Anthropic’s latest frontier system, the unreleased Claude Mythos model at the heart of Project Glasswing, is powerful enough at writing and breaking code that the company is refusing to open it to the public – instead ring‑fencing it inside a $100 million cybersecurity consortium with some of the world’s biggest tech and finance firms.
From Apple and Google to JPMorgan Chase and the Linux Foundation, partners are being handed early access to a system Anthropic calls a “step change” over its existing Claude models, capable of outscoring almost all human experts at spotting subtle vulnerabilities in critical software.
What Project Glasswing is, and why it exists
Project Glasswing is Anthropic’s answer to a problem it helped create frontier AI models have become so good at reading and writing code that they can now surpass “all but the most skilled humans” at finding and exploiting software vulnerabilities. In a detailed announcement, the company describes Glasswing as an initiative “to secure the world’s most critical software,” built around a single, unreleased system: Claude Mythos Preview, a general‑purpose frontier model trained with an eye toward deeply understanding complex codebases.
On paper, Mythos sits above Anthropic’s commercial Claude Opus models. A leaked internal blog post, later reported by Fortune and other outlets, called it a “Capybara”‑tier system – larger and more intelligent than Opus and “the most capable we’ve built to date,” with “meaningful advances in reasoning, coding, and cybersecurity.” Anthropic engineers say it can perform multi‑step code reasoning and binary analysis at a level that worries them: the same skills that let it harden a system could just as easily be used to tear one open.
Rather than releasing Mythos to paying customers, Anthropic is confining it inside Glasswing and giving access only to vetted partners responsible for “the world’s most critical software,” from cloud platforms and chip vendors to banks and open‑source foundations. The company is underwriting up to $100 million in usage credits plus $4 million in direct funding for open‑source security groups, betting that if defenders can use Mythos first and at scale, they might get a head start in the coming era of AI‑augmented attacks.
Who’s inside Glasswing: an unusually broad coalition
The cast of Project Glasswing reads like a who’s who of the modern tech and finance stack. Anthropic’s own blog lists Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks among the launch partners. A further 40‑plus organizations that “build or maintain critical software infrastructure” – including open‑source maintainers – are getting access under the same umbrella.
Each will plug Mythos into slightly different parts of its stack:
- Cloud providers and OS vendors plan to scan kernels, hypervisors, and key services for subtle bugs.
- Financial institutions like JPMorgan want to stress‑test in‑house trading systems and payment rails.
- Security firms such as CrowdStrike and Palo Alto Networks are exploring Mythos as an automated penetration tester and triage assistant.
- The Linux Foundation will route AI scans into widely used open‑source projects that underpin everything from web servers to database engines.
Jim Zemlin, the Linux Foundation’s CEO, called the project “a credible path to changing the equation” in open‑source security, noting that “open-source software constitutes the vast majority of code in modern systems, including the very systems AI agents use to write new software.” With Mythos’ help, he argues, maintainers who lack corporate‑grade security budgets can finally get systematic, high‑end vulnerability scans.
What Anthropic’s new model can actually do
Anthropic says Mythos wasn’t trained exclusively as a cyber tool; it’s a general‑purpose model with strong performance on reasoning and code. But in Glasswing pilots, those general skills have translated into specific, and sometimes unsettling, capabilities.
According to Anthropic’s description and CyberScoop’s reporting, Mythos can:
- Scan large, mixed codebases (across languages and frameworks) to flag inconsistent authentication checks, unsafe memory handling and logic errors that traditional tools miss.
- Identify previously unknown zero‑day vulnerabilities, including subtle bugs buried in rarely used branches or complex input‑validation chains.
- Support penetration‑testing workflows, reasoning step‑by‑step through potential attack paths and suggesting exploit chains, then proposing patches.
- Perform binary and “black‑box” analysis of compiled applications and networked systems, inferring where flaws likely lurk even without source code.
- Help secure endpoints and infrastructure components by mapping misconfigurations, weak defaults, and unsafe API patterns at scale.
- Integrate with secure development pipelines, acting as an AI reviewer that flags risky code in pull requests and suggests safer patterns before merge.
In internal benchmarks, Mythos has reportedly outperformed earlier Claude models and many human red‑teamers on tasks like finding authentication bypasses, cryptographic misuse, and sandbox escape vectors. It can also generate exploits, a capability Anthropic is trying to confine to defensive settings by tightly controlling who uses the model and how.
That dual use is why Anthropic and outside observers have described Mythos as “too dangerous to release” in its current form. VentureBeat notes that company executives explicitly say they “do not plan to make Mythos Preview available to the general public, citing concerns about the model’s potential misuse” for AI‑augmented cyberattacks.
Why Anthropic is locking Mythos behind Glasswing
Underlying Project Glasswing is a simple, unsettling conclusion: once widely available, a model like Mythos could supercharge both sides of the cybersecurity arms race.
Anthropic’s blog warns that AI systems have reached “a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.” If such a model were cheaply accessible via API, well‑resourced attackers could recruit it as a tireless code auditor and exploit designer — scanning millions of lines of public and proprietary code for bugs, then auto‑weaponizing the results.
Project Glasswing is meant to flip that script by:
- Prioritizing defenders. Partners with real defensive responsibilities get access first, under strict terms; attackers do not.
- Keeping usage private and monitored. Mythos runs in tightly controlled environments, with Anthropic and partners able to audit prompts and outputs for abuse.
- Subsidizing high‑cost scans. The company’s $100 million in credits is meant to ensure cost doesn’t stop organizations from scanning core systems comprehensively.
- Funding public goods. The extra $4 million in donations to open‑source security groups helps maintainers act on the vulnerabilities Mythos finds.
Wired frames Glasswing as an unusual moment of coordination among competitors: Anthropic teaming up with Apple, Google, Microsoft, and others not to chase product features, but to keep their own AI from becoming a security catastrophe.
How Glasswing fits into Anthropic’s broader model roadmap
Glasswing comes on the heels of a steady drumbeat of Anthropic releases. Bloomberg recently reported on Claude Sonnet 4.6, a smaller but highly capable model designed to take complex multi‑step actions on a user’s computer, filling out web forms, coordinating data across tabs and automating workflows. Mythos sits above even Opus and Sonnet in this hierarchy, representing a new internal tier of “Capybara” models that Anthropic says are both more compute‑intensive and more capable.
A leaked AI Daily Brief episode and subsequent coverage by Futurism and the Economic Times quoted an Anthropic spokesperson describing Mythos as “a step change in performance from even Opus,” with expanded context windows, stronger multi‑step reasoning, and significantly better code understanding. Unlike commercial Claude variants, though, Mythos lives almost entirely inside Glasswing, for now, its “product surface” is defensive cybersecurity, not a public chatbot.
Anthropic hints that lessons from Glasswing will eventually filter into safer, more widely available models: better guardrails for code tools, more robust internal red‑teaming and perhaps limited‑capability security assistants that can help developers without enabling full‑spectrum exploit generation. But executives also leave open the possibility that some capabilities will never be exposed directly to the public.
A glimpse of AI’s next frontier – and its risks
Project Glasswing offers an unusually transparent look at what the next generation of AI models can do, even when their weights and APIs remain behind closed doors.
On one hand, it is a hopeful narrative: AI as a “trusted sidekick for every maintainer,” as the Linux Foundation puts it, scouring the world’s code for bugs faster than any human team could, and helping write new software with far fewer security flaws. On the other, it is a tacit admission that the industry has built something it doesn’t fully know how to share safely – a model that could destabilize the internet’s security if casually exposed.
Anthropic calls Glasswing “a starting point” and stresses that no single company can solve the problem, inviting regulators, governments and open‑source communities to treat AI‑augmented defense as a global project. The work of hardening critical infrastructure “might take years,” the company notes, while frontier models will “advance substantially over just the next few months.”
Inside that gap – between how fast AI is moving and how slowly institutions change – lies the real story of Project Glasswing and Claude Mythos. The model is a preview of what AI systems will soon be able to do on ordinary developer laptops and enterprise servers. The choice Anthropic is making now is to keep that power close, at least long enough to see whether defenders can learn to wield it before attackers inevitably catch up.
