What happens when an AI becomes better at hacking than humans — and its creators decide the world isn’t ready yet?
Anthropic didn’t just build a better AI model. It built something powerful enough to worry itself — and then told the world about it anyway.
On Tuesday, the San Francisco-based AI lab unveiled Claude Mythos Preview, its most capable model to date, alongside Project Glasswing — a controlled-access cybersecurity initiative that hands the model to 12 elite partners, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Another 40-plus organizations building or maintaining critical software infrastructure also receive access.
The catch: Anthropic refuses to release Mythos publicly. Not yet. Maybe not for a long time.
That decision — measured, deliberate, and deeply unusual in an industry addicted to launch momentum — says more about where AI stands in 2026 than any benchmark score ever could.
Key Numbers
- 1,000s — Zero-day vulnerabilities found in weeks
- 27 yrs — Age of oldest bug found (in OpenBSD)
- $100M — Usage credits committed to Project Glasswing
- 52 — Total organizations with Mythos Preview access
What Mythos Actually Does
Strip away the mythology around the name, and you find a model that operates more like a senior red-team researcher than a chatbot. Mythos reasons autonomously, writes code, executes multi-step hacking chains, and identifies vulnerabilities that decades of human review and millions of automated security tests missed entirely.
In just weeks of controlled deployment, Mythos surfaced zero-day flaws across every major operating system and every major web browser. One standout: it chained together a Linux kernel vulnerability that could grant complete machine control. Another: a 27-year-old bug in OpenBSD — a system specifically engineered for security — that no one had caught since 1999.
“If models are going to be this good — and probably much better than this — at all cybersecurity tasks, we need to prepare pretty fast. The world is very different now.”
— Logan Graham, Head of Frontier Red Team, Anthropic
This isn’t a party trick. These vulnerabilities are the kind that spy agencies pay millions to acquire, and cybercriminals weaponize for ransomware campaigns. The rate at which Mythos finds them — far exceeding human researchers — fundamentally tilts the offense-defense equation in ways the security community has only theorized about until now.
Anthropic’s own agentic AI capabilities have been expanding rapidly, and Mythos represents the sharpest edge of that trajectory. Unlike conversational models, an agentic system doesn’t wait for instructions — it pursues objectives. Applied to cybersecurity, that means scanning, discovering, and exploiting vulnerabilities faster and more persistently than hundreds of human hackers working simultaneously.
The Name “Project Glasswing” Is Not an Accident
Anthropic employees chose the name deliberately. The glasswing butterfly survives by being transparent — its wings are clear, revealing the structure beneath. Software vulnerabilities work the same way: invisible to the casual eye, dangerously exposed to anyone who knows how to look.
The project’s design mirrors that logic. Anthropic commits up to $100 million in usage credits for Mythos Preview across partner organizations, plus $4 million in direct donations to open-source security groups, including OpenSSF, Alpha-Omega, and the Apache Software Foundation. Partners share what they learn. The whole industry benefits — at least in theory.
“The dangers of getting this wrong are obvious. But if we get it right, there is a real opportunity to create a fundamentally more secure internet and world than we had before the advent of AI-powered cyber capabilities.”
— Dario Amodei
Context matters: This announcement lands just weeks after Anthropic’s high-profile legal clash with the Pentagon, where the Department of Defense labeled the lab a supply-chain risk after Anthropic refused to authorize autonomous targeting and surveillance use of its models. The timing of Project Glasswing — cooperative, transparent, safety-first — reads as a deliberate counter-narrative.
The Real Risk Anthropic Won’t Stop Talking About
Here’s what separates this announcement from typical tech hype: Anthropic spent considerable effort warning you that Mythos could be catastrophic in the wrong hands.
Logan Graham, who leads Anthropic’s frontier red team, told Axios that Mythos Preview is “extremely autonomous” with sophisticated reasoning that gives it the skills of an advanced security researcher. Other AI companies — OpenAI, Google DeepMind, China’s open-source labs — are building toward similar capabilities. Graham’s estimate: six to eighteen months before comparable models exist elsewhere.
“Behind Mythos is the next OpenAI model, and the next Google Gemini, and a few months behind them are the open-source Chinese models. This is a watershed event in the history of cybersecurity.”
— Shlomo Kramer, CEO, Cato Networks
The threat isn’t hypothetical. Earlier this year, Amazon Web Services’ security research team documented a Russian-speaking cybercriminal who used Claude — alongside Chinese-made DeepSeek — to hack over 600 devices running popular firewall software across 55 countries. The attacker had limited technical skills. The AI filled the gap.
Anthropic’s internal assessment of its model capabilities and internal states has always leaned toward radical transparency. That philosophy now faces its hardest test: a model so powerful that releasing it could accelerate the very attacks it’s designed to prevent.
Who Actually Gains Access — And Why That List Matters
The 12 Project Glasswing launch partners read like a who ‘s-who of internet infrastructure. Amazon and Google collectively run the cloud backbone on which most of the world’s software sits. Apple and Microsoft ship operating systems to billions of devices. CrowdStrike and Palo Alto Networks lead enterprise security. The Linux Foundation maintains the OS powering everything from Android phones to supercomputers.
These aren’t just big names — they’re chokepoints. Securing them means securing the digital substrate underneath everyday life.
Anthropic also briefed the Cybersecurity and Infrastructure Security Agency (CISA), the Commerce Department’s Center for AI Standards and Innovation, and a broader array of federal officials on Mythos’ full offensive and defensive capabilities. This stands in sharp contrast to the ongoing Pentagon dispute, where Anthropic and the Defense Department remain locked in litigation over AI supply-chain risk designations.
The Competitive Subtext
OpenAI isn’t sitting still. According to sources familiar with the matter, the company is finalizing a model with comparable capabilities that it plans to release to a small group through its existing “Trusted Access for Cyber” program. The race isn’t just about capability — it’s about which lab gets to define the norms for handling models this dangerous.
Anthropic’s battle with OpenAI for enterprise AI market share extends well beyond revenue — it’s a contest over which safety philosophy the industry adopts. After OpenAI’s moves following Anthropic’s Pentagon blacklisting and the hidden risks in OpenAI’s own Pentagon deals, Project Glasswing stakes Anthropic’s claim as the lab that acts on its safety principles rather than just articulating them.
“Unlike attackers, defenders don’t yet have AI capabilities accelerating them to the same degree. The attack capabilities are available to both sides — defenders must use them if they’re to keep up.”
— Gadi Evron, Founder, Knostic
The Clock Is Ticking for Everyone
Anthropic’s plan isn’t to keep Mythos locked away forever. The company says its goal is to “enable users to safely deploy Mythos-class models at scale” — for cybersecurity, but also for general use cases when appropriate safeguards exist. It’s developing new protective measures on its less-powerful Opus models first, using them to refine approaches that don’t carry Mythos-level risk.
That timeline carries weight. If Graham’s six-to-eighteen-month window holds, comparable models from OpenAI, Google, and Chinese open-source labs will surface before year’s end. At that point, the question shifts from “should we release this?” to “are defenders already prepared?”
Project Glasswing’s honest answer: probably not yet. But now at least there’s a plan.
The cybersecurity industry already felt Mythos before Tuesday’s announcement. When Fortune broke the story in March — via materials accidentally left in a publicly accessible data cache — shares in CrowdStrike, Palo Alto Networks, Zscaler, SentinelOne, Okta, Netskope, and Tenable dropped between 5% and 11%. Investors feared a world where AI makes traditional security products obsolete. Tuesday’s announcement reframes that fear: the model that disrupts old security paradigms is also the model actively patching them
What This Moment Actually Means
Anthropic built Mythos as a general-purpose model. It didn’t specifically train the system for cybersecurity work — the capabilities emerged from raw intelligence applied to code. That’s the part that should give everyone pause.
General-purpose models, as they grow more capable, become general-purpose threats. The same reasoning that writes elegant code can reverse-engineer vulnerable code. The same agentic autonomy that powers productivity tools can power autonomous attack chains. Anthropic knows this — it’s why the company spent weeks briefing government officials before flipping the switch on Project Glasswing.
“More powerful models are going to come from us and from others. And so we do need a plan to respond to this.”
— Dario Amodei
Project Glasswing is that plan’s first chapter. Whether the rest of the industry — and the government — keeps pace determines whether this becomes a watershed moment or just the opening act of something far harder to control.
The butterfly’s wings are transparent. The question is whether anyone looks through them in time.
Key Facts
- Mythos is Anthropic’s most capable model — above the Opus tier
- Not publicly available; restricted to Project Glasswing partners
- Found zero-days in every major OS and browser
- 27-year-old OpenBSD bug was discovered
- $100M in usage credits + $4M to open-source groups
- OpenAI is building a rival model for a similar release
- Anthropic briefed CISA, Commerce Dept. on risks
