On April 7, 2026, Anthropic did something unusual: it announced a new frontier model without releasing it. Claude Mythos Preview exists, it works, and it’s already found thousands of critical vulnerabilities. But you won’t be able to use it. And that decision tells you everything you need to know about the current state of security in the AI era.
A model that leaked before it officially existed
The story of Mythos had chapters before yesterday’s announcement. In March, Anthropic accidentally revealed information about the model in a public database. Weeks later, a leaked blog draft described the model as “currently ahead of any other AI model in cybersecurity capabilities” — and warned that “it heralds an incoming wave of models that can exploit vulnerabilities at a pace that outstrips defenders’ efforts.”
It wasn’t marketing hyperbole. It was an internal warning that escaped.
What is Project Glasswing
Project Glasswing is Anthropic’s answer to the dilemma that model creates: if Mythos Preview can find and exploit vulnerabilities better than almost any human, what do you do with it?
The coalition includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks — 12 primary partners, plus more than 40 additional organizations that build or maintain critical software infrastructure.
Anthropic committed up to $100M in usage credits for Mythos Preview in these efforts, plus $4M in direct donations to open source security organizations.
The name says it all: the glasswing butterfly has transparent wings. Software vulnerabilities are, for the most part, relatively invisible — they’re there, but no one sees them. Until someone does.
What the model has already found
In recent weeks, Anthropic used Claude Mythos Preview to identify thousands of zero-day vulnerabilities — that is, previously unknown flaws to the software developers — many of them critical, across all major operating systems and all major web browsers.
Three concrete examples that Anthropic was able to disclose because they’ve already been patched:
OpenBSD: Mythos found a 27-year-old vulnerability in OpenBSD — one of the operating systems most recognized for its security, used in firewalls and critical infrastructure. The flaw allowed an attacker to remotely crash any machine running it with just a connection.
FFmpeg: It discovered a 16-year-old vulnerability in FFmpeg — the library that countless applications use to encode and decode video — in a line of code that automated testing tools had executed five million times without detecting the issue.
Linux kernel: The model found and autonomously chained together several vulnerabilities in the Linux kernel — the software that runs most of the world’s servers — to allow an attacker to escalate from ordinary user access to complete machine control.
A fourth case, documented in Anthropic’s technical blog: Mythos identified completely autonomously — without human intervention after the initial request — a 17-year-old remote code execution vulnerability in FreeBSD that allows anyone to gain root access on a machine running NFS. That bug was cataloged as CVE-2026-4747.
The most striking part of these findings isn’t the quantity — it’s the age. Bugs that survived decades of human review and millions of automated tests. The model isn’t just faster than a human searching for vulnerabilities. In some cases, it’s finding things that humans structurally couldn’t find.
The benchmark that confirms it
In CyberGym — the cybersecurity vulnerability reproduction benchmark — Mythos Preview achieved 83.1%, versus 66.6% for Claude Opus 4.6. A gap of nearly 17 points between the previous and new model. For reference: Opus 4.6 was already considered one of the most capable models for security tasks.
Mythos Preview improved so much that it practically saturates existing benchmarks. That’s why Anthropic shifted its focus toward novel and real security tasks — zero-day vulnerabilities make it possible to distinguish genuine capability from mere memorization of known solutions.
The dilemma with no easy solution
Anthropic is not releasing Mythos Preview to the general public. But it also can’t make that capability disappear.
The company has already privately warned high-ranking government officials that Mythos makes large-scale cyberattacks significantly more likely this year. Those conversations included CISA and the Center for AI Standards and Innovation.
Anthropic’s stance is direct: “Given the pace of AI progress, it won’t be long before these capabilities proliferate, potentially beyond actors committed to deploying them safely. The impact — on economies, public safety, and national security — could be severe.”
In other words: someone is going to have this level of capability. The question is whether defenders get there first.
Project Glasswing is the bet that they can.
Why this matters for developers
If you write code that runs on Linux, on any browser, or that uses FFmpeg to process video — and that includes practically the entire software industry — the vulnerabilities that Mythos found lived in your stack. They’ve already been patched. But the question that remains is: how many more are there, and who will find them first?
Jim Zemlin, CEO of the Linux Foundation, pointed out the fundamental asymmetry that has plagued open source security for decades: “Security expertise has been a luxury reserved for organizations with large security teams. Open source maintainers — whose software underpins much of the world’s critical infrastructure — have historically had to figure out security on their own.”
Project Glasswing, with $4M in direct donations to projects like Apache and OpenSSF, is an attempt to change that equation. For the Latin American development ecosystem — which largely builds on layers of open source maintained by volunteers — this isn’t abstract news.
The board changed
The most important thing about Project Glasswing isn’t the model. It’s what its existence implies: that the offensive/defensive cybersecurity arms race just took a speed jump that current patching, auditing, and response processes weren’t designed to absorb.
A model that finds 27-year-old bugs in operating systems autonomously isn’t an incremental improvement. It’s a regime change.
The rules of the game changed yesterday. The code you wrote last week was written in the old world.