For years, we’ve debated what AI would eventually mean for cybersecurity. With Anthropic’s announcement of Claude Mythos Preview and the launch of Project Glasswing, that debate is largely over. The shift from theoretical to practical has arrived, not because AI suddenly became smarter overnight, but because the latest models can now find and exploit software vulnerabilities at a level that matches or beats most human security experts. That changes the timeline for defenders.
As security leaders, we need to calibrate and prepare for this new reality.
What Is Project Glasswing?
Project Glasswing is a coordinated defensive initiative launched by Anthropic on April 8, 2026. It brings together twelve founding partners: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic itself.
The initiative was formed around a single, urgent recognition: Anthropic had developed a model whose cybersecurity capabilities were strong enough that releasing it broadly without safeguards could cause serious harm. Rather than hold the model back entirely, Anthropic chose a third path: deploy it defensively, at scale, under structured conditions, before offensive actors develop equivalent capabilities.
Access is currently restricted to the launch partners listed above, plus a group of over 40 additional organizations that build or maintain critical software infrastructure, so they can use the model to scan and secure both first-party and open-source systems. Anthropic is backing this with real resources: $100M in usage credits for Mythos Preview across these efforts, as well as $4M in direct donations to open-source security organizations, including $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5M to the Apache Software Foundation.
What Is Claude Mythos Preview?
Claude Mythos Preview is a general-purpose, unreleased frontier model. Anthropic’s own assessment is direct: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.
To understand what that means in practice, it helps to look at the benchmarks. Mythos Preview achieved 93.9% on SWE-bench Verified, compared to 80.8% for Opus 4.6, Anthropic’s prior flagship model. SWE-bench Verified tests how well AI models can solve real, complex software engineering problems drawn from actual GitHub repositories. It is not a toy benchmark. A jump from 80% to 93% on that kind of test represents a meaningful improvement in the model’s ability to read, reason about, and manipulate code.
On cybersecurity-specific tests, the gap is even wider. On CyberGym, a benchmark for cybersecurity vulnerability reproduction, Mythos Preview scored 83.1% compared to Opus 4.6’s 66.6%. The model also scored 94.6% on GPQA Diamond, a graduate-level science reasoning benchmark, and 64.7% on Humanity’s Last Exam when given access to tools. These are not incremental improvements. They signal a model operating at a fundamentally different level.
Anthropic does not plan to make Claude Mythos Preview generally available. The eventual goal is to enable users to safely deploy Mythos-class models at scale, but doing so requires developing cybersecurity safeguards that detect and block the model’s most dangerous outputs. Anthropic plans to launch new safeguards with an upcoming Claude Opus model, allowing those to be refined before wider deployment of Mythos-level capabilities. Security professionals whose legitimate work is affected by these safeguards will be able to apply to an upcoming Cyber Verification Program.
What the Model Has Already Found
This is where the practical implications become concrete.
Over the past few weeks before the announcement, Anthropic used Claude Mythos Preview to identify thousands of zero-day vulnerabilities, many of them critical, in every major operating system and every major web browser, along with a range of other important software. Technical details for a subset of patched vulnerabilities are documented on Anthropic’s Frontier Red Team blog.
Three specific examples are worth examining closely, because they illustrate what makes this different from previous AI security tools.
OpenBSD – Mythos Preview found a 27-year-old vulnerability in OpenBSD, which has a reputation as one of the most security-hardened operating systems in the world and is used to run firewalls and other critical infrastructure. The vulnerability allowed an attacker to remotely crash any machine running the operating system just by connecting to it. Twenty-seven years. That means this flaw survived the entire modern history of the internet, through countless security audits.
FFmpeg – It also discovered a 16-year-old vulnerability in FFmpeg, software used by countless applications to encode and decode video, in a line of code that automated testing tools had hit five million times without ever catching the problem. Five million automated test runs. The flaw was invisible to every tool designed to find it.
Linux kernel – The model autonomously found and chained together several vulnerabilities in the Linux kernel to allow an attacker to escalate from ordinary user access to complete control of the machine. Chaining vulnerabilities this way is a hallmark of sophisticated human attackers. Mythos Preview did it autonomously.
All of these vulnerabilities have been reported to the maintainers of the relevant software and have now been patched. For many others, Anthropic has committed to public disclosure after fixes are in place.
The partner organizations using the model are seeing similar results. CrowdStrike’s CTO Elia Zaitsev noted that “the window between a vulnerability being discovered and being exploited by an adversary has collapsed. What once took months now happens in minutes with AI.”
Palo Alto Networks’ Chief Product and Technology Officer Lee Klarich stated: “Over the past few weeks, we’ve had access to the Claude Mythos Preview model, using it to identify complex vulnerabilities that prior-generation models missed entirely.”
Microsoft tested Mythos Preview against CTI-REALM, their open-source security benchmark, and reported substantial improvements compared to previous models.
Why This Matters for Security Teams
The most important change here is the compression of the discovery-to-exploitation timeline.
Historically, there has been a meaningful gap between when a vulnerability exists, when someone discovers it, and when attackers exploit it. That gap has given defenders room to prioritize, patch, and mitigate. Days, sometimes weeks, sometimes months. But that gap is closing.
Many software flaws go unnoticed for years because finding and exploiting them requires expertise held by only a few skilled security experts. With the latest frontier AI models, the cost, effort, and level of expertise required to find and exploit software vulnerabilities have all dropped dramatically. Anthropic’s research over the past year documents how AI models have become increasingly effective at spotting vulnerabilities and working out ways to exploit them.
The implication for legacy systems is significant. Organizations typically carry large inventories of known vulnerabilities they’ve accepted as low-priority exceptions. The calculation behind those exceptions, that exploitation requires rare expertise and significant attacker investment, is no longer reliable. A model running autonomously can work through that backlog far faster than any human team.
There’s also a supply chain dimension. Open source software constitutes the vast majority of code in modern systems. Open source maintainers have historically operated without dedicated security teams. Project Glasswing explicitly targets this gap. As Jim Zemlin, CEO of the Linux Foundation, put it: “In the past, security expertise has been a luxury reserved for organizations with large security teams. Open source maintainers have historically been left to figure out security on their own.” Project Glasswing gives those maintainers access to a tool that changes that equation. As consumers of open-source software, enterprises benefit directly when that ecosystem gets stronger.
The global cost of cybercrime is estimated at around $500B per year. We have already seen the consequences of major attacks across healthcare systems, energy infrastructure, and government agencies. The capabilities described here raise the stakes on all of those fronts.
What the Partner Coalition Tells Us
The composition of Project Glasswing is not accidental and is worth reading carefully.
AWS, Google, and Microsoft are all participating. That means three of the largest cloud providers, which together run much of the world’s shared infrastructure, are collectively scanning their systems with this model. JPMorganChase represents the financial sector. The Linux Foundation represents the open-source ecosystem that underpins almost every enterprise stack. CrowdStrike and Palo Alto Networks represent the security vendor community.
This is not a marketing consortium. As Cisco’s SVP and Chief Security and Trust Officer Anthony Grieco put it: “AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back.” When organizations with competing commercial interests align around a shared defensive effort, it signals that the threat model has shifted in a way that makes competition secondary.
AWS CISO Amy Herzog noted: “At AWS, we build defenses before threats emerge, from our custom silicon up through the technology stack. Security isn’t a phase for us; it’s continuous and embedded in everything we do.”
Anthropic has also been in ongoing discussions with US government officials about Claude Mythos Preview and its offensive and defensive cyber capabilities. Governments play a fundamental role in assessing and mitigating national security risks associated with AI models.
Where Security Leaders Should Focus
In moments like this, a lot of organizations look for a new tool to buy. A better approach is to examine your operating model.
Security programs built around periodic assessment and human-speed response will feel increasing strain. The direction to move toward is continuous validation, where systems are being tested, monitored, and hardened on an ongoing basis that can absorb faster discovery cycles. While this is not a new idea, now the pressure to get there is immediate, rather than theoretical.
Three practical priorities follow from this.
First, assume vulnerability discovery will accelerate whether you want it to or not. Attackers will eventually access capabilities comparable to what is described here. That means investing in faster validation pipelines, tighter feedback loops between development and security, and clearer prioritization frameworks. Speed of response matters more when the window between discovery and exploitation is shrinking.
Second, your pipeline flexibility matters more than it did before. Organizations that will benefit earliest from models like Mythos Preview are the ones that can integrate new tools into existing workflows quickly, without re-engineering their entire stack. If routing specific tasks, like deep code analysis and vulnerability discovery, to the most capable model available requires months of infrastructure work, you will consistently be slower than you need to be.
Third, take a hard look at your legacy vulnerability backlog. The exceptions you’ve accepted as low-risk based on exploitation difficulty need to be reconsidered. Some of those exceptions were justified by the assumption that finding and exploiting the vulnerability required rare human expertise. That assumption is weakening. Thousands of exceptions may not be viable any longer.
A Note on Openness
One aspect of Project Glasswing that deserves attention is Anthropic’s commitment to sharing what they learn. Within 90 days, Anthropic will report publicly on what they’ve learned, as well as the vulnerabilities fixed and improvements made that can be disclosed. They will also collaborate with leading security organizations to produce practical recommendations for how security practices should evolve in the AI era, covering topics including vulnerability disclosure processes, software development lifecycle practices, patching automation, and triage scaling.
The full Claude Mythos Preview system card is publicly available and covers the model’s capabilities, safety properties, and general characteristics in detail.
For CISOs, this means there will be public guidance emerging from this initiative that your teams should track. It also sets a precedent worth watching: a major AI developer choosing to share offensive capability findings with the broader defensive community rather than treating them as proprietary advantage.
The Bottom Line
Project Glasswing is an early attempt to respond collectively to a capability shift, before that capability becomes widely accessible to actors who won’t use it defensively. The vulnerabilities found so far were decades old and survived millions of automated tests. The window for defenders to act ahead of attackers is real but not permanent.
For security leaders, assume faster discovery, assume faster exploitation, and assume less margin for delay. Review your legacy exception backlog with fresh eyes. Assess whether your validation processes can operate at machine speed. And track what comes out of this initiative over the next 90 days, because the practical guidance that follows will matter.
We’re no longer preparing for AI in security, we’re already operating in it. The defining factor will be whether our defenses can keep up with the speed of discovery and exploitation.
