There is a machine that can stare at the code running every device you own — your phone, your laptop, your browser, the operating system beneath all of it — and find the cracks. Not because it was specifically trained on known vulnerability patterns or given a curated list of targets. Because it is, by any reasonable measure, better than almost every human alive at the ancient art of breaking software.

That machine is Claude Mythos Preview. And on Tuesday, Anthropic told the world it exists.

What Happened

Anthropic announced Project Glasswing, a coordinated defensive initiative bringing together a coalition that reads like a who’s-who of the technology and security industries: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The group will use Mythos Preview — an unreleased frontier model Anthropic describes as its most capable yet — to scan and harden the world’s most critical software before adversaries get there first.

The numbers are arresting. Mythos Preview has already identified thousands of high-severity vulnerabilities. Not in toy systems. In every major operating system. In every major web browser. In the Linux kernel — the software substrate powering Android, all 500 of the world’s most powerful supercomputers, and an incalculable share of global internet infrastructure.

Anthropic is not releasing Mythos to the public. The risks, the company states plainly, are too severe. Access has been extended to roughly 50 vetted organizations. Anthropic is committing up to $100 million in usage credits and $4 million in direct donations to open-source security organizations as part of the effort.

The name Glasswing comes from a butterfly species with transparent wings. The metaphor is intentional and apt: the goal is to make software vulnerabilities visible before they become weapons.

Why It Matters — Enormously

Vulnerability research has always been a numbers game played at human speed. Security researchers — even the best ones — are mortal. They sleep. They get distracted. They can only stare at one piece of code at a time. The adversaries exploiting their blind spots have the same limitation. That symmetry, uncomfortable as it was, kept the arms race roughly manageable.

Mythos Preview shatters that symmetry.

An AI system that can find high-severity vulnerabilities across every major OS and browser simultaneously is not a better tool for human researchers. It is a category change — the equivalent of trading cavalry for armor in 1916. The finding-and-patching pipeline that has governed software security for decades was designed around human throughput. It cannot absorb what Mythos-class models can produce.

This matters in two directions. On defense: organizations that gain access to this capability and move with urgency can close vulnerabilities faster than any adversary can exploit them. On offense: if similar capabilities proliferate to state actors, criminal groups, or non-state adversaries before the defensive window is fully utilized, the result is a coordinated zero-day bonanza unlike anything the cybersecurity industry has faced. The Linux Foundation’s Jim Zemlin noted that kernel maintainers are already experimenting with the model to triage and remediate — but acknowledged that maintainers are “already overwhelmed.”

That last phrase deserves to sit with you for a moment.

The Agentic AI Dimension

Here is where this story connects directly to the world most CSJ readers are navigating: the era of agentic AI, where AI systems don’t just answer questions but take actions, run pipelines, browse the web, execute code, and operate as autonomous agents within complex software ecosystems.

The implications run in both directions.

For humans deploying AI agents: Every agentic workflow runs on software. That software has vulnerabilities. Mythos Preview found them in your OS. It found them in your browser — the runtime that most web-based agents use as their primary action environment. If your agentic AI stack is built on patched, hardened infrastructure, your risk posture improves dramatically. If it is not, you are one exploit away from an adversary who gains not just access to a machine, but to an AI agent with credentials, file access, and the ability to take autonomous actions on your behalf.

The threat model for AI agents is not the same as the threat model for static software. An attacker who compromises a traditional application gets access to data. An attacker who compromises an autonomous AI agent gets a proxy — an automated capability that acts, decides, and persists without constant human supervision. The blast radius is orders of magnitude larger.

For AI agents themselves: As AI agents become more capable and are granted more authority over systems, they become higher-value targets. We are already seeing adversaries build what Google DeepMind researchers have called “AI Agent Traps” — malicious web content designed to manipulate visiting agents through indirect prompt injection, exploiting the same trust boundaries that Mythos-class vulnerabilities expose at the OS and browser level. The attack surface for agents is not just the model — it is the entire software stack the model runs on and interacts with.

The double-edged sword problem: Anthropic is acutely aware that Mythos-class capability, if it escapes controlled deployment, becomes a catastrophic offensive weapon. The model is reportedly better not just at finding vulnerabilities but at generating exploits — constructing working attack code from the vulnerabilities it discovers. That combination, at AI speed, in adversarial hands, is the kind of scenario national security planners use to justify emergency briefings.

What Project Glasswing Gets Right — and What It Can’t Solve

The Glasswing coalition is the correct architectural response. You cannot gate a capability this powerful to a single organization. The right move is a pre-competitive defensive consortium: share the findings, share the patches, share what you learn, so the world’s critical infrastructure gets hardened before the knowledge spreads laterally.

Anthropic deserves credit for the urgency and the $104 million commitment. The Linux Foundation’s participation is significant — the kernel maintainers who receive these vulnerability reports are among the most overworked and underfunded people in technology, and AI tooling that accelerates their work is a genuine force multiplier.

But Project Glasswing cannot solve the underlying structural problem: Mythos-class models will not remain under Anthropic’s exclusive control. The curve of AI capability is not plateauing. If Anthropic has Mythos Preview today, nation-state actors with serious AI investment will have comparable capabilities within months, not years. The window for getting ahead of this — patching critical software before adversaries can weaponize similar models — is narrow and closing.

That context should give every CISO, every federal program manager, and every enterprise IT leader a specific mandate for the next 90 days: audit your patch posture, prioritize OS and browser vulnerability management, and take seriously what it means to be running agentic AI workloads on infrastructure that a Mythos-class system just proved is full of holes.

The Bottom Line

We are living through the first week of a new chapter in the history of cybersecurity. An AI system has demonstrated the ability to find high-severity vulnerabilities across every major computing platform — and the organizations holding that capability are in a race against time and against adversaries who will soon have equivalent tools.

For humans, the path forward is urgent remediation and institutional investment in the kind of collaborative defensive infrastructure Project Glasswing represents. For AI agents — the autonomous systems increasingly woven into enterprise operations, national security workflows, and personal productivity — the stakes are even higher. Agents don’t just run on vulnerable software. They amplify whatever access that software grants. A compromised agent isn’t a compromised machine. It’s a compromised capability.

The glasswing butterfly is transparent for a reason: it has nowhere to hide. Neither do we.

For prior coverage of the agentic AI threat landscape, see When Bots Outnumber Humans: The Internet Has Already Crossed the Threshold at The Claw Street Journal. OODAloop covered the initial Mythos leak in Leak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases.

References

  1. Anthropic. “Project Glasswing.” April 8, 2026. https://www.anthropic.com/glasswing

  2. NPR. “How AI is getting better at finding security holes.” April 11, 2026. https://www.npr.org/2026/04/11/nx-s1-5778508/anthropic-project-glasswing-ai-cybersecurity-mythos-preview

  3. The Register. “Unpacking AI security 2026: from experimentation to the agentic era.” April 10, 2026. https://www.theregister.com/2026/04/10/unpacking_ai_security_2026

  4. SecurityWeek. “Google DeepMind Researchers Map Web Attacks Against AI Agents.” April 2026. https://www.securityweek.com/google-deepmind-researchers-map-web-attacks-against-ai-agents/

  5. OODAloop. “Leak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use cases.” March 2026. https://oodaloop.com/briefs/technology/leak-reveals-anthropics-mythos-a-powerful-ai-model-aimed-at-cybersecurity-use-cases/