Anthropic launched Project Glasswing, aimed at protecting global software infrastructure from AI-driven cyber threats. The initiative coincides with the introduction of Claude Mythos Preview, an unreleased AI model designed to identify and exploit software vulnerabilities.
During testing, Claude Mythos Preview autonomously found thousands of high-severity, “zero-day” vulnerabilities across major operating systems and web browsers. Notable vulnerabilities included a 27-year-old flaw in OpenBSD allowing remote crashes, a 16-year-old flaw in FFmpeg that evaded five million automated tests, and multiple vulnerabilities in the Linux Kernel that provided full system control from ordinary user access. All discovered vulnerabilities have been reported to developers and subsequently patched.
To leverage the model’s capabilities for defensive purposes, Anthropic formed the Glasswing Coalition, inviting technology leaders such as Amazon Web Services, Apple, Google, Microsoft, NVIDIA, Broadcom, Cisco, CrowdStrike, Palo Alto Networks, JPMorganChase, and the Linux Foundation as founding partners. Anthropic will allocate $100 million in usage credits for Mythos Preview to these partners and 40 additional organizations involved in critical infrastructure management. Additionally, the company plans to donate $4 million to open-source security organizations, including the Apache Software Foundation and OpenSSF.
| Benchmark | Claude Mythos Preview | Claude Opus 4.6 |
| CyberGym (Vulnerability Repro) | 83.1% | 66.6% |
| SWE-bench Verified (Coding) | 93.9% | 80.8% |
| GPQA Diamond (Reasoning) | 94.6% | 91.3% |
Internal evaluations indicate that Mythos Preview significantly outperforms previous models in key benchmarks, scoring 83.1% in CyberGym for vulnerability reproduction and 93.9% in SWE-bench Verified for coding accuracy. Pricing for partners using the model will be $25 per million input tokens and $125 per million output tokens through platforms such as AWS Bedrock and Google Cloud’s Vertex AI.
Anthropic announced it will restrict public access to Claude Mythos Preview, limiting its usage to defensive security functions like penetration testing and binary testing. The initiative includes an obligation to report public findings and improvements within 90 days. Furthermore, Anthropic is in discussions with the U.S. government regarding the national security implications of the model.
“The window between a vulnerability being discovered and being exploited has collapsed,” said Elia Zaitsev, CTO of CrowdStrike. “That is not a reason to slow down; it’s a reason to move together, faster.”
