Anthropic has launched Project Glasswing, a cross-industry cybersecurity alliance built around an unreleased AI model that can find and exploit software vulnerabilities better than most human security experts. The model, called Claude Mythos Preview, according to the AI startup, has already discovered thousands of zero-day vulnerabilities in “every major operating system and web browser,” including bugs that survived decades of human review and millions of automated security tests.
The project initiative, announced April 7, unites twelve major leaders in the AI race, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
Anthropic said that over 40 additional organisations building critical infrastructure have received access to the model. Anthropic added that it is putting $100 million in usage credits behind the effort and donating $4 million directly to open-source security organisations.
The company made clear it won't release Mythos Preview publicly. Instead, participating organisations will use it exclusively for defensive security work while the industry prepares for what multiple security chiefs described as a fundamental shift in cybersecurity.
Here are seven (7) details to know about the Anthropics’ Claude Mythos Preview:
1. It Found a 27-Year-Old Vulnerability in One of the World's Most Secure Operating Systems
Mythos Preview discovered a critical flaw in OpenBSD that had existed since 1999. OpenBSD has a reputation as one of the most security-hardened operating systems in the world and runs firewalls and other critical infrastructure.
The vulnerability allowed an attacker to remotely crash any machine running the operating system just by connecting to it. The model identified this flaw entirely on its own without any human steering.
2. It Caught a Bug That Automated Tools Missed 5 Million Times
The model uncovered a 16-year-old vulnerability in FFmpeg, software that countless applications use to encode and decode video. The flaw lived in a single line of code that automated testing tools had hit five million times without ever catching the problem.
Anthropic reported this vulnerability to the FFmpeg maintainers, and it has been patched.
Damilare Odedina
3. It Can Chain Multiple Vulnerabilities Together Autonomously
Mythos Preview went beyond finding individual flaws. The model autonomously chained together several vulnerabilities in the Linux kernel to create sophisticated exploit chains. These exploits escalated from ordinary user access to complete control of the machine.
Each vulnerability in the chain would be useless on its own, but the model figured out how to combine three, four, or sometimes five vulnerabilities in sequence to achieve what researchers called "very sophisticated end outcomes."
4. It Scored 83.1% on Cybersecurity Benchmarks Compared to 66.6% for the Previous Model
On the CyberGym benchmark for vulnerability reproduction, Mythos Preview hit 83.1%, while Claude Opus 4.6 scored 66.6%. The model also achieved 77.8% on SWE-bench Pro versus 53.4% for Opus 4.6 and reached 93.9% on SWE-bench Verified compared to 80.8%.
Anthony Grieco, Cisco's Chief Security Officer, said the capabilities "fundamentally change the urgency required to protect critical infrastructure from cyber threats, and there is no going back."
5. It Helped One Researcher Find More Bugs in Weeks Than in Their Entire Career
Lee Klarich, Chief Product & Technology Officer at Palo Alto Networks, said the company used Mythos Preview to, "identify complex vulnerabilities that prior-generation models missed entirely." Nicholas Carlini, Research Scientist at Anthropic, working with the model, said he "found more bugs in the last couple of weeks than I found in the rest of my life combined."
Microsoft confirmed that when tested against their CTI-REALM security benchmark, Mythos Preview showed substantial improvements over previous models.
6. It Won't Be Released to the Public
Anthropic stated clearly they do not plan to make Claude Mythos Preview generally available. The company cited the potential for misuse given the model's ability to surpass all but the most skilled humans at finding and exploiting software vulnerabilities.
Project Glasswing partners and approved participants can access the model through the Claude API, Amazon Bedrock, Google Cloud's Vertex AI, and Microsoft Foundry. After the $100 million in committed usage credits runs out, pricing will be $25 per million input tokens and $125 per million output tokens.
7. It Discovered Vulnerabilities in Every Major Operating System and Browser
Over the past few weeks, Mythos Preview identified thousands of zero-day vulnerabilities in every major operating system and every major web browser, along with other important software. Zero-day vulnerabilities are flaws that were previously unknown to the software's developers.
Anthropic has reported these vulnerabilities to the relevant maintainers. Many have already been patched. For vulnerabilities that remain unfixed, the company provided cryptographic hashes of the details today and will reveal the specifics only after fixes are in place.
Ogbonda Chivumnovu
