Anthropic's mythic-level model Claude Mythos is not open to the public.

Anthropic today announced a plan: Project Glasswing (Glasswing Plan). The reason they rolled it out is that Anthropic trained a brand-new, extremely powerful model, Claude Mythos Preview—this is actually the same model mentioned in the code leak from the other day.

Project participants include Amazon AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic itself—12 organizations in total jointly launching the initiative.

In plain terms: because this model is too strong, they’re adopting a security testing mode—allowing only approved institutions for internal use, not opening it to the public. How strong is it? Just look at the data—its coding and reasoning abilities outclass opus 4.6:

Code:

Reasoning:

Search and computer use

“opus” literally means masterpiece, “Mythos” literally means myth. Anthropic’s CEO and a whole lineup of major partners have come out to endorse the plan.

Anthropic has clearly stated that it does not intend to open Claude Mythos Preview to the public. But their long-term goal is to enable users to safely use models with the same level of capabilities. To do that, they plan to first develop and validate the relevant safety and protection mechanisms on the upcoming Claude Opus model. They will iterate under conditions where risks are controllable, and then gradually roll it out—possibly very soon releasing an opus new version to provide the corresponding capabilities.

Let’s take a detailed look at what Project Glasswing actually is.

What did this model find?

Over the past few weeks, Anthropic used Claude Mythos Preview to scan the world’s mainstream operating systems, browsers, and other important software.

Result: it found thousands of previously undiscovered zero-day vulnerabilities, many of which were assessed as high severity.

A few specific examples:

A vulnerability in OpenBSD that has existed for 27 years. OpenBSD is known for its security and is used to run critical infrastructure such as firewalls. This vulnerability allows an attacker to remotely crash the target machine just by connecting to it.

A vulnerability in FFmpeg that has existed for 16 years. FFmpeg is used by countless software for video encoding and decoding. The model found the line of code with the flaw—this line had previously been scanned 5 million times by automated testing tools and was never discovered.

In the Linux kernel, the model independently discovered and chained multiple vulnerabilities, enabling an attacker to escalate from ordinary user privileges to complete control of the entire machine.

All of the above vulnerabilities have been reported to the maintainers of the relevant software, and have been fully fixed. For the remaining vulnerabilities, Anthropic has already published encrypted hash values in advance; once the fixes are complete, they will disclose the specific details.

Why do this?

Anthropic’s assessment is that the capability of AI models to discover and exploit software vulnerabilities has already surpassed everyone except a small number of top human experts.

The spread of this capability is a matter of time, not a matter of whether it will happen.

Global cybercrime causes economic losses estimated at about $500 billion per year. Attacks targeting medical systems, energy infrastructure, and government institutions have already caused real harm, and they also pose an ongoing threat to civilian and military infrastructure.

AI significantly lowers the cost, barriers, and level of expertise required to carry out these kinds of attacks.

Anthropic’s logic is: rather than waiting for others to use this capability for attacks first, it’s better to proactively use it for defense.

How exactly will the plan work?

Project Glasswing currently includes two layers.

The first layer consists of 12 founding partner organizations. They will get access to Claude Mythos Preview to scan and fix vulnerabilities in their own core systems. Key focus areas include local vulnerability detection, binary black-box testing, endpoint security, penetration testing, and more.

The second layer consists of more than 40 organizations that build or maintain critical software infrastructure. They will also receive model access to scan their own and open-source systems.

To support this, Anthropic has committed to providing up to $100 million in model usage credits. After the research preview period ends, Claude Mythos Preview will be offered to participating parties via commercial access, priced at $25/$125 per million input/output tokens. It will support integration through the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.

In addition, Anthropic will donate $2.5 million to Alpha-Omega and OpenSSF via the Linux Foundation, and $1.5 million to the Apache Software Foundation—totaling $4 million—to support open-source software maintainers in responding to this new situation. Open-source software maintainers can apply for access through the Claude for Open Source program.

Next steps

On information sharing, partners will share information and best practices as much as possible. Anthropic also commits to publishing research progress reports within 90 days, including the number of vulnerabilities discovered, issues that have been fixed, and improvement results that can be disclosed.

On policy recommendations, Anthropic will collaborate with major security organizations to develop practice recommendations for the following areas: vulnerability disclosure processes, software update processes, open-source and supply-chain security, secure software development lifecycles, standards for regulated industries, scaled and automated vulnerability classification, and patch automation.

For full details, see the official original text: https://www.anthropic.com/glasswing