Anthropic has the most capable AI model it has ever built. It can uncover thousands of security vulnerabilities across major operating systems and browsers — some issues have existed for ten to twenty years.
Then it decided: this product won’t be sold.
Project Glasswing: A Quiet but Massive Operation
The model is called Claude Mythos Preview, and Anthropic’s secret project to contain it is called Project Glasswing.
The approach is not open-sourcing, not public release, and not enterprise sales. Anthropic went directly to “those actually maintaining the cyber infrastructure of the internet” — eleven partner organizations including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks, plus an additional forty-plus organizations maintaining critical software infrastructure — granting all of them access.
Anthropic committed up to $100M in API credits to the project, and donated $4M directly to open-source security organizations: $2.5M through the Linux Foundation to Alpha-Omega and OpenSSF, and $1.5M to the Apache Software Foundation.
This Model Wasn’t Built for Security
The most interesting part: Mythos Preview was never trained for security work. Anthropic admits these capabilities “emerged naturally” as the model improved in coding, reasoning, and autonomy.
In other words, making the model better at fixing bugs also made it better at finding them.
The results are alarming. It found a 27-year-old bug in OpenBSD — a bug in an operating system renowned for its security posture. In another case, the model autonomously identified and exploited a 17-year-old remote code execution vulnerability (CVE-2026-4747) in FreeBSD, allowing any unauthenticated user to gain full control of NFS servers from anywhere on the network. The entire discovery and exploitation process, apart from the initial prompt, involved zero human participation.
Anthropic research scientist Nicholas Carlini put it this way:
“This model can chain together three, four, or even five weaknesses to ultimately achieve something very complex. The number of bugs I’ve found in the past few weeks exceeds everything I’ve found in my entire career.”
Why Not Release It?
Newton Cheng, Anthropic’s front-line red team security lead, gave the reason:
“We are not planning to broadly release Claude Mythos Preview because its cybersecurity capabilities are simply too powerful. At the current pace of AI advancement, these capabilities will spread soon — and not all holders will choose to use them responsibly. When things go wrong, the impact on economic, public, and national security could be substantial.”
This isn’t theoretical worry. Anthropic previously disclosed what it believes is the first documented case of AI executing a large-scale cyberattack — a Chinese state-sponsored hacker group used AI agents to autonomously infiltrate approximately 30 global targets, with most tactical operations completed by AI independently.
Anthropic has also privately briefed senior U.S. officials on Mythos Preview’s full capabilities. The intelligence community is actively assessing how the model could reshape offensive and defensive hacking operations.
The Open Source Dilemma
Linux Foundation CEO Jim Zemlin was direct:
“In the past, security expertise was a luxury only organizations with large security teams could afford. Open source maintainers whose software runs most of the world’s critical infrastructure have had to find their own solutions to security problems.”
This is precisely why Anthropic is directing money to open-source organizations. The people maintaining the world’s critical code finally have access to AI-powered security scanning at a scale that was previously impossible.
What’s Next
Anthropic says the ultimate goal is to deploy Mythos-class models at scale — but that requires new safety mechanisms first. The plan is to roll out new safety measures on the next version of Claude Opus, using a lower-risk model to refine the process.
The competitive landscape is shifting too. OpenAI’s February release of GPT-5.3-Codex was the company’s first model classified as “high security capability” under its Preparedness Framework. With Glasswing, Anthropic is signaling clearly: top labs are setting “controlled deployment” as the new standard for this capability tier.
Whether that standard holds as capabilities continue to spread is a question no one can answer yet.
Further Reading:
- AI News original: Anthropic keeps new AI model private after it finds thousands of external vulnerabilities
- TechCrunch: Is Anthropic limiting the release of Mythos to protect the internet — or Anthropic?
- Sierra Ghostwriter coverage: Sierra’s Bret Taylor says the era of clicking buttons is over
