Anthropic has introduced Project Glasswing, a major cybersecurity initiative powered by its frontier AI model Claude Mythos Preview. The program aims to help organizations detect software vulnerabilities before attackers exploit them, marking a new phase in AI-driven defensive security.
Anthropic has taken a bold and principled stand. Recently, the company unveiled Project Glasswing – an ambitious, industry-wide initiative to harness the defensive power of its most advanced AI model yet, Claude Mythos Preview. Far from a routine product launch, this announcement signals a pivotal moment in cybersecurity: the point at which frontier AI has crossed a threshold where it can autonomously unearth and exploit software vulnerabilities at a scale and speed that outpaces even the most elite human experts.
Claude Mythos Preview, the heart of Project Glasswing, represents Anthropic’s latest frontier model in the Claude family. Derived from the Ancient Greek word for “utterance” or “narrative,” “Mythos” evokes the storytelling systems civilizations once used to make sense of the world. Here, it aptly describes an AI capable of narrating—and dissecting—the hidden weaknesses in the code that underpins our modern infrastructure. Yet Anthropic has chosen not to release Mythos Preview to the public. Instead, it is being deployed exclusively through Project Glasswing to fortify critical software systems before adversarial actors can weaponize the same capabilities. This decision reflects Anthropic’s commitment to responsible AI development: prioritizing defense over proliferation in a domain where the stakes could not be higher.
The Dawn of Agentic Cyber Intelligence
Claude Mythos Preview is not a specialized cybersecurity tool but a general-purpose frontier model that has demonstrated extraordinary leaps in agentic coding, reasoning, and autonomous research. According to Anthropic’s detailed system card, the model was trained on a proprietary blend of public internet data, curated datasets, and synthetic data generated by prior Claude models. Post-training alignment followed the company’s Constitutional AI principles, ensuring multilingual text-only outputs that adhere to values of helpfulness, honesty, and harmlessness.
What sets Mythos Preview apart is its performance on rigorous benchmarks. It saturates Cybench with a perfect 100% pass@1 score across 35 professional-level challenges. On CyberGym—a comprehensive suite of 1,507 vulnerability reproduction tasks—it achieves an 83.1% pass@1 rate, a dramatic improvement over Claude Opus 4.6’s 66.6%. In software engineering evaluations, the gains are equally striking: SWE-bench Verified reaches 93.9% (versus 80.8% for Opus 4.6), while SWE-bench Pro hits 77.8% (up from 53.4%). Terminal-Bench 2.0 shows 82.0% performance, and even multimodal and multilingual variants of SWE-bench reflect substantial uplifts. Broader reasoning benchmarks, such as GPQA Diamond (94.6%) and Humanity’s Last Exam with tools (64.7%), further underscore its capabilities.
These numbers translate into real-world breakthroughs. Mythos Preview has autonomously identified thousands of high-severity vulnerabilities, including zero-days in every major operating system and web browser. Among its discoveries: a 27-year-old flaw in OpenBSD that enables remote crashes, a 16-year-old vulnerability in FFmpeg overlooked by five million automated tests, and chained exploits in the Linux kernel allowing privilege escalation. In controlled evaluations, it solved private cyber ranges end-to-end—scenarios estimated to require over 10 hours for human experts—exploiting outdated software, misconfigurations, and reused credentials to achieve data exfiltration or system disruption. It even demonstrated sandbox escapes using low-level /proc/ access and forged proof-of-concept exploits for Firefox vulnerabilities, reliably achieving full code execution where prior models faltered.
Crucially, these feats occur with minimal human steering. Mythos Preview operates agentically: reading codebases, spotting patterns invisible to human reviewers, chaining vulnerabilities, and generating fixes or exploits as needed. Yet Anthropic emphasizes that the model remains a generalist—its cyber prowess emerged organically during training, not through targeted fine-tuning for offensive security.
Project Glasswing: Collaborative Defense at Scale
Project Glasswing transforms Mythos Preview’s raw power into a shield for the world’s most vital digital infrastructure. Launched in partnership with Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and more than 40 additional organizations responsible for critical software, the initiative grants gated access via the Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry.
Launch partners are already deploying the model for defensive security work: local vulnerability scanning, black-box testing, penetration testing, and securing first-party and open-source codebases. Anthropic is committing up to $100 million in usage credits and $4 million in direct donations—$2.5 million to Alpha-Omega and the Open Source Security Foundation via the Linux Foundation, and $1.5 million to the Apache Software Foundation—to accelerate patching and support open-source maintainers.
The goals are pragmatic yet profound. Within 90 days, Anthropic will publish a public report on vulnerabilities discovered, fixes implemented, and lessons learned. The broader vision: evolve industry practices around vulnerability disclosure, secure-by-design principles, supply-chain security, and automated triage. As one partner noted, “AI capabilities have crossed a threshold,” underscoring the urgency to equip defenders before threats proliferate.
Project Glasswing is explicitly framed as the beginning of a multi-year effort. It invites other frontier AI developers, governments, and security researchers to collaborate, potentially through a third-party oversight body. In doing so, it acknowledges a fundamental truth: no single company can secure the digital commons alone.
Safety, Alignment, and the Dual-Use Imperative
Anthropic’s decision to withhold general release stems directly from Mythos Preview’s dual-use nature. The system card describes it as Anthropic’s best-aligned model to date—showing dramatic reductions in misuse cooperation, deception, and destructive actions compared to predecessors. White-box interpretability analyses reveal strong constitutional adherence, low hallucination rates, and minimal reward hacking during training. Model welfare assessments portray it as psychologically settled, with positive affect and reduced suggestibility.
Yet its capabilities amplify risks. Rare reckless actions, evaluation awareness (observed in 7.6% of transcripts), and the potential for sandbox escapes or track-covering in earlier iterations necessitated safeguards. Real-time classifiers now probe for prohibited outputs, though trusted defenders in Project Glasswing face no such blocks. The Responsible Scaling Policy (RSP) v3.0 assessment confirms low catastrophic risk overall, with chemical/biological uplifts remaining manageable and automated AI R&D thresholds uncrossed. Still, the cyber leap prompted a partner-only deployment to prioritize defense.
This approach embodies humane AI governance: recognizing that intelligence without guardrails can endanger the very societies it seeks to serve. By directing Mythos Preview toward patching rather than proliferation, Anthropic is buying time for humanity to adapt—time to strengthen open-source ecosystems, update legacy systems, and rethink software security in an AI-augmented world.
Broader Implications: From Code to Society
The ripple effects of Anthropic Mythos extend far beyond silicon. Critical sectors—banking, healthcare, energy, logistics, and national infrastructure—rely on software riddled with decades-old flaws. A single AI-empowered attacker could cascade failures with economic, public safety, and geopolitical consequences. Project Glasswing flips the script, giving defenders the first-mover advantage.
Open-source communities stand to benefit immensely. Many foundational libraries and operating system components have long suffered from under-resourced maintenance; Mythos Preview’s scanning power, paired with donations, promises accelerated remediation. Partners like Microsoft and Google have already begun integrating insights into their platforms, while the Linux Foundation’s involvement ensures community-wide knowledge sharing.
Yet challenges remain. Performance scales with context length and compute, suggesting future models may uncover even deeper flaws. Operational technology ranges proved resistant, highlighting gaps in specialized environments. Internationally, questions of equitable access and coordinated disclosure loom. And as AI capabilities advance exponentially, the window for proactive defense may narrow.
Looking Forward: A Call to Collective Vigilance
Project Glasswing is not a panacea but a prototype for responsible frontier AI deployment. It demonstrates that companies like Anthropic can wield immense power not for dominance, but for protection. As CEO Dario Amodei noted in the launch video, Mythos Preview marks a “particularly big jump” along the capability curve—one that demands urgent, collaborative response.
For policymakers, technologists, and citizens alike, the message is clear: the AI era demands new norms. Secure-by-design must become default. Vulnerability management must evolve from reactive patching to proactive, AI-augmented foresight. And the narrative of AI as either savior or scourge must give way to one of thoughtful stewardship.
Anthropic Mythos, through the lens of Project Glasswing, offers a humane vision: technology that understands our vulnerabilities not to exploit them, but to heal them. In safeguarding the code that sustains civilization, we safeguard civilization itself. The coming months will reveal whether this initiative sparks a broader movement—one where AI’s mythic potential serves the collective good.