An AI model just found a security vulnerability that had been hiding for 27 years. One that security experts reviewed for decades, that automated tools tested 5 million times and still missed. And the company that built it decided not to release it.
What Is This?
On April 7, 2026, Anthropic announced Project Glasswing. The story is simple — Anthropic's latest frontier model Claude Mythos Preview has surpassed the best humans at finding and exploiting software vulnerabilities, and they decided not to release it publicly.
Mythos achieved this without any specialized cybersecurity training — purely through improved coding and reasoning abilities. It scored 93.9% on SWE-bench Verified (vs. Opus 4.6's 80.8%) and 77.8% on SWE-bench Pro (vs. 53.4%). As Theo put it — "Mythos is to Opus what Opus is to Sonnet."
The specific results are what's truly alarming. On Firefox exploit generation, where Opus 4.6 managed 2 working exploits out of hundreds of attempts, Mythos hit 181. Here's what it found:
- 27-year-old OpenBSD bug
Found a remote crash vulnerability in one of the world's most security-hardened operating systems. Just connecting to the machine was enough to take it down. - 16-year-old FFmpeg vulnerability
Caught a flaw in the near-ubiquitous video encoder that automated testing tools had exercised 5 million times without flagging. - Linux kernel privilege escalation chain
Autonomously found and chained multiple vulnerabilities to escalate from regular user access to complete machine control.
All of this happened fully autonomously, without any human steering. Mythos read the code, found the vulnerabilities, and developed the exploits on its own.
Why Does This Matter?
The key here is an unprecedented decision: an AI company admitting its own model is too dangerous to release. Newton Cheng, Anthropic's Frontier Red Team Cyber Lead, told VentureBeat:
"Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout — for economies, public safety, and national security — could be severe."
— Newton Cheng, Anthropic Frontier Red Team
| Traditional AI Security Tools | Claude Mythos | |
|---|---|---|
| Approach | Pattern matching (known vuln DBs) | Reasoning-based (understands code context) |
| Autonomy | Follows human-set rules | Fully autonomous exploration + exploit dev |
| Complex attacks | Detects individual vulnerabilities | Auto-chains multiple vulns together |
| Discovery scope | Within known patterns | Includes decades-old undiscovered zero-days |
| Availability | Anyone can use | Restricted to partners only |
Platformer's Casey Newton nailed the tension — this whole initiative "is built on a deeply uncomfortable premise: that the only way to protect us from dangerous AI models is to build them first."
Alex Stamos, CPO at Corridor and former Facebook/Yahoo security chief, gave a blunt warning:
"We only have something like six months before the open-weight models catch up to the foundation models in bug finding. At which point every ransomware actor will be able to find and weaponize bugs without leaving traces for law enforcement to find."
— Alex Stamos, former Facebook security chief
Defenders have months, not years — that's the industry consensus.
Project Glasswing — Arming the Defenders First
Anthropic's response is Project Glasswing. Here's the structure:
- Coalition of 12 big tech companies
AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Competitors Google and Microsoft on the same team tells you how serious this is. - 40+ additional organizations
Organizations that build or maintain critical software infrastructure get Mythos Preview access to scan and secure both proprietary and open-source systems. - $100M in usage credits + $4M donations
Anthropic covers the model usage costs for defensive research, plus direct donations to the Linux Foundation and Apache Software Foundation. - Responsible disclosure pipeline
Vulnerabilities aren't dumped on maintainers. Professional triagers manually validate every report, coordinating at a pace maintainers can handle. 45-day buffer after patches before publishing technical details.
The irony
While Anthropic positions itself as the safe custodian of this unprecedented cyber capability, in March they accidentally leaked 3,000 internal documents through a CMS misconfiguration, and Claude Code's 512,000-line source code was publicly accessible via npm for about 3 hours. Neither was a core system breach, but for a company asking governments to trust it with infrastructure-level security tools, the optics weren't great.
Business Context — Why Now?
On the same day as the Glasswing launch, Anthropic disclosed $30B annualized revenue (3x year-over-year), a 3.5GW compute deal with Google-Broadcom, and the hiring of former Microsoft exec Eric Boyd. Reports suggest an IPO as early as October 2026.
Korean tech outlet THE ELEC analyzed the timing: "beneath the defensive initiative surface lies a complex intent — IPO narrative building, leverage in the Pentagon dispute, and securing partner endorsements."
What's telling is that companies with their own AI security tech — CrowdStrike, Palo Alto Networks — joined the coalition. The interpretation? "They're effectively admitting their own security AI can't defend against Mythos-level attacks."
Key Takeaways: Why This Matters to You
- If you build software
Within 6 months, open-weight models will have similar vulnerability-finding capabilities. Time to overhaul your security pipeline. There's no reason to delay adopting AI security tools. - If you're a business decision-maker
"Defending AI-created threats with AI" is the new paradigm. Review your security budget and strategy from this perspective. - If you follow the AI industry
This is the first time an AI company has admitted its own model is too dangerous to release. Not marketing — a new benchmark in AI safety discourse that will directly influence regulation.
The defender's timeline
Anthropic committed to publicly reporting Project Glasswing learnings within 90 days. That's your "defender head start" window. If you're a security practitioner, consider applying to Anthropic's Claude for Open Source program.
