Overview
- Anthropic launched Project Glasswing on Tuesday, giving a curated group of companies controlled access to its unreleased Claude Mythos Preview to use only for defensive security work.
- The company says the model has already found thousands of high‑severity bugs across every major operating system and web browser, including a 27‑year OpenBSD flaw, a 16‑year FFmpeg bug, and Linux kernel chains that let an attacker take full control of a machine.
- Access is limited to partners such as Amazon Web Services, Apple, Google, Microsoft, CrowdStrike, Palo Alto Networks, Cisco, Broadcom, NVIDIA, JPMorganChase and the Linux Foundation, with about 40 more critical‑software organizations, plus up to $100 million in usage credits and $4 million for open‑source security.
- Anthropic is holding back a general release due to dual‑use risk, saying Mythos can autonomously spot vulnerabilities and develop working exploits, and it is coordinating with U.S. agencies and planning a public lessons‑learned report in roughly 90 days.
- The rollout follows late‑March leaks and an internal packaging error that exposed Claude code, and it highlights growing unease after earlier reports on Mythos’s capabilities rattled cybersecurity stocks.