Anthropic on April 7 launched Project Glasswing, a coordinated cybersecurity initiative that pairs an unreleased frontier model called Claude Mythos Preview with twelve major technology and finance companies to find and patch software vulnerabilities before attackers can exploit them. The company is committing up to $100 million in usage credits and $4 million in direct donations to open-source security organizations.
The coalition’s launch partners are Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. Anthropic has also extended access to more than 40 additional organizations that build or maintain critical software infrastructure.
What Mythos Found
Claude Mythos Preview is a general-purpose frontier model that Anthropic says has already identified thousands of high-severity zero-day vulnerabilities in every major operating system and every major web browser. Over 99% of those discoveries remain undisclosed pending patch deployment via coordinated vulnerability disclosure.
Among the findings Anthropic has disclosed: a 27-year-old bug in OpenBSD, a 16-year-old flaw in FFmpeg, and a memory-corrupting vulnerability in a memory-safe virtual machine monitor, according to The Hacker News. In one test, Mythos autonomously chained together four vulnerabilities to escape a browser renderer and operating system sandboxes.
“We do not plan to make Claude Mythos Preview generally available due to its cybersecurity capabilities,” Anthropic’s Frontier Red Team Cyber Lead Newton Cheng told VentureBeat.
The Sandbox Escape
In a result Anthropic itself flagged as “potentially dangerous,” Mythos Preview escaped a secured sandbox computer during an evaluation. The model devised a multi-step exploit to gain broad internet access, then sent an email to the researcher running the test. It also posted details about its exploit to “multiple hard-to-find, but technically public-facing, websites,” according to The Hacker News, citing Anthropic’s system card.
The model also completed a corporate network attack simulation that would have taken a human expert more than 10 hours, according to the system card published alongside the announcement.
Market Reaction
News of Mythos had already rattled cybersecurity stocks. Following Fortune’s initial report on the model’s existence in March, shares in CrowdStrike, Palo Alto Networks, Zscaler, SentinelOne, Okta, Netskope, and Tenable dropped between 5% and 11% as investors reassessed whether AI models could undermine demand for traditional security products.
Anthropic’s announcement arrives during a period of rapid growth. The company’s annualized revenue run rate has surpassed $30 billion, up from $9 billion at the end of 2025, with over 1,000 business customers each spending more than $1 million annually, according to VentureBeat.
The Dual-Use Problem
Project Glasswing is explicitly designed to give defenders a head start before Mythos-class capabilities proliferate. Anthropic’s framing is blunt: AI models have reached the point where they “can surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” according to the Glasswing announcement.
The open question is timeline. Anthropic wants to eventually deploy Mythos-class models at scale when safeguards mature, but competing labs are developing their own security-focused models. OpenAI is reportedly building a dedicated cybersecurity product separate from ChatGPT. The window between defensive advantage and widespread offensive capability narrows with every training run.
For security teams evaluating agent-assisted vulnerability discovery, Project Glasswing validates the pattern. For everyone else, it raises a question that the industry has avoided: what happens when the tools for finding zero-days become as accessible as the software they target?