Anthropic's New 'Mythos' Model Found Security Vulnerabilities in Every Major OS and Web Browser — Now It's Powering Project Glasswing

Anthropic announced Project Glasswing, a defensive cybersecurity initiative that will give a select group of large companies — including Nvidia, Google, Amazon Web Services, Apple, and Microsoft — access to Claude Mythos Preview, a new AI model that the company is not planning to release publicly. The reason for the restricted release: the model's capabilities in finding security vulnerabilities are significant enough that Anthropic considers broad access a security risk in itself.

What Mythos Can Do

In testing, Anthropic found that Mythos identified vulnerabilities in every major operating system and web browser it was pointed at. The model's "strong agentic coding and reasoning skills" — developed for general-purpose applications rather than specifically for security — translate directly into the kind of systematic, iterative code analysis that vulnerability research requires. Newton Cheng, the cyber lead for Anthropic's frontier red team, told The Verge that Mythos gives cyber defenders a "head start" against adversaries by analyzing systems for high-stakes vulnerabilities and helping patch them before they can be exploited.

The model is designed to operate with minimal human intervention — Project Glasswing's pitch is that large organizations can run Mythos against their infrastructure and receive vulnerability reports without requiring a security researcher to supervise every scan. That agentic autonomy is what makes it useful for enterprise security at scale, and also what makes unrestricted access problematic: a model that can autonomously find and document vulnerabilities in any system, in the wrong hands, is an offensive capability, not just a defensive one.

The Dual-Use Problem at the Frontier

Anthropic's decision to deploy Mythos through a restricted partnership program rather than releasing it publicly or adding it to the Claude API is an operationalization of the dual-use dilemma that frontier AI labs increasingly face. The model is too useful to lock in a drawer, but the same properties that make it useful for defense make it dangerous if freely accessible. The Project Glasswing structure — known partners, contractual security obligations, government-adjacent use cases — is an attempt to capture the defensive value while managing the offensive risk.

This will not satisfy critics who argue that any model capable of finding zero-days in major operating systems at scale should require even more restrictive access controls, or that the partnership structure creates an asymmetric advantage for large incumbents over smaller organizations that cannot qualify as Glasswing partners. But it represents a more nuanced approach than the binary choice between full public release and complete withholding — and it may become a template for how frontier labs handle capability-sensitive models that do not fit cleanly into standard API access tiers.

What This Signals About the AI Capability Frontier

Mythos is described as a general-purpose model that happens to be extraordinarily good at security research. The implication is that general-purpose capability gains at the frontier are beginning to produce models whose abilities in specific high-risk domains outpace our ability to safely deploy them publicly. This is the scenario AI safety researchers have been warning about — not a narrow tool optimized for harm, but a broadly capable system whose strengths create risks as a side effect of being generally powerful.