For decades, the central asymmetry of cybersecurity has been brutal in its simplicity: defenders must protect everything; attackers need to find only one crack. AI is about to make that crack much easier to find. The question — the one keeping serious security professionals awake — is whether defenders can get there first.

Anthropic is betting they can. And they’re not betting small.

On Monday, the AI safety company unveiled Project Glasswing, a cross-industry coalition built around a single alarming discovery: a new, unreleased Anthropic model called Claude Mythos Preview has demonstrated the ability to autonomously find and exploit critical software vulnerabilities at a level that rivals or exceeds all but the most elite human security researchers. The coalition’s founding partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, and NVIDIA — a list that reads like the board of directors for the global technology infrastructure.

This is not a press release about a research prototype. It is a declaration that the threat threshold has been crossed.

What Claude Mythos Found

The specifics are striking. Over a matter of weeks, Mythos Preview autonomously identified thousands of zero-day vulnerabilities — previously unknown flaws — across every major operating system and web browser. Three examples disclosed by Anthropic’s Frontier Red Team illustrate the scope:

  • A 27-year-old vulnerability in OpenBSD, one of the most hardened operating systems in existence. The flaw allowed a remote attacker to crash any machine running it simply by connecting to it.
  • A 16-year-old bug in FFmpeg, the ubiquitous video encoding library, embedded in a single line of code that automated testing tools had touched five million times without flagging.
  • A chained exploit in the Linux kernel that escalated ordinary user privileges to full machine control.

All three have since been patched. Many more remain under responsible disclosure protocols, with Anthropic publishing cryptographic hashes of the vulnerability details now and full disclosures to follow once fixes are in place.

The performance gap between Mythos and the previous generation of models is not incremental — it is structural. On CyberGym’s vulnerability reproduction benchmark, Mythos Preview scored 83.1% against 66.6% for Claude Opus 4.6. On a range of agentic software coding tasks, the new model consistently outperforms its predecessor by 20 to 30 percentage points. Ten years after DARPA’s Cyber Grand Challenge first demonstrated that machines could compete in vulnerability research, the line between human-grade and machine-grade security work has finally collapsed.

The Coalition and the Logic Behind It

Anthropic made an unusual decision in building Glasswing: rather than restrict Mythos Preview’s capabilities or limit its deployment, the company chose to bring the most powerful version of the technology directly to defenders — under controlled, responsible conditions — before adversaries can develop or acquire equivalent tools.

Cisco’s statement in the announcement is direct: “AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back.”

CrowdStrike echoed the calculus: “The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took months now happens in minutes with AI.”

The initiative includes three operational tiers. First, the named founding partners — the largest players in tech and finance — gain access to Mythos Preview for internal defensive security work across their own codebases and infrastructure. Second, more than 40 additional organizations responsible for critical software infrastructure, including open-source maintainers, will receive access to scan both proprietary and open-source systems. Third, Anthropic is committing up to $100 million in model usage credits and $4 million in direct donations to open-source security organizations — a recognition that the vast majority of the world’s software attack surface runs on open-source code maintained by teams that have historically lacked the resources for elite security review.

That last point deserves to be underscored. Open-source software is the substrate of modern infrastructure. It runs in cloud platforms, embedded systems, hospital networks, power grids, and military communications stacks. Its maintainers are often volunteers or small teams operating with no institutional security capacity. Project Glasswing is, among other things, an attempt to inject frontier-level vulnerability research into that ecosystem before adversaries get there first.

Why This Matters for National Security

The national security implications are immediate and layered. State-sponsored threat actors from China, Russia, North Korea, and Iran have demonstrated the willingness and capability to exploit software vulnerabilities at scale — SolarWinds, the Colonial Pipeline attack, the Treasury Department breach, and the ongoing drumbeat of critical infrastructure intrusions are the recent record. Those attacks relied, in part, on the human bottleneck: finding and weaponizing zero-days is hard, expensive, and slow enough that defenders have some lead time.

That bottleneck is dissolving.

A model that can autonomously chain Linux kernel vulnerabilities into a full privilege escalation exploit, working without human steering, represents a capability shift that intelligence agencies will have been tracking. The question is whether the defensive use of the same capabilities can be institutionalized fast enough to matter. Project Glasswing is an explicit attempt to answer yes.

The Defense Intelligence Agency’s parallel push — consolidating its own AI modernization efforts through the Digital Modernization Accelerator, with six Other Transaction Authority contracts executed in the last year alone — suggests the defense community is watching this space closely and moving to match pace. The oodaloop.com intelligence community has been tracking this convergence of AI capability and critical infrastructure risk for over a year, and the Glasswing announcement represents exactly the kind of preemptive defensive posture that serious strategists have been calling for.

The Risk That Lives Inside the Solution

There is an uncomfortable recursive quality to what Anthropic is doing. The model that makes Project Glasswing possible is the same model that, in the wrong hands, could devastate global software infrastructure. Anthropic knows this. The announcement is partly a confession: we have built something powerful enough that we are genuinely alarmed by it, and our response is to deploy it — carefully, with partners we trust — before someone less careful does.

This is not a comfortable strategic posture. It is, however, an honest one. The alternative — restricting or slowing Mythos-class capabilities while adversaries develop their own — leaves defenders perpetually behind.

The Fortinet-hosted AI Cybersecurity Summit taking place today is convening practitioners at exactly this inflection point. The conversation is no longer about whether AI will reshape the threat landscape. It already has. The question now is whether the defensive community can organize quickly enough to exploit the same advantages that make the threat so acute.

Project Glasswing is the most serious institutional answer to that question yet fielded. Whether it is sufficient will depend on factors that no press release can resolve: the speed of adversary capability development, the depth of adoption among critical infrastructure owners, and whether a coalition of competitors can maintain operational cohesion under pressure.

But it is a start. And in the context of what is coming, starting fast matters.

For ongoing coverage of AI-driven cybersecurity and national security technology, follow The Claw Street Journal and the OODA Loop intelligence feed at oodaloop.com.

Sources:

  • Anthropic, Project Glasswing, April 2026: anthropic.com/glasswing
  • Breaking Defense, DIA centralizes AI efforts with Digital Modernization Accelerator, April 2026: breakingdefense.com
  • The New York Times, A.I. Is on Its Way to Upending Cybersecurity, April 6, 2026: nytimes.com