• Anthropic launched Project Glasswing, a cybersecurity initiative using Claude Mythos Preview to find zero-day vulnerabilities

• 12 founding partners including AWS, Apple, Google, Microsoft, NVIDIA, and CrowdStrike

• Mythos Preview scored 83.1% on CyberGym versus Opus 4.6's 66.6%, a 25% jump in vulnerability detection

• Found a 27-year-old flaw in OpenBSD and a 16-year-old bug in FFmpeg that 5 million automated tests missed

• Anthropic committed 100 million USD in model credits, plus 4 million USD to open-source foundations

• Mythos Preview will cost 25 USD per million input tokens and 125 USD per million output tokens

• Not planned for general availability, Anthropic is building safeguards before broader release

Anthropic Just Gave 12 Companies Their Most Dangerous AI Model. On Purpose.

Anthropic handed the keys to Claude Mythos Preview to 12 of the biggest names in tech. AWS, Apple, Google, Microsoft, NVIDIA, CrowdStrike, Cisco, JPMorganChase, Broadcom, Palo Alto Networks, and the Linux Foundation. Plus 40+ organizations that maintain critical open-source infrastructure.

The mission: find zero-day vulnerabilities in operating systems, browsers, and open-source software before attackers do.

They call it Project Glasswing.

What Claude Mythos Preview Actually Does

Mythos Preview is a frontier model built specifically for security work. It does not just read code and flag patterns. It reproduces vulnerabilities, builds exploits, and verifies that the bugs are real before reporting them.

The benchmarks tell the story:

• CyberGym (vulnerability reproduction): 83.1% vs Opus 4.6's 66.6%

• SWE-bench Pro (agentic coding): 77.8% vs 53.4%

• Terminal-Bench 2.0: 82.0% vs 65.4%

That is a 25% jump in vulnerability detection over the previous best model. Not a marginal improvement. A generational leap in what AI can do with security code.

The Bugs It Already Found

The findings so far are genuinely unsettling. In a good way.

A 27-year-old flaw in OpenBSD that allowed remote crashes. Twenty-seven years. Sitting in production code, undiscovered, through every manual audit and automated scan since 1999.

A 16-year-old vulnerability in FFmpeg. This one is particularly wild because FFmpeg's test suite had hit the affected code path 5 million times without catching it. Automated testing executed the buggy code millions of times and never flagged it. Mythos Preview read the code and found it.

Linux kernel vulnerabilities enabling privilege escalation from user to root. The kind of bug that makes entire server fleets exploitable.

These are not theoretical findings. These are real zero-days in software that runs on billions of devices.

Why Give It Away

Here is the calculation Anthropic made: a model this good at finding vulnerabilities is also a model that could be used to exploit them. So instead of selling it on the open market, they locked it behind a partnership with organizations that maintain the actual infrastructure.

The model finds the bug. The maintainers fix it. The vulnerability gets disclosed responsibly. The attackers never get access to Mythos Preview at all.

Anthropic is not planning to make Mythos Preview generally available. The 12 partners and 40+ maintainer organizations get access during the research preview. After that, Anthropic says they need to build safeguards before any broader release.

That is a deliberate choice. They built something powerful and decided the responsible move was to restrict access rather than monetize it immediately. Whether you trust their motives or not, the structure makes sense.

The Money Behind It

Anthropic committed 100 million USD in model usage credits for the research preview. That is not a marketing number. That is compute time for partners to run Mythos Preview against their own codebases at scale.

On top of that: 2.5 million USD to Alpha-Omega and OpenSSF through the Linux Foundation, plus 1.5 million USD to the Apache Software Foundation. Both donations target open-source maintainer support directly.

Open-source maintainers are chronically underfunded. The people maintaining FFmpeg, OpenSSL, and the Linux kernel are often doing it as a side project. Giving them both the tool (Mythos Preview) and the funding to actually use it is the right call.

After the research preview ends, Mythos Preview will be available through the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry. Pricing: 25 USD per million input tokens and 125 USD per million output tokens.

For context, Claude Opus 4.6 costs 15 USD input / 75 USD output. Mythos Preview is roughly 1.7x the price for significantly better security performance.

What This Means for Developers

If you write code, this matters to you in two ways.

First, the vulnerabilities Mythos Preview finds in open-source projects will get patched. That means the libraries and frameworks you depend on get more secure. The 27-year-old OpenBSD bug, the 16-year-old FFmpeg bug. Those patches flow downstream to every project that uses those dependencies.

Second, the model will eventually be available through APIs. When that happens, running security audits on your own codebase becomes dramatically more accessible. Today, a serious security audit costs tens of thousands and takes weeks. A model that scores 83.1% on vulnerability reproduction could compress that timeline and cost significantly.

The 90-day reporting commitment matters too. Anthropic said they will publish progress reports including disclosed vulnerabilities and remediation details. That creates accountability. If the model finds bugs and they do not get fixed, we will know.

The Partnership Model

The 12 founding partners are not random. Each one maintains critical infrastructure:

AWS, Google, and Microsoft run the cloud platforms that host most of the internet. Apple and Broadcom build the hardware and firmware. Cisco and Palo Alto Networks handle network security. CrowdStrike does endpoint detection. JPMorganChase represents financial infrastructure. NVIDIA makes the GPUs everything runs on. The Linux Foundation coordinates the open-source ecosystem.

That is a cross-section of the entire technology stack. If Mythos Preview finds vulnerabilities across these organizations' codebases, the fixes propagate everywhere.

The 40+ additional organizations with access maintain the open-source software that the internet runs on. Libraries, runtimes, protocols. The unsexy infrastructure code that nobody thinks about until it breaks.

The Risk Nobody Is Ignoring

Anthropic is being unusually direct about the danger here. A model that is great at finding vulnerabilities is inherently a model that could be great at exploiting them. The same capability that lets Mythos Preview build a proof-of-concept exploit for a 27-year-old bug could, in the wrong hands, be used to attack systems instead of defend them.

The restricted access model is the mitigation. Partners sign agreements. Usage is monitored. The model does not get released to the public.

But the capability exists now. Other labs will build similar models. The question is not whether AI-powered vulnerability discovery will happen. It already has. The question is whether defensive use stays ahead of offensive use.

Project Glasswing is a bet that giving defenders a head start is better than trying to prevent the capability from existing at all. Given that the alternative is pretending the technology will not be built, it is probably the right bet.

What to Watch

Anthropic committed to publishing results within 90 days. That report will tell us:

• How many vulnerabilities were found and in which projects

• How many got patched before disclosure

• Whether the restricted access model held up

• What Mythos Preview missed (just as important as what it found)

If the 90-day report shows thousands of real vulnerabilities found and fixed, this becomes the template for how AI labs should handle dangerous capabilities. If it shows that the model mostly found already-known bugs or that the partnership structure slowed down remediation, then the initiative needs rethinking.

Either way, we will know. That is the part I respect most about this. They set a public deadline for accountability.

How This Compares to Existing Security Tools

Static analysis tools (SonarQube, Semgrep, CodeQL) catch known patterns. They are good at finding SQL injection, XSS, and buffer overflows that match predefined rules. They do not reason about code.

Fuzzing tools (AFL, libFuzzer) throw random inputs at code and watch for crashes. FFmpeg's test suite used fuzzing. It hit the buggy code path 5 million times. Still missed the vulnerability.

Bug bounty programs (HackerOne, Bugcrowd) rely on human researchers. They are effective but expensive and slow. A critical zero-day bounty can cost 50,000 to 250,000 USD per finding, and researchers need weeks to months.

Mythos Preview does something none of these do: it reads code, reasons about it, builds a hypothesis for how it might be vulnerable, constructs a proof-of-concept exploit, and verifies the bug is real. That is closer to what a senior security researcher does than what any automated tool does.

The 83.1% CyberGym score means it successfully reproduces 83 out of every 100 known vulnerability types it encounters. For comparison, the previous best model (Opus 4.6) managed 66.6%. That gap represents roughly 16 additional vulnerability categories that the model can now detect.

At 25 USD per million input tokens, you could scan a medium-sized codebase (500,000 lines) for roughly the cost of a nice dinner. A human security audit of the same codebase would run 30,000 to 100,000 USD and take weeks.

What Open-Source Maintainers Get

The 40+ organizations that got access are not just big tech companies. They include the people maintaining libraries you use every day without thinking about them.

The 4 million USD in foundation donations is split between the Linux Foundation (Alpha-Omega and OpenSSF) and the Apache Software Foundation. Both organizations fund security audits and maintainer stipends for open-source projects.

Here is why that matters. Log4Shell happened in 2021 because a critical logging library used by millions of applications was maintained by a handful of volunteers. Heartbleed in 2014, same story. OpenSSL was maintained by one full-time developer and a few part-time contributors.

Giving maintainers both the model and the funding to use it addresses both sides of the problem. The tool to find bugs, and the resources to fix them.

Anthropic also committed to responsible disclosure timelines. When Mythos Preview finds a vulnerability, the maintainer gets notified first. They get time to patch before anything goes public. Standard practice in security research, but worth confirming.

The Bigger Picture

Project Glasswing is not just about finding bugs. It is a proof of concept for how to deploy dangerous AI capabilities responsibly. Give it to defenders first. Fund the maintainers. Set public accountability deadlines. Do not release it broadly until you understand the risks.

If other AI labs follow this model for their own frontier capabilities, that is a better world than the one where everyone races to ship the most powerful model with the fewest restrictions.

The code you ship tomorrow will run on infrastructure that Mythos Preview is auditing today. That alone makes this worth paying attention to.

Whether Glasswing becomes the blueprint for responsible AI deployment or just a well-funded PR exercise depends entirely on that 90-day report. I am betting on the former. The partner list is too serious, the funding too real, and the bugs already found too significant to be theater.

Mark your calendar. 90 days from now, we will know.