Anthropic has revealed that its latest, unreleased artificial intelligence model, Claude Mythos, has demonstrated an unprecedented ability to identify critical software security flaws that had previously evaded human detection. The San Francisco-based AI startup announced that the model has uncovered thousands of vulnerabilities in widely used applications, many of which have remained unpatched for decades.
The discovery has prompted the company to keep the model away from the general public to prevent it from being weaponized by malicious actors. Instead, Anthropic is channeling the technology into a defensive alliance with some of the world’s largest technology firms and cybersecurity specialists, aiming to patch global infrastructure before adversaries can exploit the same capabilities.
The scale of the vulnerabilities is significant. According to the company, some of the flaws pinpointed by Claude Mythos date back 27 years. In one specific instance, the AI identified a subtle flaw in video software that had undergone more than 5 million tests by its original creators without the vulnerability ever being detected.
Project Glasswing: A Defensive Coalition
To manage the risks associated with these discoveries, Anthropic has launched “Project Glasswing,” a collaborative effort to arm defenders ahead of time. The company is providing approximately $100 million worth of computing resources to support the mission, allowing a select group of organizations to employ a preview version of the model to secure their systems.
The coalition includes a heavyweight roster of technology and security firms. Major cloud and hardware providers including Microsoft, Amazon, and Apple have joined the project, alongside cybersecurity leaders CrowdStrike and Palo Alto Networks. Networking giants Cisco and Broadcom, as well as the Linux Foundation, are as well participating to protect the open-source operating systems and infrastructure that power much of the modern internet.
The urgency of the project is driven by the collapsing timeframe between the discovery of a bug and its exploitation. Elia Zaitsev, chief technology officer at CrowdStrike, noted that what once took months for a human researcher to find and a hacker to exploit now happens in minutes with the aid of AI.
“Claude Mythos Preview demonstrates what is now possible for defenders at scale, and adversaries will inevitably look to exploit the same capabilities,” Zaitsev said.
The Risks of Autonomous Vulnerability Research
The decision to withhold Claude Mythos from the public follows a recent leak of some of the model’s code. In a subsequent blog post, Anthropic warned that AI models have reached a level of coding proficiency where they can surpass all but the most elite human experts in finding and exploiting software weaknesses.
The company explicitly warned that the fallout from such capabilities—if left unchecked—could be severe for national security, public safety, and global economies. The primary fear is that AI could be used to crack encryption or automate the theft of passwords at a scale previously impossible for human-led hacking groups.
Mike Krieger of Anthropic Labs emphasized the defensive nature of the current rollout during a HumanX AI conference in San Francisco, explaining that the goal is to provide cybersecurity engineers in the open-source community with a “defensive weapon” to secure software before the model’s capabilities are replicated by awful actors.
Project Glasswing Participant Overview
| Sector | Key Participants |
|---|---|
| Cybersecurity | CrowdStrike, Palo Alto Networks |
| Big Tech / Cloud | Amazon, Apple, Microsoft |
| Infrastructure | Cisco, Broadcom, Linux Foundation |
| Total Organizations | Approximately 40 |
Legal Friction and Government Relations
The rollout of Claude Mythos comes amid a complicated relationship between Anthropic and the U.S. Government. In February, the White House issued a decree to terminate all contracts with the startup. However, that directive is currently on hold due to a federal court judge’s ruling although Anthropic pursues a legal challenge through the court system.

Despite this legal tension, Anthropic stated it has continued discussions with the U.S. Government regarding the implications of the Mythos model. The company appears to be positioning itself as a critical partner in national defense, arguing that the capabilities of the model are too urgent to ignore, regardless of the contractual disputes.
Anthony Grieco, Cisco’s chief security and trust officer, echoed this sentiment in a joint release, stating that AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure, and that “there is no going back.”
The next phase for Project Glasswing involves the sharing of findings among the 40 participating organizations to create a comprehensive map of existing software vulnerabilities. The company has not yet provided a timeline for when, or if, a modified version of the model will ever be released to the general public.
This report is based on current disclosures from Anthropic and its partners. We invite readers to share their perspectives on AI-driven security in the comments below.
