Anthropic launches Project Glasswing and Claude Mythos, an AI built to find vulnerabilities humans missed for decades

On 7 April 2026, Anthropic unveiled Project Glasswing, a coordinated cybersecurity initiative built around a new frontier model called Claude Mythos. The model is trained, with reinforcement-learning-driven post-training, to autonomously identify zero-day vulnerabilities in widely-deployed software (operating systems, web browsers, open-source libraries) and to develop functioning exploits to demonstrate their severity. The capability is, in Anthropic's own framing, dual-use: the same model that finds vulnerabilities for defenders can find them for attackers, and the company has organised the deployment to put it firmly in the hands of the former.

The launch consortium is unusually broad. Project Glasswing's announced founding partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia and Palo Alto Networks. Anthropic has committed one hundred million US dollars in Mythos Preview model-usage credits to the consortium, plus four million in donations to open-source security organisations. As The Verge and Wired reported in coverage that morning, the consortium is the most concrete vendor-coordination effort the AI-cybersecurity overlap has produced to date.

What Mythos actually found

The launch post and the accompanying technical brief detailed a striking pattern of findings. Mythos identified a twenty-seven-year-old vulnerability in OpenBSD, a sixteen-year-old flaw in FFmpeg that automated security tools had hit roughly five million times without catching, and a chained set of Linux kernel vulnerabilities that, when combined, produced a privilege-escalation path. As Bruce Schneier observed in a same-day blog post, the FFmpeg finding in particular was the one that should change how the field thinks about automated review: the bug had been in widely-deployed code for sixteen years, in front of every major security tool, and was caught by an AI doing the kind of patient cross-codebase reasoning that human researchers do but at a scale they cannot.

The dual-use question, made operational

The question every previous AI-cybersecurity announcement had glossed over is the simple one: if the same model can find a defender-relevant zero-day and an attacker-relevant zero-day, what governs which use happens first? Anthropic's answer in this launch is to put the model behind a coordinated industry consortium with vetted access. The technical-access policy described in the launch documentation requires partners to use Mythos only for defensive purposes, with disclosure to affected vendors before any exploit is published. As the Atlantic Council's cybersecurity programme noted in commentary the same week, this is the first time a frontier-AI lab has packaged its access-control regime as part of the product launch rather than as a footnote.

Sixteen years of human and automated review missed it. The model found it on a Tuesday afternoon.

The wider implications are still being worked out. The most-discussed concern in the days after the launch was not the Mythos model itself but its hypothetical analogues from less-coordinated sources. If a frontier-class model trained for vulnerability discovery exists at Anthropic, it almost certainly exists at every other frontier lab and at several capable nation-state actors. The Project Glasswing framing is, in this view, less an announcement of new capability and more an admission that the capability has arrived and now needs to be governed. The consortium is the proposed governance vehicle. Whether it scales beyond the eleven launch partners is the open question.