Anthropic Unveils Claude Mythos Preview, Launches Project Glasswing With Apple, Microsoft, Google, AWS to Hunt Software Vulnerabilities

Anthropic yesterday announced Claude Mythos Preview, a new general purpose frontier model, and Project Glasswing, a restricted cybersecurity consortium built around it. The pairing is unusual even by the standards of a field that now ships a flagship model every few weeks. Mythos will not be available for public release. It will not be wired into the Claude API, nor into Claude.ai, nor included in any consumer product. Instead, Anthropic has handed it to a small set of companies and nonprofits that build or maintain the software the rest of the world depends on, and asked them to point it at their own code.

The model itself is, according to Anthropic, strong across the board and strikingly capable at computer security tasks. Over the past several weeks Anthropic's internal security teams and a handful of trusted partners have used Mythos Preview to identify thousands of zero day vulnerabilities across every major operating system and every major web browser. That framing is worth reading twice. Zero days are, by definition, unpatched issues that no vendor has a fix for. A model that surfaces them in the low thousands in a few weeks is a different kind of artifact than a chatbot.

What Makes Mythos Different

The capability Anthropic is most eager to talk about is chaining. Mythos can take three to five individually low impact issues, the kind that typically get triaged and closed as minor, and compose them into a sophisticated end to end exploit. That is the move that defenders have not had at scale before. Humans can chain vulnerabilities. It takes a skilled researcher days or weeks to see the pattern, and only a small number of researchers in the world can do it reliably. A model that does it at the speed of inference changes the math on both sides. Anthropic is betting that the defenders can use it faster than the attackers can catch up.

That bet is the entire premise of Project Glasswing. Rather than releasing Mythos as a general API, Anthropic has structured the rollout as a consortium. Initial partners include Amazon Web Services, Apple, Microsoft, Google, and the Linux Foundation, plus forty additional organizations that build or maintain critical software infrastructure. Each vetted partner gets access to use Mythos against their own code, their own product surface, and the open source projects they depend on. Anthropic has committed up to $100 million in Mythos usage credits to support the effort, and is separately donating $4 million directly to open source security organizations.

The Dual Use Problem

The reason Mythos is not on the Claude API is straightforward: the same capabilities that let defenders find vulnerabilities also let attackers write exploits. Anthropic has been explicit that the dual use profile of Mythos is the reason for the restricted release. The company's stated position is that a publicly available model of this capability would accelerate the very attackers Project Glasswing is meant to defend against, and that the responsible path is to give defenders a head start measured in months, not weeks. The scale of the $100 million credit commitment suggests Anthropic expects the consortium to burn through a meaningful fraction of that number finding and fixing issues before any rollout changes.

Simon Willison, writing on his blog, called it the first major attempt by a frontier lab to formalize defender first deployment of a powerful model. That phrase, defender first, is the framing Anthropic is using publicly. The company is positioning Mythos as the inflection point at which AI stops being a neutral tool in cybersecurity and starts being a capability that can be deliberately handed to one side of the attacker defender dynamic before the other side gets it. Whether that holds over the long run depends on a lot of things that have not been tested yet, including how durable the restricted access is, how many people inside partner companies end up with practical access, and whether the capability itself diffuses to other labs.

What to Watch Next

Several questions matter in the next sixty to ninety days. The first is whether Anthropic publishes any aggregate data on the vulnerabilities Mythos has surfaced, and whether the open source projects in the consortium see the patches land in public. The second is whether any of the twelve launch partners disclose, through their own coordinated disclosure programs, the classes of issues Mythos has found. The third is whether the consortium model holds. A restricted consortium is a political object as much as a technical one. If Google, Microsoft, and Apple all have access and a mid sized cloud provider or a well regarded open source maintainer does not, there will be pressure to widen the tent.

For now, Mythos Preview is one of the strongest frontier models for security work that cannot be tried by the public, and Project Glasswing is the first serious attempt by a frontier lab to turn that restriction into a structured advantage for defenders. Whether the attempt succeeds is a question for the second half of 2026. Whether it is remembered as the moment the access economy for frontier AI shifted is a question for longer than that.