AI startup Anthropic on Tuesday launched Project Glasswing, a coalition with 12 technology and finance giants, to deploy its unreleased Claude Mythos Preview model to find and patch critical software vulnerabilities. The initiative brings together competitors like Google and Microsoft with cybersecurity incumbents CrowdStrike and Palo Alto Networks to get ahead of AI-powered threats.
"Given the rate of AI progress, it will not be long before such capabilities proliferate... The fallout — for economies, public safety, and national security — could be severe," Newton Cheng, Frontier Red Team Cyber Lead at Anthropic, said in an interview.
The model has already identified thousands of flaws, including a 27-year-old vulnerability in the security-hardened OpenBSD operating system and a 16-year-old bug in the FFmpeg video library, according to a company release. On the CyberGym evaluation benchmark, Mythos Preview scored 83.1 percent, far surpassing the 66.6 percent from Anthropic's next-best model, Claude Opus 4.6.
The project aims to give defenders a head start as Anthropic’s annualized revenue tops $30 billion amid reports of a potential October 2026 IPO. For partners like Palo Alto Networks and CrowdStrike, the initiative represents a critical test of AI's defensive capabilities against the AI-driven attacks reshaping the cybersecurity sector, which saw shares of both firms dip last month on news of the model's power.
Anthropic says it will not make Claude Mythos Preview generally available due to its advanced cybersecurity capabilities. The company’s internal tests show the model can autonomously find and chain together several vulnerabilities in the Linux kernel to escalate from ordinary user access to complete control of a machine. Its performance on coding benchmarks highlights the capability gap, scoring 93.9 percent on SWE-bench Verified, compared to 80.8 percent for Opus 4.6.
The company is committing up to $100 million in usage credits for partners and donating $4 million to open-source security organizations, including the Linux Foundation and Apache Software Foundation, to manage the disclosure process. "In the past, security expertise has been a luxury," Jim Zemlin, CEO of the Linux Foundation, said. "Project Glasswing offers a credible path to changing that equation."
The announcement follows several embarrassing security incidents for Anthropic, including a March CMS misconfiguration that exposed internal documents and a packaging error that briefly leaked the source code for its Claude Code tool. While the company stated these were human errors in publishing tools and not breaches of its core security architecture, the incidents raise questions of trust as it asks partners to rely on its most powerful model.
Anthropic argues the project is a necessary gamble. The company believes the capabilities of models like Mythos Preview will become widespread within months, not years, and that the only responsible move is to arm defenders first. It is a wager that providing restricted access to partners now can build a stronger defense before similar offensive tools land in less careful hands.
This article is for informational purposes only and does not constitute investment advice.
