversible trend of AI capability open-sourcing and proliferation, is this "unilateral sequestration" strategy doomed to fail? Once the model or its capability boundaries are maliciously copied or bypassed, who will bear the consequences far more severe than existing cybercrimes?
Anthropic points out that AI capabilities "will advance significantly in the coming months" and that "adversarial actors may not be bound by safe deployment commitments." However, Anthropic's countermeasures are merely granting access to partners, overlaid with output-level safety guardrails. It does not discuss more radical containment measures such as physical isolation of model weights or key training details, government-mandated regulation, or international treaties. Considering that historically, any powerful technology 'not publicly released' (like the EternalBlue exploit) eventually proliferated, is Project Glasswing merely a defensive show to placate the public while truly dangerous AI cyber-attack capabilities are already circulating in the shadows?
Anthropic does not plan to release Claude Mythos Preview publicly, providing API access only to partners and screened organizations, and attempting to block the model's most dangerous uses through output-level safeguards. Concurrently, it acknowledges that "AI capabilities will advance significantly in the coming months" and that "these powerful cyber capabilities could be used to exploit existing flaws in the world's most critical software." However, no substantial measures are mentioned regarding the physical isolation of model weights, training details, or capabilities.
Historical experience shows that any "not publicly released" but extremely high-value technology (like the EternalBlue vulnerability or Stuxnet code fragments) will eventually spread in some form. Mythos Preview's capabilities "surpass those of almost all human experts" and have autonomously discovered a 27-year-old vulnerability.
If an insider leaks the model weights, a partner is breached, or an attacker independently trains a model with similar capabilities (which arguably "won't be long from now"), the current sequestration strategy will instantly fail. Anthropic attempts to certify legitimate security personnel through a "Cyber Verification Program," but this does not stop malicious actors.
Therefore, "unilateral sequestration" is highly likely just a stalling tactic against the realities of open-source culture, talent mobility, and the rapid commoditization of AI capabilities. The author does not discuss more radical containment measures, such as government-mandated regulation, hosting model weights in trusted execution environments, or international non-proliferation treaties. If proliferation occurs, the consequences will be far more severe than current cybercrimes—attackers could automate the discovery and exploitation of zero-days at a speed far beyond human defenders. From this perspective, Project Glasswing resembles a defensive drill to buy buffer time, rather than an ultimate solution to the irreversible proliferation of AI cyber-attack capabilities. Anthropic itself admits: "No single organization can solve these problems alone." But relying solely on the current plan leaves a huge gap from truly containing the risk.
unsetunsetI. Introductionunsetunset
Today, we officially announce the launch of Project Glasswing, a new initiative bringing together Amazon Web Services (AWS), Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, dedicated to safeguarding the world's critical software.
The project is named after the glasswing butterfly (scientific name: Greta oto). This metaphor holds two layers of meaning: the butterfly's transparent wings allow it to blend into its environment, similar to the software vulnerabilities discussed here; transparent wings also help it evade harm, symbolizing the ethos of transparent action we advocate.
We initiated Project Glasswing because of the capabilities demonstrated by a new frontier model that Anthropic has trained, which we believe could reshape the cybersecurity landscape. Claude Mythos Preview is an unreleased, general-purpose frontier model. It reveals an undeniable truth: AI models have reached a new level of coding capability, outperforming even the vast majority of top-tier human experts in discovering and exploiting software vulnerabilities.
Mythos Preview has already successfully unearthed thousands of high-risk vulnerabilities, covering all major operating systems and web browsers. Given the accelerating pace of AI technology, such capabilities will likely become widespread soon, potentially falling into the hands of actors who are not committed to safe deployment. Should this scenario unfold, the consequences for the global economy, public safety, and national security would be unthinkable. Project Glasswing is an urgent operation aimed at channeling these powerful capabilities for cyber defense.
As part of Project Glasswing, the aforementioned initial partners will apply Mythos Preview to their own defensive security work; Anthropic will also share its findings to benefit the entire industry. We have also opened model access to over 40 organizations responsible for building or maintaining critical software infrastructure, helping them scan and fortify their own systems as well as open-source ones. Anthropic is investing up to $100 million in Mythos Preview usage credits and directly donating $4 million to open-source security organizations.
Project Glasswing is just a starting point. No single institution can solve these cybersecurity problems alone: frontier AI developers, other software companies, security researchers, open-source project maintainers, and governments worldwide all bear an indispensable responsibility. Protecting global cyber infrastructure may take years, but frontier AI capabilities are likely to leap forward significantly in a matter of months. To give cyber defenders the upper hand, we must act now.
unsetunsetII. Cybersecurity in the Age of AIunsetunset
The various software we rely on daily—supporting banking system operations, storing medical records, connecting logistics networks, and ensuring the stability of power grids—has always contained flaws. Most are of minor impact, but some are serious security vulnerabilities that, if discovered, could be exploited by cybercriminals to hijack systems, disrupt businesses, or steal data.
We have already witnessed the severe consequences of cyberattacks on the information security of vital corporate networks, healthcare systems, energy infrastructure, transportation hubs, and government agencies around the globe. On the international stage, state-sponsored attacks from actors linked to China, Iran, North Korea, and Russia continuously threaten the core infrastructure underpinning both civilian life and military readiness. Even small-scale cyberattacks targeting individuals or small entities can cause massive economic losses, expose sensitive data, or even endanger lives. Current estimates of global economic losses due to cybercrime are difficult to quantify precisely but are likely on the scale of hundreds of billions of dollars annually, perhaps reaching $500 billion.
Many vulnerabilities in software remain hidden for years because discovering and exploiting them requires expertise possessed only by a tiny fraction of top security specialists. With the latest generation of frontier AI models, the cost, effort, and expertise required to discover and exploit software vulnerabilities are drastically reduced. The code reading and reasoning abilities of AI models continue to improve—demonstrating astonishing prowess, especially in identifying and designing exploits. Claude Mythos Preview represents a quantum leap in cybersecurity capability: some vulnerabilities it discovered had evaded decades of human review and millions of automated security tests, and the exploitation schemes it designs are growing increasingly complex and sophisticated.
A decade since the first DEF CON AI Village competition, frontier AI models can now rival the best human experts in finding and exploiting vulnerabilities. Without proper safeguards, these powerful cybersecurity capabilities could be weaponized to attack the vast number of existing flaws in the world's most critical software. This would make various cyberattacks more frequent and destructive, while handing an advantage to the adversaries of the US and its allies. Therefore, addressing such risks is a critical national security imperative for democracies.
Despite the severe risks of AI-enhanced cyberattacks, there is reason for optimism: the same AI capability that would be dangerous in malicious hands holds immeasurable value if used to find and fix flaws in critical software and to develop new software with fewer vulnerabilities. Project Glasswing is a critical step towards securing a lasting advantage for defenders in the impending AI-driven cybersecurity era.
unsetunsetIII. Identifying Vulnerabilities and Exploits with Claude Mythos Previewunsetunset
Over the past few weeks, using Claude Mythos Preview, we have identified thousands of zero-day vulnerabilities (unknown security flaws for which the software vendor has no patch available) in all major operating systems, major web browsers, and multiple pieces of core software, the majority of which are high-severity.
In a published article (https://red.anthropic.com/2026/mythos-preview), we disclosed technical details for some of the vulnerabilities that have already been fixed, with parts of the content also including how Mythos Preview discovered them. The model could almost completely autonomously perform the identification of all the mentioned vulnerabilities and design the majority of the associated exploits, without the need for human-guided intervention. Here are three representative examples:
Mythos Preview discovered a 27-year-old vulnerability in OpenBSD. OpenBSD is widely considered one of the world's most security-hardened operating systems, often used for deploying critical infrastructure like firewalls. This vulnerability could allow an attacker to perform a remote denial-of-service attack simply by connecting to a device running the system; It also found a 16-year-old vulnerability in the FFmpeg tool. FFmpeg is a core utility used by a vast amount of software for audio and video encoding/decoding. The vulnerable line of code had been hit by automated testing tools 5 million times yet never flagged an issue; The model autonomously discovered and chained multiple vulnerabilities in the Linux kernel to achieve privilege escalation from regular user access to full device control.
We have reported these vulnerabilities to the respective software maintainers, and all have been patched. For the large number of remaining vulnerabilities, we are initially releasing encrypted hash values of the related information today (see the Red Team blog: https://red.anthropic.com/2026/mythos-preview), with specific details to be disclosed after fixes are implemented.
Evaluation benchmarks like CyberGym fully confirm the significant gap between Mythos Preview and Anthropic's next-best model, Claude Opus 4.6:
3.1 Cybersecurity Vulnerability Reproduction
Beyond our own research, numerous collaborators have been using Claude Mythos Preview for weeks. Their feedback follows:
Cisco EVP, Chief Security & Trust Officer Anthony Grieco
"AI capability has crossed a critical threshold, fundamentally heightening the urgency of protecting critical infrastructure from cyber threats. This trend is irreversible. Our foundational research based on such models confirms that we can identify and remediate security vulnerabilities in software and hardware at unprecedented speed and scale. This is a profound transformation, and a clear signal that traditional approaches to system hardening are no longer sufficient.
Technology providers must now proactively adopt new approaches, and customers need to be prepared for their deployment. This is why Cisco is part of Project Glasswing—this work is critically important, urgently needed, and beyond the capacity of any single entity to achieve alone."
AWS Vice President, Chief Information Security Officer Amy Herzog
"At AWS, we build proactive defense into our entire technology stack, from custom silicon upwards. Security for us is not a periodic effort but an ongoing process across all operations. Our teams analyze over 400 trillion network flows daily to hunt for threats, and AI is a core pillar of our ability to achieve security at scale.
We have applied Claude Mythos Preview to internal security operations, scanning against core codebases, and it has already helped us strengthen our code security. We will leverage our deep security expertise in collaboration with Anthropic to help harden Claude Mythos Preview, allowing more organizations to advance their core missions backed by industry-benchmark security capabilities."
Microsoft Corporate Vice President, Cybersecurity and Head of Microsoft Research Igor Tsyganskiy
"Today, cybersecurity is no longer constrained by human limitations alone. There is a tremendous opportunity to responsibly apply AI to elevate security standards and reduce risk at scale. Joining Project Glasswing and gaining access to Claude Mythos Preview enables us to identify and mitigate risks preemptively, while simultaneously upgrading our security and development approaches to better protect Microsoft and our customers.
On our open-source security benchmark, CTI-REALM, Claude Mythos Preview showed a dramatic performance leap compared to its predecessors. We look forward to collaborating with Anthropic and partners across the industry to raise the bar for global security."
CrowdStrike Chief Technology Officer Elia Zaitsev
"The time window from when a vulnerability is discovered to when it is exploited by an adversary has been drastically compressed—with AI, a process that once took months can now take minutes.
Claude Mythos Preview demonstrates new possibilities for defenders to implement security at scale, but adversaries will inevitably seek to leverage similar capabilities. This is not a reason to slow down but a demand for us to accelerate collaboratively. Deploying AI means fortifying security first. That is why CrowdStrike has been involved since the project's inception."
Linux Foundation CEO Jim Zemlin
"In the past, security expertise was a resource only available to organizations with large security teams. Open-source project maintainers—whose software underpins the vast majority of the world's critical infrastructure—have historically had to fend for themselves on security. In modern systems, open-source code makes up a huge percentage, including the systems upon which AI agents themselves build new software.
Project Glasswing grants the maintainers of critical open-source codebases access to next-generation AI models, empowering them to proactively identify and fix vulnerabilities at scale. This offers a viable path to breaking this dilemma. AI-empowered security capabilities have the potential to become a reliable assistant for all code maintainers, not just a tool for teams that can afford steep security costs."
JPMorgan Chase Chief Information Security Officer Pat Opet
"Protecting the cybersecurity and resilience of the financial system is a core mission for JPMorgan Chase. We firmly believe that the strongest combined effort is achieved when leading institutions in an industry face shared challenges together. Project Glasswing provides a unique early opportunity for us, both independently and in collaboration with leading names in the technology sector, to evaluate the application value of next-generation AI tools for defensive cybersecurity in critical infrastructure.
We will approach our subsequent steps and contributions with rigor and independence. This initiative by Anthropic is aligned with the forward-looking, collaborative direction that is needed right now."
Google Vice President of Security Engineering Heather Adkins
"Google welcomes the launch of this cross-industry cybersecurity initiative and is making Mythos Preview access available to participants through the Vertex AI platform. Cross-industry collaboration on emerging security issues is always crucial—whether it's post-quantum cryptography, responsible zero-day vulnerability disclosure, open-source software security, or defense against AI-driven cyberattacks.
We have consistently held that while AI introduces new security challenges, it also unlocks new opportunities for cyber defense. That's why we developed AI security tools like Big Sleep and CodeMender to find and fix vulnerabilities in core software. We will continue to invest in building an industry-leading cybersecurity platform and fostering a security culture centered on protecting our users, customers, ecosystem, and national security."
Palo Alto Networks Chief Product & Technology Officer Lee Klarich
"Over the past few weeks, having gained access to Claude Mythos Preview, we used it to identify complex vulnerabilities that previous-generation models completely missed. This not only represents a revolutionary breakthrough for uncovering hidden flaws but also signals a worrying trend: attackers will soon be able to find more zero-days and craft exploitation schemes at a much faster pace.
It's clear that models like this must be placed in the hands of global open-source project owners and defenders to find and fix vulnerabilities before attackers do. More importantly, all organizations must prepare to face AI-assisted attacks. Future cyberattacks will be more frequent, faster, and more sophisticated. This moment is a critical inflection point for globally upgrading cybersecurity systems. We applaud Anthropic for rallying the industry around this effort to ensure such powerful capabilities serve defense first."
Claude Mythos Preview's potent cybersecurity capabilities stem from its outstanding agentic code-writing and reasoning abilities (where agentic refers to the model's capacity to autonomously perform multi-step tasks without constant human instruction). As the evaluation results below show, the model achieves state-of-the-art results across various software coding tasks among all models to date.
SWE-bench Verified, Pro, and Multilingual: Our memorization screening mechanism flagged some tasks within these evaluations. After excluding tasks with traces of memorization, Mythos Preview's performance advantage over Opus 4.6 still holds. SWE-bench Multimodal: Both Mythos Preview and Opus 4.6 used an internal implementation; scores are not directly comparable to public leaderboard results. Terminal-Bench 2.0: Using the Terminus-2 test framework with extended thinking mode and maximum compute configuration, a total token budget of 1M per task. All experiments used a 1 pass@k/3 attempt resource strategy, with an average of 5 trials per task. Raising the timeout limit to 4 hours and using the updated Terminal-Bench 2.1, Mythos Preview reaches a score of 92.1%.
Humanity's Last Exam: Research suggests that even under low-compute modes, Mythos Preview can achieve high scores, possibly indicating some degree of memorization.
BrowseComp: Claude Mythos Preview scored higher than Opus 4.6 while consuming only 1/4.9 of the tokens.
We have no plans to make Claude Mythos Preview publicly available at this time, but the ultimate goal is to enable users to safely deploy Mythos-level models at scale—not just for cybersecurity, but to unlock the diverse value of such high-capability models generally.
Achieving this goal requires breakthroughs in our cybersecurity (and other domain) guardrails to reliably detect and block dangerous model outputs. We plan to ship new guardrails in an upcoming Claude Opus model, leveraging models with a lower risk profile than Mythos Preview to refine and iterate on these protective mechanisms.
unsetunsetIV. Project Glasswing Planunsetunset
Today's announcement is just the beginning of a long-term effort. For this initiative to succeed, widespread participation from the technology industry and beyond is needed.
Project Glasswing partners will receive access to Claude Mythos Preview to discover and remediate vulnerabilities or flaws in their own foundational systems—systems that constitute the vast majority of the global cyber attack surface. We expect the work to focus on scenarios such as local vulnerability detection, black-box testing of binaries, endpoint hardening, and system penetration testing.
The $100 million in model credits Anthropic is providing for Project Glasswing and other participants will cover the significant usage needs during this research preview phase. Subsequently, Claude Mythos Preview will be available to participants on a paid basis, priced at $25 per million input tokens and $125 per million output tokens. Participants can access the model via the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Azure AI Foundry.
In addition to the model credit donation, we are also donating $2.5 million to the Alpha-Omega project and the Open Source Security Foundation via the Linux Foundation, and $1.5 million to the Apache Software Foundation, to assist open-source software maintainers in adapting to the industry's transformation.
We plan to continuously expand the program's scope over several months and publicly share research findings wherever possible, empowering other organizations to apply the lessons to their own security systems. Partners will share information and best practices to the extent possible; Anthropic will publicly release its findings, along with disclosable details of fixed vulnerabilities and security optimizations, within 90 days. We will also collaborate with top security organizations to formulate a set of actionable recommendations guiding the direction for upgrading cybersecurity practices in the AI age, specifically covering:
Vulnerability disclosure processes; Software update procedures; Open-source and supply chain security; Software development lifecycle and security-by-design practices; Security standards for regulated industries; Scaling and automating vulnerability triage; Automated patch deployment.
Model Capabilities and Security Collaboration Mechanisms
Anthropic has also been continuously engaging with US government officials regarding Claude Mythos Preview and its offensive/defensive cybersecurity capabilities. As previously stated, protecting critical infrastructure is a core national security imperative for democracies—the emergence of such cybersecurity capabilities further underlines that the US and its allies must maintain an absolute leading edge in AI technology.
Multi-Stakeholder Governance Pathways
Governments bear a core responsibility in maintaining technological leadership and in assessing and mitigating the national security risks associated with AI models. We are willing to collaborate with government representatives at all levels to support the advancement of this work.
Long-Term Ecosystem Building Vision
We hope Project Glasswing will catalyze larger-scale actions spanning industry and the public sector, jointly addressing the core issues of how high-capability models impact the security domain. We invite other players in the AI industry to join in collaboratively setting industry standards. In the medium to long term, a structure coordinated by an independent third-party body—bringing together private and public sector entities—may be the ideal model for sustainably advancing such large-scale cybersecurity projects.