There is a new kind of benchmark that nobody in the industry wants to top. It goes something like this: how many previously undiscovered critical vulnerabilities can your model find, autonomously, in a week? For Anthropic’s newest and still-unreleased frontier model, Claude Mythos Preview, the answer is in the thousands — spread across every major operating system and every major web browser currently running on earth. That is not a benchmark result. That is a security emergency. And to their credit, Anthropic has decided to treat it as exactly that.

Project Glasswing, announced today, is Anthropic’s attempt to front-run a future that its own technology is accelerating toward. The coalition it has assembled reads like a who’s who of the global technology stack: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks are all launch partners. The mandate is blunt — use Claude Mythos Preview for defensive security work, patch what can be patched, and share what is learned before the offensive capabilities proliferate to actors with no such intentions.

What Mythos Preview Actually Found

The specifics Anthropic has disclosed make the abstract concrete. Mythos Preview located a vulnerability in OpenBSD — a system with a near-legendary hardening reputation, used to run critical infrastructure worldwide — that had been sitting undetected for 27 years. The flaw allowed any remote attacker to crash a machine simply by connecting to it. The model found it without human guidance.

It also found a 16-year-old bug in FFmpeg, the ubiquitous multimedia encoding library embedded in an almost incalculable number of software products. Automated testing tools had executed the relevant line of code five million times without catching it. Mythos Preview caught it. Then, for good measure, it independently chained together several Linux kernel vulnerabilities to construct a privilege escalation exploit — taking an ordinary user session to full machine control.

All reported vulnerabilities have been patched. For the broader set not yet ready for disclosure, Anthropic has published cryptographic hashes of the details as a timestamped record of prior discovery — a responsible disclosure practice worth noting as the industry grapples with how AI-speed vuln research should work.

NetAlly CyberScope Air Wi-Fi Edge Network Vulnerability Scanner (Wireless Only Version). Validate Edge Infrastructure Hardening, Hunt Down Rogue Devices, Investigate Suspect RF Interference

Portable, handheld form factor – Take it anywhere for on-site security testing. This field-ready tool gives you visibility…

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

The Benchmark Gap That Should Alarm Everyone

Anthropic has released evaluation data comparing Mythos Preview to Claude Opus 4.6, currently its highest-tier public model. The gaps are not incremental.

These numbers matter not just as proof of capability but as a calibration for urgency. When your best publicly available model already scores above 66% on CyberGym, and your unreleased frontier model clears 83%, the delta between “today’s threat landscape” and “six months from now” is not the comfortable gradient many security teams have been budgeting for.

The AI Cybersecurity Handbook

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

The Dual-Use Problem, Addressed Head-On

The central tension of Project Glasswing is one that Anthropic states plainly rather than papers over: the same capabilities that make Mythos Preview invaluable for finding and fixing flaws make it extraordinarily dangerous in adversarial hands. Anthropic notes, with notable directness, that “it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely.”

The window between vulnerability discovery and active exploit, CrowdStrike CTO Elia Zaitsev observed in Anthropic’s announcement, has already collapsed — from months to minutes with current-generation AI. What Mythos Preview represents is the compression of that window to near-zero, for vulnerabilities that previously required rare, expensive human expertise even to recognize as exploitable.

The strategic bet Anthropic is making is that the correct response to this reality is not to delay release indefinitely but to mobilize defenders immediately, under controlled conditions, before offensive proliferation makes the advantage irreversible. It is a coherent position. Whether it proves to be the right one is a question only history will answer.

The Open Source Dimension

One of the most consequential elements of Project Glasswing is its explicit focus on open source infrastructure. The Linux Foundation’s Jim Zemlin framed this clearly: open source maintainers, whose code underpins the vast majority of the world’s systems — including the very systems AI agents are now using to write new software — have historically been left to manage security with little institutional support.

The implications of this are larger than they first appear. The AI coding boom is generating enormous volumes of new software, much of it built on open source foundations that were never designed to absorb this scale of downstream dependency. If Mythos-class models can proactively audit and harden that foundation, the compounding security value is significant. If they cannot, or are not deployed to do so, the compounding vulnerability surface is worse.

Security Patch Management

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What This Means for the Industry

Project Glasswing is not a product launch. It is closer to a declaration of emergency, dressed in the language of a coalition announcement. Anthropic is committing $100M in usage credits, partnering with the companies that collectively run a substantial portion of the world’s digital infrastructure, and publicly acknowledging that the model it has built represents a qualitative shift in what is possible for both attackers and defenders.

For enterprise security teams, the signal is unambiguous: the threat model has changed. Palo Alto Networks CPTO Lee Klarich put it in terms that translate directly to board-level conversations — more attacks, faster attacks, more sophisticated attacks, accelerating on a timeline tied to AI capability curves, not traditional exploit-kit economics.

For AI developers and policymakers, Glasswing functions as a template, or at least an argument, for how dual-use capability disclosures might be managed going forward. Rather than treating offensive AI capability as a liability to be minimised in communications, Anthropic has chosen to characterise it as a resource to be mobilised — under governance structures, with transparency commitments, and with a 90-day reporting timeline. That framing will be scrutinised as closely as the technical results.

On the Model Itself

Claude Mythos Preview will not be made generally available. Anthropic has been explicit about this. Access is limited to Project Glasswing partners and approved organisations working on critical infrastructure. Pricing for continued access beyond the initial credits — $25 per million input tokens, $125 per million output tokens — positions it firmly in the enterprise security budget, not the general API catalogue.

The company plans to use the Glasswing deployment as a learning environment for developing cybersecurity safeguards that will eventually accompany a future Claude Opus release. The logic is that by running Mythos Preview in controlled defensive contexts, with real-world operational feedback, Anthropic can develop guardrails robust enough for broader deployment — without the risk profile that general access to a model of this capability would carry.

It is worth noting that Mythos Preview’s benchmark performance is not limited to security tasks. Its scores on SWE-bench Verified (93.9%), Terminal-Bench 2.0 (82%), and Humanity’s Last Exam with tools (64.7%) place it at the top of publicly documented agentic coding benchmarks. The cybersecurity capability is downstream of a general-purpose reasoning and coding architecture that, in other contexts, would simply be marketed as a state-of-the-art frontier model. That is precisely what makes the dual-use question non-trivial.

The Bottom Line

Project Glasswing is, at its core, a race condition framed as a coalition. Anthropic has built something that can find the vulnerabilities embedded in the world’s most critical software faster and more comprehensively than any team of human researchers. Other actors — some with far fewer constraints on how they deploy such capability — are developing equivalent systems. The question Glasswing poses is whether the defensive deployment can outrun the offensive one.

The partners assembled, the capital committed, and the transparency framing adopted all suggest Anthropic understands the stakes. Whether the rest of the industry — and the governments that ultimately bear responsibility for critical infrastructure — moves with sufficient urgency is the open question. The Glasswing butterfly, as Anthropic’s footnote explains, hides in plain sight. For the past several decades, so have the vulnerabilities Mythos Preview is now exposing. That particular hiding place no longer exists.