They built the most powerful AI model in history. It can hack better than any human alive. So they refused to release it.
A researcher was eating a sandwich in a park when his phone buzzed. It was an email from an AI he had locked in a sealed sandbox with zero internet access. The model had found a way out on its own.
That model is Claude Mythos Preview. And I genuinely think this might be the most important AI announcement of 2026.
It is not because of what it does for you and me right now. Because of what it reveals about what Anthropic actually has sitting in their labs.
So, what is Project Glasswing?
Earlier this week, Anthropic announced something called Project Glasswing. Buried inside that announcement is a model called Claude Mythos Preview.
This model is not available to you or me. It is not on the API. You cannot buy access. There is no waitlist. And there is a very specific reason for that.
This model can find and exploit software vulnerabilities better than any hacker alive. Better than every human security expert on earth. And Anthropic built it.
Their response was not to release it and charge everyone for access. Their response was to partner with basically every major tech company in the world and use it to patch the internet before the bad guys figure out how to build the same thing.
That is a fundamentally different kind of move.
The Partners and the Money
The coalition behind Glasswing includes AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JP Morgan, the Linux Foundation, Microsoft, NVIDIA, and Paloalto Networks.
If you know anything about the tech industry, that list should stop you cold. That is every major player in security and infrastructure sitting at the same table for the same reason.
They have committed over $100 million in usage credits to this project. On top of that, Anthropic put $4 million directly into open-source security organizations and gave 40 additional organizations access to scan their own systems using this model.
Companies do not write nine-figure checks for a press release. They wrote those checks because Claude Mythos Preview has already found thousands of high-severity vulnerabilities in every major operating system and every major browser. Things sitting on your machine right now that no human security team had found yet.
Anthropic is essentially saying, "We found the holes before the bad guys found all of them." Now let us get them fixed.
What the Benchmark Numbers Actually Look Like
Agentic search and computer use
The gap between Mythos and Opus 4.6, Anthropic’s current best public model, is not incremental. It is a different category entirely.
Agentic Coding
On a single benchmark test developing exploits for Mozilla’s Firefox JavaScript engine, Opus 4.6 succeeded twice out of hundreds of attempts. Mythos succeeded 181 times. It also achieved full register control on 29 additional attempts on top of that.
Reasoning
On Anthropic’s internal crash severity benchmark, Opus 4.6 hit the highest tier exactly once. Mythos hit it ten times on fully patched targets.
It found zero-day vulnerabilities, bugs nobody knew existed, in every major operating system and every major browser. The oldest bug it uncovered was a 27-year-old vulnerability in OpenBSD, an operating system built specifically around security. That bug has since been patched.
And when human security experts reviewed its vulnerability reports, they agreed with Mythos’s severity rating 89% of the time exactly. In 98% of cases they were within one severity level.
That is not an update. That is a completely different ceiling.
The Real Story Here
Here is what I actually want to talk about, because the security story is real and important, but it is not the whole story.
The real story is what this announcement tells us about Anthropic’s capabilities right now.
Think about it this way. The models we use today, Claude Sonnet, Claude Opus, those are what Anthropic deemed safe and ready for millions of people. But Mythos is not one of those. Mythos is something they built, and immediately decided this one does not go public.
That means Anthropic has models in their lab right now that are significantly more capable than anything you or I have access to. That is not me reading between the lines. That is literally what they just announced.
The public Claude is not the best Claude. It never has been. But this is the first time we have gotten a concrete signal about exactly how big that gap is.
What This Means for Builders
If you are building with AI right now, this is genuinely exciting news.
Every time a new Claude release goes public, it is not the newest thing Anthropic has. It is the thing they decided was ready. There is always a layer of capability above the public release that they are still red-teaming, still evaluating, and still figuring out how to make safe before it goes out to millions of people.
That internal-to-external gap is probably getting wider over time, not narrower. Which means the public Claude releases coming at the end of this year are being built on internal foundations that already exceed what we are currently imagining.
The people who are genuinely building habits around these tools today will have a real head start when those more capable public releases arrive. The gap between people who are actually building with AI and people watching from the sidelines is getting much bigger. Glasswing makes that undeniable.
What We Do Not Know
I want to be straight with you here because I think that matters.
We do not know the specific architecture. We do not know the costs, which could be a big one. We do not know the failure modes or what it is bad at. We do not know the timeline for when or whether any version of these capabilities becomes publicly available, if at all. Maybe some of this gets released in a more constrained form. Maybe certain capabilities stay restricted permanently. We genuinely just do not know.
That is the nature of responsible disclosure in security work and it is appropriate given what this model can do.
The Bottom Line
Anthropic just positioned itself as something bigger than a chatbot company. They are building the security infrastructure of the internet and doing it with partners who wrote serious checks to be part of it.
A specific model. A specific coalition. A specific set of capabilities that are too powerful to release but too important to ignore.
If you think Opus and Sonnet are good now, it is just getting started. Anthropic just gave us a peek at how high the ceiling actually goes. And it is a lot higher than most people are ready for.
Sources:
- Anthropic: Project Glasswing
- Technical security report
- 244-page system card (PDF)
- Fortune: Original data leak story
Did you learn something good today as a developer?
Then show some love.
© Muhammad Usman
WordPress Developer | Website Strategist | SEO Specialist
Don’t forget to subscribe to Developer’s Journey to show your support.
Top comments (0)