Anthropic’s New AI Finds Thousands of Vulnerabilities, Launches Project Glasswing

Anthropic, the San Francisco–based AI company, says an unreleased frontier model has unearthed thousands of previously unknown software vulnerabilities across major operating systems, web browsers and open‑source projects. The company unveiled Project Glasswing on April 7, a controlled program that gives select partners access to the model — called Claude Mythos Preview — for defensive security work.

What Anthropic says Mythos can do

Anthropic describes Claude Mythos Preview as a frontier‑scale successor to its Claude Opus 4.6 model, tuned for software analysis, reasoning and so‑called "cyber" tasks. In internal testing, the company says the model rediscovered a 27‑year‑old bug in OpenBSD, flagged a 16‑year‑old vulnerability in the multimedia library FFmpeg and identified chains of Linux kernel bugs that could be stitched into more complex exploits.

The company released benchmark tables it says demonstrate substantial improvements in coding and security evaluations compared with Opus 4.6, though those results have not yet been independently replicated.

Project Glasswing and partner program

Rather than a public release, Anthropic is placing Mythos behind tight access controls. Project Glasswing invites a group of major technology, financial and open‑source organizations to run Mythos against critical codebases and infrastructure under restrictions limiting use to defensive purposes.

Anthropic named 12 launch partners: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks and Anthropic itself. The company also says access has been extended to "over 40 additional organizations" that maintain critical software infrastructure, though it has not published that full list.

Anthropic has pledged up to $100 million in model‑usage credits to support the program and published preliminary pricing that would charge $25 per million input tokens and $125 per million output tokens in the future. It also announced $4 million in direct funding for open‑source security maintenance: $2.5 million to the Alpha‑Omega project under the Open Source Security Foundation and $1.5 million to the Apache Software Foundation.

Claims, disclosure and verification

In its announcement and a linked system card, Anthropic said Mythos Preview "has already found thousands of high‑severity vulnerabilities, including some in every major operating system and web browser." The company characterized many of these as zero‑days — previously unknown flaws that had no patches at the time of discovery — and said a sizable portion are rated critical.

Anthropic says it has been working with software maintainers to report and patch the flaws and is posting a subset of technical write‑ups on its Frontier Red Team blog. For many issues, the company has published cryptographic hashes as placeholders and promised to release full technical details only after fixes are available. Anthropic plans to publish a public report within 90 days summarizing the initial Glasswing period and the vulnerabilities that can be disclosed.

For now, the scale of Mythos’s findings is primarily an assertion by Anthropic. The raw counts and severity breakdown it cites have not yet been matched against public vulnerability databases such as MITRE’s CVE list or the National Vulnerability Database. Security teams, vendors and regulators will likely monitor for new CVE entries, vendor advisories and government alerts in the coming weeks to determine how many of the claimed discoveries become publicly documented vulnerabilities.

Responses from partners and the security community

Several partners provided statements, many emphasizing AI’s role in defense. Amy Herzog, vice president and chief information security officer at Amazon Web Services, said AWS has been testing Mythos in security operations and that the tool is helping to strengthen critical code. CrowdStrike — a major cybersecurity vendor — framed Mythos as a defensive response to offensive AI, warning that "the window between a vulnerability being discovered and being exploited by an adversary has collapsed."

At the same time, security researchers and regulators are expected to scrutinize Anthropic’s claims and the company’s safeguards closely. The company noted it has been in "ongoing discussions with US government officials" about Mythos and the controls around it.

Dual‑use risks and governance challenges

The capabilities Anthropic describes are dual‑use: the same model that can autonomously read complex codebases and generate exploit chains for defenders could, if replicated or leaked, lower the bar for attackers to develop sophisticated exploits.

Anthropic says limiting access and channeling discoveries through coordinated disclosure is the responsible approach. But the volume Anthropic claims — "thousands" of new flaws across major software projects — could stress existing vulnerability‑tracking and remediation systems. CVE numbering authorities, vendor security teams and open‑source maintainers may face an unusually large batch of reports to triage, verify and patch.

The company's credibility has already been tested by recent incidents. A March report by Fortune said a misconfigured content management system briefly exposed internal assets, including early materials about Mythos, and the U.S. Department of Defense designated Anthropic a "supply‑chain risk" earlier this year — a label Anthropic is challenging in court. A federal judge granted a preliminary injunction in late March blocking that designation while the lawsuit proceeds.

What to watch next

Project Glasswing’s impact will depend on how many of Anthropic’s claimed discoveries are validated, how quickly patches are issued, and whether the vulnerability ecosystem can keep pace. Key indicators in the coming weeks will include:

• New CVE entries and vendor advisories tied to Mythos discoveries.
• Public technical write‑ups released after coordinated disclosures.
• Independent replications of Anthropic’s benchmark claims and the specific vulnerabilities.

If the model’s findings are confirmed at scale, Mythos could become a powerful tool for defenders — but it will also sharpen debates over access, oversight and the governance of advanced AI systems with clear cybersecurity implications.

Anthropic’s Project Glasswing represents an early effort to channel frontier AI into defensive security work while limiting public exposure. The broader question for practitioners and policymakers is whether existing disclosure norms and infrastructure are fit to absorb vulnerability reports generated at machine scale.