Anthropic Launches Project Glasswing With Claude Mythos, the Model It Won’t Release

Anthropic announced Project Glasswing on April 7, 2026 — a coordinated effort to deploy its most powerful, unreleased frontier model, Claude Mythos Preview, against the world’s most critical software vulnerabilities. The catch: Anthropic has decided the model is too dangerous to release publicly, and is instead handing controlled access to a coalition of twelve launch partners and more than 40 additional infrastructure organizations.

Intermediate

A Model Too Dangerous to Ship

Claude Mythos Preview is a general-purpose frontier model that, in Anthropic’s words, demonstrates that “AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.” Rather than make the model generally available, Anthropic is restricting it to defenders working on critical infrastructure — the first time the company has chosen this kind of asymmetric release for one of its frontier systems.

The launch coalition includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic is committing up to $100 million in usage credits to participants and an additional $4 million in direct donations to open-source security organizations.

What Mythos Preview Actually Found

In just a few weeks of internal testing, Mythos Preview surfaced thousands of zero-day vulnerabilities across every major operating system and web browser. The standout findings give a sense of the model’s reach:

• A 27-year-old vulnerability in OpenBSD‘s SACK implementation, exploitable via a signed integer overflow to crash machines remotely. Discovery cost: under $20,000 across roughly 1,000 runs.
• A 16-year-old FFmpeg flaw in the H.264 codec involving a slice counter colliding with a sentinel value — undetected by automated fuzzers despite five million test hits.
• A 17-year-old FreeBSD NFS vulnerability enabling unauthenticated remote root access.
• Multi-step Linux kernel exploit chains combining KASLR bypasses with privilege escalation primitives, with the model autonomously assembling complete control-flow hijack chains for under $2,000 each.

On the CyberGym vulnerability-reproduction benchmark, Mythos Preview scored 83.1% versus Claude Opus 4.6’s 66.6%. On the OSS-Fuzz corpus of 7,000 entry points, it achieved full control-flow hijack on ten separate, fully patched targets — predecessor models managed zero. In Firefox testing, Mythos Preview developed 181 working exploits and gained register control on 29 more targets, compared to just two successes for Opus 4.6 across hundreds of attempts.

The Glasswing Bet

The structural argument behind Project Glasswing is simple and uncomfortable: if Mythos-class models can find these vulnerabilities, then within months attackers operating their own frontier systems will too. Anthropic’s bet is that getting the model into defenders’ hands first — and using its $100M credit pool to subsidize patch-and-disclose work across the OSS supply chain — buys time before equivalent capabilities become widely accessible.

Human penetration testers reviewing the model’s findings reported 89% exact agreement with Anthropic’s severity assessments and 98% agreement within one severity level. Several validators noted that exploits taking the model hours to produce would have required weeks of expert human effort.

Project Glasswing also departs from Anthropic’s usual release philosophy in a more pointed way. The company spent much of 2025 publicly committing to broad model availability; the Mythos Preview decision is the clearest signal yet that the frontier-cyber capability gap is now wide enough that broad release is, at least for this class of model, off the table.

Related Coverage

• Anthropic Drops Flagship Safety Pledge Amid Competitive and Government Pressure — context on Anthropic’s evolving release philosophy in early 2026.
• Anthropic Discovers Functional Emotions Inside Claude — recent interpretability work from Anthropic’s research arm.
• Anthropic Launches Claude Managed Agents for Scalable AI Deployment — Anthropic’s other major April 2026 launch.

Sources

• Project Glasswing: Securing critical software for the AI era — Anthropic
• Claude Mythos Preview — Anthropic Frontier Red Team
• Anthropic is giving some firms early access to Claude Mythos to bolster cybersecurity defenses — Fortune
• Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems — The Hacker News
• Anthropic says its most powerful AI cyber model is too dangerous to release publicly — VentureBeat
• Tech giants launch AI-powered Project Glasswing — CyberScoop
• Anthropic’s Project Glasswing — Simon Willison