Anthropic announced Project Glasswing on April 18, 2026, a coordinated industry initiative deploying its unreleased Claude Mythos Preview model for defensive cybersecurity. The coalition includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic is committing $100M in usage credits and $4M in direct donations to open-source security organizations.
What Mythos Preview Found
Over the past several weeks, Anthropic’s Frontier Red Team used Mythos Preview to scan critical open-source codebases. The model autonomously identified thousands of zero-day vulnerabilities across every major operating system and every major web browser. Three disclosed examples illustrate the scope:
A 27-year-old vulnerability in OpenBSD, one of the most security-hardened operating systems in production use for firewalls and critical infrastructure, allowed an attacker to remotely crash any machine just by connecting to it. A 16-year-old vulnerability in FFmpeg, the video encoding library embedded in countless applications, sat in a line of code that automated testing tools had hit five million times without catching the problem. And the model autonomously found and chained multiple Linux kernel vulnerabilities to escalate from ordinary user access to complete machine control.
All three have been patched. Anthropic says over 99% of discovered vulnerabilities remain unpatched, with cryptographic hashes published as proof of discovery while fixes are developed through coordinated disclosure.
The Capability Jump
According to Anthropic’s Red Team blog, Mythos Preview represents a sharp discontinuity from the previous generation. On CyberGym vulnerability reproduction benchmarks, Mythos Preview scores 83.1% versus Claude Opus 4.6’s 66.6%.
The gap is more dramatic in exploit development. Opus 4.6 had a “near-0% success rate at autonomous exploit development,” according to Anthropic’s internal evaluations. When both models were tasked with turning known Firefox 147 JavaScript engine vulnerabilities into working exploits, Opus 4.6 succeeded twice out of several hundred attempts. Mythos Preview developed working exploits 181 times and achieved register control on 29 more.
On Anthropic’s internal OSS-Fuzz benchmark covering roughly 7,000 entry points across a thousand repositories, Mythos Preview achieved full control flow hijack (tier 5, the highest severity) on ten separate, fully patched targets. Opus 4.6 and Sonnet 4.6 each managed a single tier 3 crash.
Anthropic says these capabilities were not explicitly trained. They emerged as a downstream consequence of general improvements in code reasoning and autonomy.
Partner Reactions
Cisco’s statement called it a “profound shift” and said “the old ways of hardening systems are no longer sufficient.” CrowdStrike CEO George Kurtz framed the urgency differently: “The window between a vulnerability being discovered and being exploited by an adversary has collapsed. What once took months now happens in minutes with AI.”
AWS noted it already analyzes over 400 trillion network flows daily for threats and has been testing Mythos Preview against critical codebases. Microsoft’s EVP of Cybersecurity Igor Tsyganskiy said the model showed “substantial improvements” when tested against CTI-REALM, Microsoft’s open-source security benchmark.
The Linux Foundation’s Jim Zemlin highlighted the structural inequality: “Security expertise has been a luxury reserved for organizations with large security teams. Open source maintainers, whose software underpins much of the world’s critical infrastructure, have historically been left to figure out security on their own.”
The Offensive Risk
Anthropic is explicit about why this requires a coordinated response rather than a standard product launch. The same improvements that make Mythos Preview effective at finding and patching vulnerabilities make it effective at exploiting them. Non-experts at Anthropic with no formal security training asked the model to find remote code execution vulnerabilities overnight and woke up to complete, working exploits.
The model wrote a browser exploit that chained four vulnerabilities together, including a JIT heap spray that escaped both renderer and OS sandboxes. It autonomously built a FreeBSD NFS server exploit that granted full root access to unauthenticated users by splitting a 20-gadget ROP chain across multiple packets.
Anthropic’s position: frontier AI developers, software companies, security researchers, open-source maintainers, and governments all need to act before similar capabilities proliferate to actors who won’t deploy them defensively. “The work of defending the world’s cyber infrastructure might take years,” the announcement states. “Frontier AI capabilities are likely to advance substantially over just the next few months.”
Beyond the Initial Coalition
Beyond the 11 named partners, over 40 additional organizations that build or maintain critical software infrastructure have been given access to Mythos Preview for scanning and securing both proprietary and open-source systems. The $100M credit commitment is distributed across all participants.
This is not Mythos Preview’s first public appearance. Earlier this month, Reuters reported the White House was preparing to extend access to U.S. federal agencies, and Bloomberg published an investigation into Anthropic’s internal safety warnings about the model’s infrastructure hacking capabilities. Project Glasswing is Anthropic’s attempt to control the rollout by putting defenders first.