The world’s top tech companies are using a yet-unreleased Anthropic model — named Mythos Preview — to find security vulnerabilities in their software.
Anthropic on Tuesday announced Project Glasswing, a cybersecurity initiative that brings together AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The model at its center, Claude Mythos Preview, has already identified thousands of zero-day vulnerabilities across every major operating system and web browser — many of them decades old — and does so largely autonomously. The company is also extending access to over 40 additional organizations that build or maintain critical software infrastructure, and is committing up to $100M in usage credits for the effort, plus $4M in direct donations to open-source security organizations.
Anthropic is emphatic that this is a defensive play, not an offensive one. But the subtext is clear: Mythos is too dangerous to release publicly. Logan Graham, who leads Anthropic’s frontier red team, told Axios the model can find “tens of thousands of vulnerabilities” that even skilled human bug hunters would struggle to catch — and, unlike past models, can write working exploits to go with them. Opus 4.6, Anthropic’s current public flagship, found roughly 500 zero-days in open-source software. Mythos Preview operates at a categorically different level.
Three examples from Anthropic’s own testing illustrate the point. Mythos found a 27-year-old vulnerability in OpenBSD — one of the most security-hardened operating systems in the world — that allowed a remote attacker to crash any machine simply by connecting to it. It discovered a 16-year-old flaw in FFmpeg buried in a line of code that automated testing tools had hit five million times without flagging it. And it autonomously chained together several Linux kernel vulnerabilities to escalate from ordinary user access to complete control of the machine.
Benchmark Numbers That Command Attention
Mythos Preview scores 77.8% on SWE-bench Pro, a rigorous benchmark of real-world software engineering tasks. Its closest public comparison, Claude Opus 4.6, scores 53.4% — a gap of 24 percentage points. Before today, GPT-5.3-Codex led SWE-bench Pro at around 56.8%. Mythos clears that by more than 21 points.
The timing of this announcement is notable for another reason. Just yesterday, China’s Z.ai (formerly Zhipu AI) released GLM-5.1, which it claims ranks #1 globally on SWE-bench Pro — and which it trained entirely on Huawei Ascend chips, without a single Nvidia GPU. GLM-5.1 is open-weight and priced aggressively. If Mythos Preview is the ceiling that defenders need, GLM-5.1 is a signal of how quickly that same ceiling can be approached — and potentially weaponized — by actors with very different intentions.
Anthropic has not been shy about this risk. The company previously documented the first AI-orchestrated cyber espionage attack, which it attributed with high confidence to a Chinese state-sponsored group that used Claude Code to infiltrate around 30 organizations, including tech firms, financial institutions, and government agencies. That attack predated Mythos. The question Project Glasswing is trying to answer is whether defenders can use the new generation of models faster than adversaries can.
The Cybersecurity Benchmark
On CyberGym, the dedicated cybersecurity vulnerability reproduction benchmark, Mythos Preview scores 83.1% against Opus 4.6’s 66.6%. This is not a general coding benchmark — it measures whether a model can actually reproduce and exploit security vulnerabilities from descriptions. An 83% score means Mythos is succeeding at tasks that were, until recently, the exclusive domain of elite human security researchers.
Microsoft’s Igor Tsyganskiy noted that when tested against CTI-REALM, Microsoft’s open-source security benchmark, Mythos showed “substantial improvements” over prior models. CrowdStrike’s CTO flagged something more alarming: the window between a vulnerability being discovered and being exploited by an adversary, once measured in months, has collapsed to minutes with AI. Palo Alto Networks’ Lee Klarich was direct: “Everyone needs to prepare for AI-assisted attackers.”
The Economics
Partners in Project Glasswing get Mythos Preview access funded by Anthropic’s $100M credit commitment during the research preview phase. After that, the model will be available at $25 per million input tokens and $125 per million output tokens — significantly more expensive than Claude Opus 4.6 — through the Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry.
Anthropic has separately donated $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5M to the Apache Software Foundation, specifically to help open-source maintainers — whose software underpins most of the world’s critical infrastructure — defend against what’s coming.
What Comes Next
Anthropic says it has no plans to make Mythos Preview generally available, instead treating it as a proving ground for the safety safeguards needed before a Mythos-class model can be deployed at scale. The plan is to launch new safeguards with an upcoming Claude Opus model first, where the risk profile is lower, then extend them to Mythos-tier capabilities. Within 90 days, Anthropic will publish what it has learned from the initiative, including which vulnerabilities were fixed.
The company is also in discussions with US government agencies about the model’s offensive and defensive potential — a conversation that is complicated by an ongoing legal dispute between Anthropic and the Pentagon, which Defense Secretary Pete Hegseth labeled a “supply chain risk” after the Trump administration directed federal agencies to phase out Claude. Anthropic has filed two lawsuits challenging that designation.
The broader framing is that AI models will inevitably get better at this, and the question is who benefits first. Project Glasswing is Anthropic’s answer: get the defenders in the room before the attackers find the door.