Anthropic's Mythos Transforms 72% of Vulnerabilities into Working Exploits: Project Glasswing is the Bet for Cybersecurity
Anthropic officially introduced Claude Mythos Preview, a frontier model never before released to the public (though some information emerged days ago in connection with the leak of Claude Code source), which has found thousands of zero-day vulnerabilities across all major operating systems and browsers currently in circulation. The company also announced Project Glasswing, an initiative bringing together twelve of the biggest players in the technology and security industry to use the model exclusively for defensive purposes.
A Zero-Day Machine
What distinguishes Mythos Preview from any other available model is not its ability to find bugs, but its capacity to turn a vulnerability into a working exploit.
Where Claude Opus 4.6 manages to construct attack code in less than 1% of cases, Mythos Preview achieves an impressive 72.4%, according to measurements conducted by Anthropic on Firefox's JavaScript shell. This represents a fundamental paradigm shift: we are no longer facing a vulnerability scanning tool but something akin to an automated exploit engine.
The Register reports a particularly telling detail: untrained Anthropic engineers set up an overnight session asking the model to look for remote code execution vulnerabilities, and woke up the next morning with a complete and functioning exploit. Not a partial proof-of-concept: a ready-to-use exploit.
The documented cases from Anthropic on its Frontier Red Team blog provide a clear picture of the situation. The model discovered a 27-year-old vulnerability in OpenBSD that allowed an attacker to remotely crash any machine running the operating system simply by connecting to it. OpenBSD is chosen for firewalls and critical infrastructures precisely because it is considered one of the most robust systems. In FFmpeg, used for video encoding by countless software, it identified a bug hidden for 16 years in a single line of code that automated testing tools had analyzed five million times without ever detecting the issue. On the Linux kernel, Mythos independently chained multiple vulnerabilities to achieve privilege escalation from a regular user to complete control of the machine.
The complexity of the exploits goes beyond classic stack overflows. In one documented case, the model wrote a browser exploit that chained four separate vulnerabilities, constructing a sophisticated JIT heap spray capable of escaping both the renderer sandbox and the operating system's sandbox. On FreeBSD, it produced an RCE exploit against the NFS server that grants root access to unauthenticated users, distributing a ROP chain of 20 gadgets across multiple network packets.
Benchmarks Leaving No Room for Interpretation
In terms of formal assessments, Mythos Preview leaves Opus 4.6 (the most capable of Anthropic's publicly available models so far) at a considerable distance. On CyberGym, the specialized benchmark for reproducing vulnerabilities, it scores 83.1% against Opus 4.6's 66.6%. On SWE-bench Verified, the standard test for solving real problems on GitHub repositories, it reaches 93.9% compared to the predecessor's 80.8%. On SWE-bench Pro, the most difficult version with low-probability problems, the gap widens further: 77.8% versus 53.4%.
On Terminal-Bench 2.0, which measures the ability to operate independently in the terminal, Mythos achieves 82.0% against Opus 4.6's 65.4% and reaches 92.1% with extended timeouts and the Terminal-Bench 2.1 updates. On GPQA Diamond, the advanced scientific reasoning benchmark, it scores 94.6% against 91.3%. On Humanity's Last Exam, the test specifically designed to withstand saturation from standard benchmarks, Mythos reaches 56.8% without tools and 64.7% with tools, compared to 40.0% and 53.1% for Opus 4.6. On BrowseComp, it achieves higher results than Opus 4.6 while consuming 4.9 times fewer tokens.
Project Glasswing: The Industry's Response
Anthropic has not released the model and does not intend to. Instead, it has convened a consortium of twelve organizations, named Project Glasswing, which includes AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The stated goal is to use Mythos Preview to scan and fix vulnerabilities in their core systems before other models with similar capabilities become more widely available.
Introducing Project Glasswing: an urgent initiative to help secure the world's most critical software. It's powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans.
— Anthropic (@AnthropicAI) April 7, 2026
Access is also extended to over 40 additional organizations that develop or maintain critical software infrastructures, including maintainers of open-source software. Anthropic commits up to $100 million in usage credits to support the activity during the research preview. Subsequently, the model will be available to participants at $25 for one million input tokens and $125 for one million output tokens.
In terms of direct donations, $2.5 million goes to Alpha-Omega and OpenSSF through the Linux Foundation, and another $1.5 million to the Apache Software Foundation.
The partners have already been working with Mythos Preview for weeks. Microsoft tested the model against CTI-REALM, its open-source benchmark for security, finding substantial improvements over previous models. AWS claims to have applied it to critical codebases with already tangible results in strengthening the code. CrowdStrike points to the collapse of the time between discovering a vulnerability and its exploitation by an attacker: what once took months, with AI now takes minutes.
The Dual Nature of Risk
The project carries a concern that none of the participants ignores. The same capabilities that make Mythos Preview (here the system card) an exceptional defensive tool could be devastating in hostile hands. Anthropic explicitly recognizes that the cost, effort, and skill level needed to find and exploit software vulnerabilities have drastically decreased in the past year, and that Mythos represents a further acceleration of this trajectory. The current cost of damage from global cybercrime is estimated at around $500 billion annually: with models of this class available without guardrails, that figure could grow significantly.
Anthropic's response is to anticipate the inevitable spread of offensive capabilities by placing defensive capabilities in the hands of those managing critical global infrastructure. The logic is that of responsible disclosure applied not to individual vulnerabilities but to an entire class of AI capabilities: making defenders stronger before attackers reach the same technological level. Within 90 days, Anthropic will publish a detailed report on the vulnerabilities fixed and lessons learned, as well as a set of practical recommendations on how security practices should evolve in the age of AI.
On the regulatory front, Anthropic is in dialogue with U.S. government officials about the offensive and defensive capabilities of the model. The company hopes for the establishment of an independent third-party body, with public and private participation, to coordinate large-scale security projects in the long term. For security professionals whose legitimate activities might be limited by guardrails under development, there is a future Cyber Verification Program planned.
The name chosen for the project alludes to the butterfly Greta oto, whose transparent wings allow it to hide in plain sight, just like the vulnerabilities Mythos has uncovered after decades of human reviews and failed automated tests.