Inside Project Glasswing: The AI Model That Found Zero-Days in Every Major OS
On April 7, 2026, Anthropic announced something that most cybersecurity professionals have been dreading: an AI model that is genuinely better than almost every human at finding and exploiting software vulnerabilities.
They called it Project Glasswing. The model behind it is Claude Mythos Preview.
If you write code, maintain open-source libraries, build infrastructure, or work anywhere near systems that other people depend on - this is not background noise. This is the signal.
What Actually Happened
Let's be precise about what Anthropic revealed, because the details matter more than the headline.
Claude Mythos Preview - a general-purpose frontier model, not a specialized security tool - autonomously identified thousands of zero-day vulnerabilities across every major operating system and every major web browser. These were not obscure edge-case bugs. Several had survived decades of human code review and millions of automated test runs.
Three examples Anthropic disclosed publicly:
A 27-year-old vulnerability in OpenBSD - arguably the most security-hardened OS in the world, the one running firewalls and critical network infrastructure - that let an attacker remotely crash any machine simply by connecting to it.
A 16-year-old vulnerability in FFmpeg, buried in a single line of code that automated fuzzing tools had hit five million times without flagging. Five million hits. Still missed it.
Multiple chained vulnerabilities in the Linux kernel - the software running most of the world's servers - that Mythos strung together autonomously to escalate from regular user access to full machine control.
All three have since been patched. But the implication of finding them - and finding them with no human steering - is what should stop you mid-scroll.
The Benchmark Reality
Anthropic is positioning Mythos Preview as their most capable model ever across agentic coding and reasoning, not just cybersecurity. The security capability is a byproduct of general coding depth, not a narrow specialization.
On CyberGym - the benchmark for cybersecurity vulnerability reproduction - Mythos Preview scored 83.1% against Opus 4.6's 66.6%. That gap is meaningful, but the real story is in the agentic coding numbers:
| Benchmark | Mythos Preview | Opus 4.6 |
|---|---|---|
| SWE-bench Verified | 93.9% | 80.8% |
| SWE-bench Pro | 77.8% | 53.4% |
| Terminal-Bench 2.0 | 82.0% | 65.4% |
| CyberGym | 83.1% | 66.6% |
| GPQA Diamond | 94.6% | 91.3% |
These are not marginal improvements. A model that can autonomously navigate terminal environments, reason across multi-file codebases, and chain together multi-step software modifications at this level is also, almost by definition, a model that can chain together multi-step exploits.
The offensive capability is a side effect of the capability you actually want for building things.
The Coalition Behind Project Glasswing
Anthropic didn't just publish a blog post. They assembled a working coalition: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks as launch partners, plus over 40 additional organizations covering critical software infrastructure.
This is not a press release coalition. Each partner had hands-on access to Mythos Preview for several weeks before the announcement.
Cisco's Chief Security and Trust Officer said AI capabilities have crossed a threshold that makes old hardening approaches insufficient. CrowdStrike's CTO noted that the window between vulnerability discovery and active exploitation has collapsed - what once took months now happens in minutes. Microsoft tested Mythos Preview against CTI-REALM, their open-source security benchmark, and reported substantial improvements over prior models.
The Linux Foundation's CEO Jim Zemlin made a point worth sitting with: open-source maintainers have historically been left to handle security on their own, without the budget for dedicated security teams. Most of the world's critical infrastructure runs on open-source code. Project Glasswing is specifically targeting that gap, giving maintainers access to a model that can proactively scan and fix vulnerabilities at a scale that was never practically achievable before.
Anthropic is committing $100M in model usage credits to support the initiative, plus $4M in direct donations - $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5M to the Apache Software Foundation.
The Asymmetry Problem - And Why It's the Real Issue
Here is the uncomfortable framing that Anthropic is being direct about: the same capabilities that make Mythos Preview useful for defenders will eventually be accessible to attackers.
DARPA's first Cyber Grand Challenge was a decade ago. That was the moment automated vulnerability hunting moved from theoretical to demonstrated. The question since then has been how long until AI closes the gap with the best human security researchers. Based on Mythos Preview's results, that question now has an answer.
A model trained with strong coding and reasoning ability - trained for legitimate purposes like building software, writing documentation, reviewing PRs - can, at sufficient capability levels, also find vulnerabilities that have evaded human review for decades. The offensive dual-use risk is not hypothetical. It is the current moment.
This is why the defensive head start matters. If you're maintaining infrastructure that other people depend on, the window between "this capability exists" and "this capability is being used against your systems" is not measured in years anymore.
What This Means for Developers and Infrastructure Engineers
If you work in any of the following areas, Project Glasswing is directly relevant to you.
Open-source maintainers: The Claude for Open Source program is offering access to Mythos Preview specifically for scanning and securing open-source codebases. If you maintain a library with meaningful downstream usage, apply. The barrier to running automated security analysis at this level just dropped significantly.
Security engineers: The tasks Anthropic expects partners to focus on include local vulnerability detection, black-box testing of binaries, securing endpoints, and penetration testing. If your team has been bottlenecked on manual review throughput, this changes the calculus.
Platform and infrastructure engineers: If your stack includes Linux, any major browser engine, FFmpeg, or other widely-deployed open-source components - and whose does not - the vulnerabilities being surfaced here may affect software you're running right now. Stay close to the patch cadence coming out of this initiative.
Developer tooling builders: Anthropic will share what they learn publicly within 90 days, including practical recommendations around vulnerability disclosure processes, software development lifecycle hardening, patching automation, and triage scaling. This is going to reshape how security gets built into the development process at a tooling level.
The broader signal for anyone building AI-adjacent infrastructure: the agentic coding capability that makes Mythos Preview effective at security work is the same capability that will define the next generation of autonomous development agents. The security properties of those agents - how they handle code they're operating on, what they can and cannot access, how their outputs are scoped - are going to matter a great deal.
The Model Itself
Mythos Preview is not being released publicly. Anthropic is explicit about this. Access is gated to Project Glasswing partners and the additional 40+ organizations they've brought in.
Their reasoning is worth understanding: they want to develop cybersecurity safeguards - detection and blocking for the model's most dangerous outputs - before making Mythos-class capability broadly available. They're planning to launch and refine those safeguards with an upcoming Claude Opus model, which carries less risk at its capability level, before applying them to Mythos-class models.
This is a sequencing decision, not a capability limitation. The safeguards need to be tested at scale against a less dangerous baseline before they're trusted to handle the full capability surface.
When Mythos Preview does become broadly accessible, pricing is set at $25 per million input tokens and $125 per million output tokens - available through the Claude API, Amazon Bedrock, Google Cloud's Vertex AI, and Microsoft Foundry.
The Longer Arc
Project Glasswing is explicitly positioned as a starting point, not a finished solution. Anthropic has been in direct discussion with US government officials about Mythos Preview's offensive and defensive cyber capabilities. The initiative's 90-day public reporting commitment, the open-source donation structure, and the explicit invitation to other AI companies to join in setting industry standards all point toward a longer institutional effort.
The honest framing: frontier AI capability in cybersecurity is now real, demonstrated, and in the hands of defenders. The same capability will reach adversaries. The lead time between those two moments is the entire window that Project Glasswing is trying to use.
For developers and infrastructure engineers, the practical takeaway is straightforward. The automated security analysis that used to require either significant budget or significant luck is becoming accessible at scale. The open-source ecosystem - which the entire industry has been freeloading on from a security-review standpoint for years - is finally getting the tooling that matches the importance of what it does.
The 27-year-old OpenBSD vulnerability that Mythos Preview found autonomously had survived because security expertise is expensive and time is finite. Both of those constraints are changing. The question now is whether the defensive side moves faster than the offensive side.
Project Glasswing is a bet that it can.
Claude Mythos Preview is currently available as a gated research preview. Open-source maintainers can apply for access through Anthropic's Claude for Open Source program. The full technical writeup, including vulnerability details for patched bugs, is available on Anthropic's Frontier Red Team blog.
Published by Om Shree | Shreesozo - The Shreesozo Dispatch covers MCP, agentic AI, and developer tools for builders who don't have time for hype.
Top comments (0)