Project Glasswing brings together Apple, Amazon, Google, Microsoft and more under a single urgent mission: use AI to fix software vulnerabilities before bad actors use AI to exploit them.

A model too powerful to release — and too important to sit unused

Anthropic has a new AI model it won’t let anyone use. Not because it isn’t ready — but because it’s worried about what would happen if the wrong people got hold of it. Claude Mythos Preview, revealed in a leaked internal document last month and described internally as the most powerful model the company has ever built, has already demonstrated the ability to find and chain together software vulnerabilities in ways that its own researchers say could reshape cybersecurity as we know it.

Rather than lock it away entirely, Anthropic announced Tuesday that it’s putting Mythos to work on defense — sharing limited access with a coalition of major technology companies as part of a new initiative called Project Glasswing. The partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks, alongside roughly 40 additional organizations that maintain critical software infrastructure.

What Mythos can actually do — and why that’s alarming

In the weeks before Tuesday’s announcement, Anthropic had been quietly testing Mythos on real software. The results were striking. The model identified thousands of previously unknown zero-day vulnerabilities — many of them critical — across every major operating system and every major web browser currently in use. Some of those flaws had survived decades of human code review and millions of automated security scans without ever being detected.

More than just finding individual bugs, Mythos can chain vulnerabilities together in sophisticated sequences. In one documented case, it wrote a web browser exploit that linked four separate flaws — including a complex memory attack — to escape both the browser’s renderer and the operating system’s own security sandbox. In another, it identified a flaw in the Linux kernel that, when exploited, could hand an attacker complete control of the affected machine.

On the SWE-bench Verified coding benchmark, Mythos solved 93.9% of problems — compared to 80.8% for Claude Opus 4.6, Anthropic’s current top public model. On the harder SWE-bench Pro evaluation, Mythos scored 77.8% against Opus 4.6’s 53.4%. These aren’t incremental improvements. They represent a meaningful jump in capability — which is precisely what makes the company nervous about releasing it openly.

Why open-source software is especially at risk

A central focus of Project Glasswing is open-source software — the foundation on which most of the world’s digital infrastructure is built. Banking systems, hospital records, power grid controls, logistics networks: all of it runs, at least in part, on open-source code maintained by small teams or individual developers who rarely have access to sophisticated security tools.

That disparity has long been a quiet vulnerability at the heart of the internet. Project Glasswing is, in part, an attempt to close it. All participating organizations are required to share what they learn with the broader industry, which means the defensive benefits of Mythos won’t be locked behind the walls of the companies that can afford to partner with Anthropic.

The uncomfortable contradiction at Anthropic’s core

Anthropic has spent years cultivating a reputation as the AI company that takes safety seriously — the one willing to accept commercial limitations in exchange for ethical consistency. Earlier this year, the company refused to remove safety guardrails on its services for use by the Pentagon, declining to allow its models to be used for autonomous weapons targeting or surveillance of American citizens. The Department of Defense responded by labeling Anthropic a “supply chain risk,” triggering a legal dispute that remains unresolved.

That principled stance makes Project Glasswing more significant, not less. The company isn’t releasing Mythos for profit, or competitive positioning, or because a defense contract required it. It’s releasing a controlled preview because it believes the alternative — waiting while the same capabilities develop elsewhere and proliferate beyond responsible actors — is worse.

The name itself carries meaning. Glasswing is named after the Greta oto butterfly, whose wings are nearly transparent — a metaphor for software vulnerabilities: present everywhere, mostly invisible, and far more fragile than they appear.

A race against time

Anthropic has privately warned senior U.S. government officials — including the Cybersecurity and Infrastructure Security Agency and the Center for AI Standards and Innovation — that Mythos makes large-scale AI-powered cyberattacks significantly more likely this year. The company believes it is only a matter of months before comparable capabilities emerge elsewhere, potentially in the hands of actors with far less interest in safety.

The goal, eventually, is to deploy Mythos-class models at scale for everyone — but only after new safeguards capable of blocking its most dangerous outputs have been developed and tested. Anthropic says it plans to trial those safeguards first with an upcoming Claude Opus model, which poses lower risk, before applying them to Mythos.

Whether Project Glasswing can deliver on that ambition remains to be seen. The vulnerabilities are real. The urgency is real. And the gap between what AI can now do to software — and what the world’s defenders are currently equipped to handle — is closing faster than most people realize.