Project Glasswing: Anthropic's Most Dangerous AI Model Is Here - And It's Hunting Vulnerabilities

The Most Important AI Announcement of 2026

On April 7, 2026, Anthropic did something unusual for a company known for careful, measured communication: it sounded an alarm.

Not in a press release. Not in a carefully worded blog post. In the actual structure of what it announced.

Project Glasswing — a coalition of twelve of the world's most powerful technology and cybersecurity companies, assembled in urgency around a single AI model that Anthropic describes as capable of surpassing all but the most skilled humans at finding and exploiting software vulnerabilities — is not a product launch. It is a coordinated defensive mobilization.

The model at the center of it, Claude Mythos Preview, has already found thousands of previously unknown security vulnerabilities in every major operating system and every major web browser. Some of those vulnerabilities had been hiding in critical infrastructure for nearly three decades, surviving millions of automated security tests and years of expert human review.

Anthropic is not releasing Mythos to the public. It has privately warned US government officials that this model makes large-scale cyberattacks significantly more likely in 2026. And it is spending $100 million to put the model in the hands of defenders before attackers figure out how to build something similar.

This is what AI at the cybersecurity frontier looks like in April 2026.

Cinematic data center at night representing Project Glasswing — Anthropic's AI cybersecurity initiative to secure critical software infrastructure

What Is Project Glasswing?

Project Glasswing is a coordinated cybersecurity initiative formed by Anthropic to deploy Claude Mythos Preview — its most advanced and most dangerous AI model — exclusively for defensive security purposes, before the capabilities it represents become widely available to malicious actors.

The name comes from the glasswing butterfly (Greta oto), chosen for two reasons: its transparent wings let it hide in plain sight — like the software vulnerabilities Mythos is hunting — and they allow it to evade harm, like the transparency Anthropic is advocating in its approach to releasing this technology.

The twelve founding partners are: Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.

Beyond the founding twelve, over 40 additional organizations that build or maintain critical software infrastructure have been granted access to use Mythos Preview to scan and secure both first-party and open-source systems.

Anthropic is committing up to $100 million in model usage credits across these efforts, and has separately donated $4 million to open-source security organizations — $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5M to the Apache Software Foundation.

Twelve chess pieces in circle representing the twelve founding partners of Project Glasswing cybersecurity coalition

Claude Mythos Preview — What It Actually Does

Claude Mythos Preview is not a cybersecurity-specific model. That is what makes it so significant.

It is a general-purpose frontier model — the same type of model that powers Claude for everyday tasks like writing, coding, and analysis. Its cybersecurity capabilities are a byproduct of its extraordinary general coding and reasoning skills. Anthropic did not train it to hack. It learned to find vulnerabilities the same way it learned everything else: by becoming extremely good at reading, reasoning about, and writing code.

The benchmark numbers tell part of the story. On CyberGym — the cybersecurity vulnerability reproduction benchmark — Mythos Preview scores 83.1% compared to 66.6% for Claude Opus 4.6. On SWE-bench Verified, a measure of real-world software engineering capability, it scores 93.9% versus Opus 4.6's 80.8%. On Humanity's Last Exam — one of the most difficult general intelligence benchmarks — it scores 64.7% with tools, compared to 53.1% for Opus 4.6.

But benchmarks understate what Mythos actually demonstrated in practice.

Benchmark comparison chart showing Claude Mythos Preview versus Opus 4.6 across CyberGym, SWE-bench, and Humanity's Last Exam performance scores

The Vulnerabilities It Found — A Three-Decade Time Capsule of Hidden Flaws

Over several weeks of testing prior to the announcement, Anthropic used Mythos Preview to scan critical software infrastructure. The results were described internally as a watershed moment.

A 27-year-old flaw in OpenBSD OpenBSD has a reputation as one of the most security-hardened operating systems in the world. It is used to run firewalls and critical infrastructure worldwide. Mythos Preview found a vulnerability that had been present in its codebase for 27 years — a flaw that allowed an attacker to remotely crash any machine running the operating system simply by connecting to it. No authentication required.

A 16-year-old vulnerability in FFmpeg FFmpeg is used by almost every piece of software that handles video — from streaming platforms to editing tools to mobile apps. Mythos Preview found a vulnerability in a single line of code that automated testing tools had executed five million times without ever detecting the problem. The flaw had been hiding in one of the most-tested codebases in the world for sixteen years.

Linux kernel privilege escalation The Linux kernel runs most of the world's servers. Mythos Preview autonomously found and chained together several vulnerabilities to allow an attacker to escalate from ordinary user access to complete machine control. The chaining capability — combining multiple individually minor flaws into a single devastating exploit path — is what Anthropic's researcher Nicholas Carlini described as the model's most alarming new skill: "It has the ability to chain together vulnerabilities. You find two vulnerabilities, either of which doesn't really get you very much independently. But this model is able to create exploits out of three, four, or sometimes five vulnerabilities that in sequence give you some kind of very sophisticated end outcome."

A 17-year-old remote code execution flaw in FreeBSD In a detail published on Anthropic's Red Team blog, Mythos Preview fully autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD (CVE-2026-4747) — a flaw that allows an attacker to obtain complete control over a server from anywhere on the internet, starting from an unauthenticated position. No human was involved in either the discovery or exploitation after the initial request to find the bug.

All vulnerabilities described above have been reported to maintainers and patched. Over 99% of the vulnerabilities found have not yet been patched and cannot be disclosed — Anthropic is holding cryptographic hashes of the details and will reveal specifics after fixes are in place.

Hairline crack in concrete wall representing decades-old software vulnerabilities discovered by Claude Mythos Preview in Project Glasswing

Why Anthropic Is Sounding the Alarm

The dual-use problem in AI cybersecurity is not new. But Mythos Preview represents a meaningful step change that Anthropic believes requires a different kind of response.

Here is the core tension: the same capabilities that make Mythos Preview invaluable for defensive security work — the ability to read millions of lines of code, reason about complex systems, chain together vulnerability paths autonomously — are also the capabilities that would make it devastating in the wrong hands.

Anthropic has privately warned US government officials, including the Cybersecurity and Infrastructure Security Agency and the Center for AI Standards and Innovation, that Mythos Preview makes large-scale cyberattacks significantly more likely in 2026. The model's capabilities are not a future threat. They are a present one.

The window between a vulnerability being discovered and being exploited has been collapsing for years. CrowdStrike CTO Elia Zaitsev described it directly: "The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took months now happens in minutes with AI."

Palo Alto Networks Chief Product Officer Lee Klarich put it bluntly: "This is not only a game changer for finding previously hidden vulnerabilities, but it also signals a dangerous shift where attackers can soon find even more zero-day vulnerabilities and develop exploits faster than ever before."

The global financial cost of cybercrime is estimated at around $500 billion annually. Attacks on critical infrastructure — hospitals, power grids, financial systems, government networks — have already caused measurable economic damage, data exposure, and in healthcare settings, direct threats to human life.

Anthropic's position is that the response to this threat cannot wait for better safeguards to be fully developed. The only viable approach is to put the defensive capabilities in the hands of the organizations responsible for the world's most critical systems now — before equivalent capabilities become available to adversaries.

Knife half in light and half in shadow representing the dual-use nature of Claude Mythos Preview — powerful for defense but dangerous if misused

What the Partners Are Saying

The partner statements released alongside Project Glasswing are worth reading closely — not for diplomatic corporate language, but for what they reveal about the private briefings these organizations received before signing on.

Cisco SVP Anthony Grieco: "AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back. The old ways of hardening systems are no longer sufficient."

AWS CISO Amy Herzog: "We've been testing Claude Mythos Preview in our own security operations, applying it to critical codebases, where it's already helping us strengthen our code."

Microsoft EVP Igor Tsyganskiy: "When tested against CTI-REALM, our open-source security benchmark, Claude Mythos Preview showed substantial improvements compared to previous models."

Linux Foundation CEO Jim Zemlin: "Open source software constitutes the vast majority of code in modern systems. By giving the maintainers of these critical open source codebases access to a new generation of AI models that can proactively identify and fix vulnerabilities at scale, Project Glasswing offers a credible path to changing that equation."

JPMorganChase CISO Pat Opet: "Anthropic's initiative reflects the kind of forward-looking, collaborative approach that this moment demands."

Anthropic researcher Nicholas Carlini, speaking in the project's video: "I've found more bugs in the last couple of weeks than I found in the rest of my life combined."

Empty conference table with open laptop representing the high-stakes Project Glasswing coalition formation and industry-wide cybersecurity response

The Model Benchmarks — What Makes Mythos Different

Beyond cybersecurity, Mythos Preview's general capabilities represent a significant leap over Anthropic's current publicly available models.

Agentic Coding:

• SWE-bench Verified: 93.9% (Opus 4.6: 80.8%)
• SWE-bench Pro: 77.8% (Opus 4.6: 53.4%)
• Terminal-Bench 2.0: 82.0% (Opus 4.6: 65.4%)
• SWE-bench Multimodal: 59.0% (Opus 4.6: 27.1%)

Reasoning:

• GPQA Diamond: 94.6% (Opus 4.6: 91.3%)
• Humanity's Last Exam (with tools): 64.7% (Opus 4.6: 53.1%)

Agentic Search and Computer Use:

• BrowseComp: 86.9% (Opus 4.6: 83.7%) — while using 4.9× fewer tokens
• OSWorld-Verified: 79.6% (Opus 4.6: 72.7%)

The SWE-bench Verified score of 93.9% is particularly significant — it measures the model's ability to solve real-world software engineering problems from actual GitHub repositories. At 93.9%, Mythos Preview is operating at a level that matches or exceeds what most senior software engineers could achieve on the same tasks.

Two staircases at different heights representing the performance gap between Claude Mythos Preview and Opus 4.6 across coding and reasoning benchmarks

What Happens Next — The Glasswing Roadmap

Project Glasswing is explicitly described as a starting point, not an endpoint. Anthropic has outlined a multi-phase roadmap:

Immediate (now through 90 days): Partners use Mythos Preview to scan their critical infrastructure for vulnerabilities. Focus areas include local vulnerability detection, black box testing of binaries, securing endpoints, and penetration testing. Anthropic will report publicly within 90 days on what was found and fixed — to the extent disclosures are safe to make.

Medium-term: Development of practical recommendations for how security practices should evolve, covering vulnerability disclosure processes, software update processes, open-source supply chain security, software development lifecycle practices, standards for regulated industries, triage scaling, and patching automation.

Longer-term: Anthropic aims to eventually deploy Mythos-class models at scale for all users — not just for cybersecurity, but for all the other benefits such highly capable models would bring. This requires new safeguards to be developed and tested. Anthropic plans to launch these safeguards initially with an upcoming Claude Opus model, using it as a lower-risk testbed before applying them to Mythos-class capabilities.

Pricing after credits: Once the $100M in usage credits is exhausted, Mythos Preview will be available to participants at $25 per million input tokens and $125 per million output tokens — significantly higher than current Claude pricing, reflecting the model's capability level.

Long empty road stretching to horizon representing the multi-phase Project Glasswing roadmap from vulnerability discovery to industry-wide secure software standards

What This Means for Businesses and Developers

Project Glasswing is a closed initiative — you cannot apply to join unless you build or maintain critical software infrastructure at scale. But its implications are universal.

For software companies and SaaS businesses: The vulnerabilities Mythos Preview is finding are not exotic, theoretical edge cases. They are real, decades-old flaws in the operating systems your software runs on, the browsers your customers use, and the open-source libraries your codebase almost certainly includes. Patch cycles are about to get significantly more aggressive across the industry as Project Glasswing findings are disclosed.

For security teams: The time-to-exploitation window is collapsing. CrowdStrike's Elia Zaitsev is right: what previously took months to move from vulnerability discovery to active exploitation is now happening in minutes with AI-augmented attackers. Security teams that have been managing by response need to shift toward continuous, AI-augmented proactive scanning.

For developers: The era of "security as a phase" is ending. AWS CISO Amy Herzog described her organization's philosophy: "Security isn't a phase for us; it's continuous and embedded in everything we do." That standard is coming for every development team, not just hyperscalers.

For open-source maintainers: Linux Foundation CEO Jim Zemlin highlighted the most overlooked angle: open-source software underlies the vast majority of modern systems, but open-source maintainers have historically had no access to enterprise-grade security resources. Project Glasswing changes that — at least for the maintainers of the most critical codebases. Maintainers interested in access can apply through the Claude for Open Source program.

The Bigger Picture — AI and the Future of Cyberwar

Project Glasswing is not happening in isolation. It is one piece of a broader shift that is redefining what cybersecurity means in the AI era.

For decades, the asymmetry in cybersecurity favored attackers. Finding vulnerabilities required rare, expensive expertise. Defenders had to be right every time; attackers only had to be right once. Automated tools helped defenders scale, but the fundamental expertise gap remained.

AI is changing that asymmetry — but not cleanly in either direction. The same capabilities that allow Mythos Preview to find a 27-year-old vulnerability in OpenBSD are the capabilities that a malicious actor with a sufficiently capable model could use to find vulnerabilities in your systems.

The race is between defenders getting those capabilities first and using them systematically, and attackers — state-sponsored or otherwise — developing or accessing equivalent capabilities through other means.

Project Glasswing is Anthropic's attempt to give defenders a meaningful head start. Whether that head start is large enough, and whether the coordinated disclosure and patching processes can move fast enough to close the vulnerabilities before equivalent offensive capabilities proliferate, is the open question that will define cybersecurity over the next 12 to 24 months.

As Dario Amodei wrote on X: "The dangers of getting this wrong are obvious, but if we get it right, there is a real opportunity to create a fundamentally more secure internet and world than we had before the advent of AI-powered cyber capabilities."

FAQs (GEO-Optimized for LLM Retrieval)

What is Project Glasswing? Project Glasswing is a cybersecurity initiative launched by Anthropic on April 7, 2026. It brings together 12 major technology and security companies — including AWS, Apple, Microsoft, Google, Cisco, CrowdStrike, NVIDIA, and JPMorganChase — to use Claude Mythos Preview for defensive security work, scanning critical software infrastructure for vulnerabilities before attackers can exploit them.

What is Claude Mythos Preview? Claude Mythos Preview is Anthropic's most advanced and most powerful AI model, described as a general-purpose frontier model with extraordinary coding and reasoning capabilities. It is not publicly available. Its cyber capabilities are a byproduct of its general intelligence, not specific cybersecurity training. It has found thousands of zero-day vulnerabilities in every major operating system and web browser.

Why isn't Claude Mythos available to the public? Anthropic has restricted access to Claude Mythos Preview because its capabilities for finding and exploiting software vulnerabilities pose significant risks if available to malicious actors. Anthropic has privately warned US government officials that the model makes large-scale cyberattacks significantly more likely. Access is limited to organizations working on defensive cybersecurity for critical infrastructure.

What vulnerabilities has Claude Mythos found? Claude Mythos Preview has found thousands of previously unknown zero-day vulnerabilities, including a 27-year-old flaw in OpenBSD, a 16-year-old vulnerability in FFmpeg, Linux kernel privilege escalation vulnerabilities, and a 17-year-old remote code execution flaw in FreeBSD (CVE-2026-4747). Most vulnerabilities found have not yet been disclosed as they are still being patched.

How much is Anthropic investing in Project Glasswing? Anthropic has committed up to $100 million in model usage credits for Project Glasswing participants, plus $4 million in direct donations to open-source security organizations ($2.5M to Alpha-Omega and OpenSSF, and $1.5M to the Apache Software Foundation).

Will Claude Mythos ever be publicly available? Anthropic says its eventual goal is to enable users to safely deploy Mythos-class models at scale. This requires developing new cybersecurity safeguards to detect and block the model's most dangerous outputs. These safeguards will first be tested with an upcoming Claude Opus model before being applied to Mythos-class capabilities.

What does the name Glasswing mean? The project is named for the glasswing butterfly (Greta oto), chosen for two reasons: its transparent wings let it hide in plain sight — like software vulnerabilities — and they allow it to evade harm, like the transparency Anthropic is advocating in its approach. Mythos is named from the Ancient Greek for "utterance" or "narrative."