Transformer Ai

Anthropic Launches Project Glasswing: Claude Mythos Preview Targets Critical Software Security

Anthropic has announced Project Glasswing, a cross-industry cybersecurity initiative with AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The project gives selected defenders access to Claude Mythos Preview, an unreleased frontier model Anthropic says can find and help fix serious vulnerabilities in critical software.

The News in Brief

On April 7, 2026, Anthropic announced Project Glasswing, an initiative designed to secure important software systems before similar AI cyber capabilities become widely available to attackers. The launch partners include Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.

The project is built around Claude Mythos Preview, a gated research-preview model that Anthropic describes as its most capable model yet for coding and agentic tasks. Anthropic says Mythos Preview has already identified thousands of zero-day vulnerabilities across critical infrastructure, including flaws in major operating systems and browsers.

Anthropic is committing up to $100 million in model usage credits for Project Glasswing and additional participants, plus $4 million in donations to open-source security organisations. The model is not being released publicly. Project participants can access it through the Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry.

What Was Actually Announced

This was not a normal model launch. Anthropic did not put Claude Mythos Preview into Claude.ai for general users, and it did not announce a broad commercial API release. Instead, it announced a restricted defensive programme for organisations that operate, maintain, or secure critical software infrastructure.

The practical announcement has three parts.

First, selected launch partners are receiving access to Claude Mythos Preview for defensive security work. Anthropic says this will include local vulnerability detection, black-box testing of binaries, endpoint hardening, and penetration testing of systems. The target is not ordinary app development; it is the software layer that underpins operating systems, browsers, cloud infrastructure, open-source foundations, financial systems, and security products.

Second, Anthropic has extended access to more than 40 additional organisations that build or maintain critical software infrastructure. The open-source angle matters because modern software supply chains depend heavily on maintainers who often lack the budget, tooling, and staffing of large technology companies.

Third, Anthropic is funding the effort. The company says it will provide up to $100 million in model usage credits during the research preview. It has also donated $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5 million to the Apache Software Foundation.

The “available now” reality is narrow. Claude Mythos Preview is available as a gated research preview to approved Project Glasswing participants, not to the general public. Anthropic says pricing after the research-preview credits will be $25 per million input tokens and $125 per million output tokens for participants.

Anthropic also says it will publish a public report within 90 days covering lessons learned, vulnerabilities fixed, and improvements that can be disclosed. That matters because many of the most important findings cannot be shared immediately without giving attackers a roadmap.

The Technical Angle

The technical story is Claude Mythos Preview, but Anthropic is careful to frame it as a general-purpose frontier model rather than a cyber-only tool. The company’s argument is that stronger coding, reasoning, long-context handling, and agentic behaviour naturally improve both defensive and offensive cybersecurity capability.

In its technical red-team writeup, Anthropic says Mythos Preview can identify, reproduce, and in some cases exploit zero-day vulnerabilities when directed to do so. The reported examples include a 27-year-old OpenBSD vulnerability, a 16-year-old FFmpeg vulnerability, FreeBSD remote-code-execution work, and Linux local privilege-escalation chains. Anthropic also says the model found vulnerabilities in major operating systems and web browsers.

The workflow described by Anthropic looks less like a static scanner and more like an agentic security researcher. Researchers run the target project inside an isolated container, give Claude Code with Mythos Preview a broad instruction such as finding a security vulnerability, and let the model inspect code, run the software, add debugging logic, test hypotheses, and produce bug reports with reproduction steps. Anthropic then uses human triage and coordinated vulnerability disclosure before reporting issues to maintainers.

That is technically different from traditional fuzzing, static analysis, or rule-based scanners. Those tools are still important, but they tend to follow predefined strategies or search spaces. A frontier model can read source code semantically, reason about unusual control flow, decide where to inspect next, and combine clues across files. In the best case, that makes it useful for bugs that have survived years of conventional testing.

The strongest claim is also the riskiest one: Anthropic says Mythos Preview can move from finding vulnerabilities to building exploits. That capability is valuable for triage because a working exploit proves severity. It is also dangerous because the same process can accelerate offensive use.

There are caveats. Anthropic has not disclosed the model architecture, parameter count, training data, or full post-training recipe. Many of the most serious vulnerability claims are necessarily incomplete because responsible disclosure is still underway. The technical evidence is strong enough to take seriously, but outsiders cannot independently verify most of the unpublished findings yet.

Why It Matters

Project Glasswing matters because it signals that frontier AI has moved into a new cybersecurity phase. The question is no longer whether AI can help write code or summarise security reports. The question is whether AI systems can materially change the speed at which serious vulnerabilities are found, reproduced, prioritised, patched, and potentially exploited.

For defenders, the upside is obvious. Security teams are overwhelmed by large codebases, legacy systems, dependency chains, and limited human review capacity. If models like Mythos Preview can find real issues in mature software, they could help maintainers harden critical systems before attackers get equivalent tooling.

For open-source maintainers, the project could be especially important. Open-source software sits underneath much of the internet, cloud computing, AI infrastructure, finance, healthcare, and government systems. Yet many maintainers do not have dedicated security teams. Giving them access to high-end AI security tooling could reduce a long-standing imbalance.

For enterprises, this is a warning as much as a product story. If AI compresses the time between vulnerability discovery and exploitation, companies will need faster patching, better asset visibility, stronger software supply-chain controls, and more automated triage.

Is this genuinely new ground? The idea of AI-assisted security is not new. Google, Microsoft, OpenAI, Anthropic, and security vendors have been moving in this direction for years. What feels new is the claimed capability threshold: a general model strong enough that Anthropic decided not to release it publicly and instead built a controlled defensive coalition around it.

The Reaction

The reaction has been a mix of urgency, interest, and scepticism. Security leaders involved in the project framed it as a defensive head start. AWS said it has already tested Claude Mythos Preview on critical codebases. Microsoft described the moment as one where cybersecurity is no longer limited by purely human capacity. Palo Alto Networks warned that attackers may soon be able to find more zero-days and develop exploits faster.

Outside the launch group, coverage has focused on two competing interpretations. One is optimistic: Project Glasswing could become a model for responsible access to powerful dual-use systems, giving defenders time to patch important software before capabilities spread more widely. The other is more sceptical: if a model is powerful enough to be dangerous, limiting access to a small partner circle may not be enough.

That concern grew after reports that unauthorised users may have accessed Claude Mythos Preview through a third-party environment. Anthropic told TechRadar it was investigating a report of unauthorised access through a vendor environment and said it had no evidence access extended beyond that environment.

The healthiest reaction is probably neither panic nor complacency. Project Glasswing is a serious signal that AI-assisted vulnerability discovery is advancing quickly, but the claims still need time, disclosure, and independent validation.

The Caveats and Open Questions

The biggest caveat is verification. Anthropic has published some examples and a detailed red-team account, but more than 99% of the vulnerabilities it says it found were not patched at the time of the technical writeup. That means the public cannot yet inspect most of the evidence.

There is also a disclosure-pressure problem. If models can generate thousands of serious findings, maintainers may be overwhelmed. Human validation helps avoid flooding projects with low-quality reports, but it also creates a bottleneck. Anthropic says expert validators agreed exactly with Claude’s severity assessment in 89% of 198 manually reviewed vulnerability reports, and were within one severity level in 98% of cases. That is promising, but it is not the same as a scalable industry-wide process.

Access control is another open question. Gated access reduces risk, but it does not eliminate it. Powerful models still have to be exposed through APIs, cloud platforms, partner environments, logging systems, identity controls, and human operators. The reported unauthorised-access investigation shows why containment is not only a model-policy question; it is an infrastructure-security question.

There are also ethical and regulatory questions. Who decides which organisations get access? How are vulnerability findings prioritised across public-interest software and commercial systems? What happens if a model finds a critical flaw in infrastructure operated by a government, hospital, bank, or cloud provider? How quickly must findings be disclosed, and to whom?

Finally, the marketing language deserves scrutiny. “Defence first” is the right framing, but the capability itself is dual-use. The same strengths that help defenders can help attackers once similar systems become more available.

What Comes Next

The next milestone is Anthropic’s promised 90-day public report on Project Glasswing. That should show what was fixed, what lessons were learned, and whether the programme produced useful security outcomes beyond impressive demos.

Watch three areas closely: how open-source maintainers handle the volume of AI-discovered findings, whether cloud and security vendors turn Mythos-style workflows into normal security operations, and whether governments push for standards around access to high-risk cyber-capable models.

Project Glasswing may become a template for future frontier-model releases: restricted access first, critical infrastructure partners early, public disclosure later, and broader release only after safeguards improve. The larger trend is clear. Cybersecurity is becoming an AI-speed contest, and defenders are trying to organise before attackers get the same leverage.

Transformer AI helps SMEs navigate the AI landscape without the jargon. If you would like a frank conversation about what AI-driven cybersecurity developments like Project Glasswing could mean for your business, get in touch.