Project Glasswing & Claude Mythos Preview: What the AI Actually Found Five million automated test runs. Sixteen years. The bug su...
Project Glasswing & Claude Mythos Preview: What the AI Actually Found
Five million automated test runs. Sixteen years. The bug survived all of it, sitting inside FFmpeg, the media-processing library embedded in a significant portion of the software running on earth right now. A human team finally found it last month. Except it wasn't a human team.
The software that found it had never been released publicly. Anthropic has no plans to release it publicly. The reason they give for that is worth reading carefully.
Bugs That Survived Long Enough to Vote
The FFmpeg flaw is the one I keep coming back to, not because of the specific exploit, but because of what five million missed test runs implies about every other piece of software we've been quietly trusting for decades.
It wasn't alone. Claude Mythos Preview, Anthropic's unreleased frontier model deployed internally through what they're calling Project Glasswing, also found a 27-year-old remote crash flaw in OpenBSD. To be clear about what that means: OpenBSD is software that was specifically engineered, from the ground up, to be unhackable. It's used in firewalls and hardened critical infrastructure. Someone could connect to a vulnerable machine and crash it. That flaw was sitting there since 1998. And a separate Linux kernel vulnerability that lets an ordinary user escalate to full machine control was also found autonomously, also patched before any of this was made public.
Glasswing was announced April 7th, 2026, a coalition of twelve organizations: AWS, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. What's notable isn't who's on the list. It's the fact that organizations whose interests diverge sharply in almost every other context agreed to co-sign this one. Over 40 organizations building critical software infrastructure have been extended access to the model.
The name comes from Greta oto, the glasswing butterfly, whose wings have no pigment and are nearly transparent, letting it disappear in plain sight. Anthropic chose that metaphor for invisible software flaws. I think they undersold the second meaning, but we'll get to that.
Anthropic committed USD 4 million in direct donations: USD 2.5M split between Alpha-Omega and OpenSSF through the Linux Foundation, and USD 1.5M to the Apache Software Foundation. Those are the organizations whose volunteers quietly maintain the software that runs most of the internet. The donations are real money. Whether they're proportionate to a problem this size is genuinely hard to say.
The Tool They Won't Let You Use
Claude Mythos Preview is a general-purpose frontier model. It is not available on the public API. It is not in a phased rollout. Anthropic is explicit that the reason is the model's offensive capability, and I find their candor here more unsettling than reassuring, because it means they believe the risk is real enough to say out loud.
The benchmark numbers tell part of the story. On CyberGym, the benchmark built specifically to evaluate AI on real cybersecurity tasks and not toy problems, Mythos Preview scored 83.1%. Claude Opus 4.6, currently Anthropic's most capable publicly available model, scored 66.6%. On SWE-bench Verified, the coding benchmark, Mythos hit 93.9% against Opus 4.6's 80.8%. On Humanity's Last Exam with tools, a test designed to be hard enough that most frontier models fail at most of it, Mythos scored 64.7% to Opus 4.6's 53.1%. None of those are marginal improvements. The CyberGym gap in particular isn't one tier. It's a different category.
CrowdStrike's CTO Elia Zaitsev said something in the announcement that I've read three times now: "The window between a vulnerability being discovered and being exploited by an adversary has collapsed, what once took months now happens in minutes with AI. Claude Mythos Preview demonstrates what is now possible for defenders at scale, and adversaries will inevitably look to exploit the same capabilities. That is not a reason to slow down; it's a reason to move together, faster."
The last sentence is doing a lot of work. "Move together, faster" is Zaitsev's way of saying the alternative, slowing down, waiting, hoping the attackers don't figure this out first, is not actually an option. I don't disagree with him. I also don't think most organizations have internalized what "faster" looks like when the threat side has access to the same underlying capabilities.
The safety path forward runs through an upcoming Claude Opus model, where lessons from Mythos deployment will inform guardrails, and a Cyber Verification Program for security professionals who need deeper access. Post-preview pricing is set at USD 25 per million input tokens and USD 125 per million output tokens across Claude API, Bedrock, Vertex AI, and Microsoft Foundry. The USD 100 million in model usage credits committed to Glasswing participants is the more immediate number.
What Nobody Knows Yet
Anthropic committed to a public report within 90 days, vulnerabilities fixed, lessons learned, anything disclosable. That report hasn't landed yet. What it contains will tell us more than this launch announcement can.
Jim Zemlin from the Linux Foundation said something that I think gets quoted politely and not really engaged with: "In the past, security expertise has been a luxury reserved for organizations with large security teams. Open source maintainers, whose software underpins much of the world's critical infrastructure, have historically been left to figure out security on their own. Open source software constitutes the vast majority of code in modern systems, including the very systems AI agents use to write new software."
What he's describing is not a gap that USD 4 million closes. It's a structural condition of how the open-source ecosystem has operated for thirty years. Glasswing addresses the 40+ organizations with direct access. The Claude for Open Source program exists for maintainers outside that circle, but it requires an application at claude.com/contact-sales/claude-for-oss. Which means most of the volunteer maintainers keeping critical infrastructure alive are still waiting. Greg Kroah-Hartman, the Linux kernel maintainer, described AI-generated patches as "pretty good." Zemlin called that "high praise, coming from him." That's a bar worth contextualizing.
What's happening in US government discussions about Mythos's offensive and defensive implications is genuinely unclear. Anthropic says talks are ongoing, but the details aren't public. With the EU AI Act's next enforcement deadline on August 2nd, organizations using AI in security-sensitive contexts are already on a regulatory clock regardless of how those conversations resolve.
The thing I'm still sitting with: the vulnerabilities Mythos found were all patched before disclosure. That's the right order of operations. But "what it found" and "what it might find next" aren't the same question, and Anthropic saying the model is too dangerous to release publicly while simultaneously deploying it across 40+ organizations is a position that requires an enormous amount of trust in a process that hasn't been independently audited yet.
The glasswing butterfly hides because its wings have no pigment, nothing to catch the light. The irony of naming a security initiative after it is that Anthropic has been unusually transparent about what this model can do. Most launch announcements don't lead with the part where the tool is too dangerous to ship. The transparency is real. Whether it's complete is a different question, and one the 90-day report will either answer or not.
Frequently Asked Questions
Is Claude Mythos Preview available to the public?
No. Anthropic has explicitly chosen not to release Claude Mythos Preview publicly due to its offensive cybersecurity capabilities. Access is currently limited to the 40+ organizations participating in Project Glasswing, with a separate application track for open-source maintainers through the Claude for Open Source program. A broader rollout, tied to an upcoming Claude Opus model with refined safety guardrails, is expected down the road, but no public timeline has been given.
What is Project Glasswing and who is behind it?
Project Glasswing is a cross-industry AI security coalition announced by Anthropic on April 7, 2026. Its core mission is to deploy frontier AI models defensively, finding and patching vulnerabilities in critical software before attackers can exploit them. The twelve founding partners are AWS, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic is funding the initiative with up to USD 100 million in model usage credits and USD 4 million in direct donations to open-source security organizations.
The software landscape is shifting faster than most teams are ready for. Stay ahead of what's next at atxsoft.com where we break down AI, security, and modern software strategy for teams who build what matters.
References
- Anthropic. Claude Mythos Preview. April 7, 2026. red.anthropic.com
- Anthropic Project Glasswing. https://www.anthropic.com/glasswing
