What it is: Project Glasswing is a cross-industry defensive cybersecurity initiative bringing together 12 founding partners: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic. Additionally, 40+ organisations maintaining critical software infrastructure were granted access. The project is named after the glasswing butterfly Greta oto — its transparent wings let it hide in plain sight (like hidden vulnerabilities), and help it evade harm (like the transparency Anthropic advocates).
The Threat Context
Global cybercrime costs approximately $500 billion per year. Real-world attacks have already hit healthcare (WannaCry/NHS), energy infrastructure (Colonial Pipeline), and government agencies (SolarWinds, US Treasury). State-sponsored attacks from China, Iran, North Korea, and Russia continue to threaten civilian and military infrastructure. AI has now dramatically lowered the cost, effort, and level of expertise required to find and exploit software vulnerabilities — and the consequences of that shift are only beginning to be understood.
Claude Mythos Preview — What It Found
Anthropic’s Claude Mythos Preview is a general-purpose, unreleased frontier model that found thousands of zero-day vulnerabilities across every major operating system and every major web browser — entirely autonomously, without human steering. Three highlighted examples:
- 27-year-old vulnerability in OpenBSD — one of the most security-hardened operating systems in the world, used to run firewalls and critical infrastructure. The flaw allowed an attacker to remotely crash any machine just by connecting to it.
- 16-year-old bug in FFmpeg — the widely-used video encoding/decoding library. The vulnerability sat in a line of code that automated testing tools had scanned 5 million times without ever catching the problem.
- Chained Linux kernel vulnerabilities — Mythos autonomously discovered and chained together multiple vulnerabilities in the Linux kernel to escalate from ordinary user access to complete control of the machine.
All vulnerabilities were reported to the relevant maintainers and have since been patched.
Benchmark Scores — Mythos Preview vs Opus 4.6
| Benchmark | Mythos Preview | Opus 4.6 |
|---|---|---|
| CyberGym | 83.1% | 66.6% |
| SWE-bench Verified | 93.9% | 80.8% |
| SWE-bench Pro | 77.8% | 53.4% |
| Terminal-Bench 2.0 | 82.0% | 65.4% |
| GPQA Diamond | 94.6% | 91.3% |
| Humanity’s Last Exam (with tools) | 64.7% | 53.1% |
Question — Abhilash Gopinath
The post includes a benchmark comparison table between Mythos Preview and Opus 4.6. What are these benchmarks actually measuring — and why does this comparison matter for the Glasswing story?
Answer
These are standardised tests that measure how capable an AI model is at specific tasks. Think of them like exam scores for AI — each benchmark tests a different skill.
CyberGym — cybersecurity tasks. Can the model find and exploit real vulnerabilities? This is the most directly relevant benchmark for the Glasswing story. Mythos scores 83.1% vs Opus 4.6’s 66.6% — a significant gap in offensive cyber capability.
SWE-bench Verified and SWE-bench Pro — real software engineering tasks. Can the model fix actual bugs in real codebases? On the harder Pro version, the gap widens to 77.8% vs 53.4% — 24 percentage points. That is not incremental improvement. That is a different class of capability.
Terminal-Bench 2.0 — can the model operate autonomously in a terminal environment, running real commands on a real system? 82.0% vs 65.4%. This is directly relevant to how AI was used in the Mexico government breach — executing thousands of commands autonomously across live infrastructure.
GPQA Diamond and Humanity’s Last Exam — PhD-level science questions and the hardest expert-level exam ever designed for AI. Both models score remarkably high, with Mythos consistently ahead.
Why does this comparison matter? Because this table is Anthropic showing the world exactly why Project Glasswing was necessary. Mythos Preview is not slightly better than their previous best model — it is substantially better at the precise skills that make it dangerous: writing exploit code, operating autonomously in terminal environments, and reasoning through complex software systems.
The honest message behind the benchmarks: this model is so much more capable than anything before it that releasing it publicly without first building defensive infrastructure around it would be irresponsible. Project Glasswing is that infrastructure.
Commitments
Anthropic has committed $100M in model usage credits for Glasswing participants. In addition: $2.5M donated to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5M to the Apache Software Foundation — enabling open-source maintainers to respond to this changing landscape. After the research preview, Mythos Preview will be available at $25/$125 per million input/output tokens via the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.
What Happens Next
Mythos Preview will not be released for general availability. Within 90 days, Anthropic will publicly report on vulnerabilities fixed, improvements made, and lessons learned. New cybersecurity safeguards will first be launched with an upcoming Claude Opus model — to refine them safely before Mythos-class capabilities are broadly deployed. Security professionals whose legitimate work is affected by the new safeguards can apply to an upcoming Cyber Verification Program.
Partner Voices
“The window between a vulnerability being discovered and exploited has collapsed — what once took months now happens in minutes with AI. That is not a reason to slow down; it’s a reason to move together, faster.”
— Elia Zaitsev, CTO, CrowdStrike
“Open source maintainers have historically been left to figure out security on their own. Project Glasswing offers a credible path to changing that equation — AI-augmented security as a trusted sidekick for every maintainer, not just those who can afford expensive security teams.”
— Jim Zemlin, CEO, The Linux Foundation
Update · Apr 8, 2026 — Expert Reaction (Platformer)
Security expert Alex Stamos warned that open-weight models capable of similar vulnerability discovery are approximately 6 months away. He raised two deeper concerns: building dangerous AI to defend against it centralises power in a small number of labs, and increases the risk of model weight theft by actors who would deploy the capabilities offensively without restriction. Source: platformer.news
Update · Apr 10, 2026 — Forrester: 10 Consequences Nobody’s Writing About Yet
Forrester Research (Jeff Pollard et al.) treats Glasswing and Mythos as legitimate and concerning — not marketing hype. Their analysis lays out second and third-order consequences grouped by when they will hit:
Now: (1) Open-source maintainers become the bottleneck — discovery is now exponential but remediation capacity is still human, finite, and underpaid; (2) Penetration testing loses its pricing anchor — traditional pentests ran $20–120K anchored to discovery scarcity, which no longer exists; (3) Anthropic becomes a core dependency for every security vendor — those who don’t formalise the relationship accept dependency without influence.
6–18 months: (4) Remediation services become the prize category — the first firm to build a Mythos-native practice captures the margin pentesting just lost; window is roughly 18 months; (5) The CVE system starts visibly failing — thousands of zero-days will overwhelm triage infrastructure, showing up as months-long enrichment backlogs; (6) Nation-states race to burn existing zero-day stockpiles before they become worthless; (7) Cyber insurance reprices abruptly — expect exclusions targeting AI-discovered vulnerabilities not remediated within defined timeframes.
2–5 years: (8) Regulators lock Glasswing in as the reference case — Mythos resets what “reasonable care” means; (9) AI-assisted security governance becomes its own compliance field — human-in-the-loop audit trails between AI discovery and action become mandatory; (10) Security careers pivot from finders to deciders — unearthing vulnerabilities stops being a valued skill; judgment, AI output validation, and decision-making under pressure become the new profile. Universities are still training the wrong people. Source: forrester.com
Sources: anthropic.com/glasswing · platformer.news · forrester.com