Anthropic Has an AI That Can Break Into Any Computer. It’s Giving It to Apple, Microsoft, and Amazon.
In early April 2026, Anthropic published a claim that would have seemed like science fiction two years ago: the company had trained an AI model that found thousands of high-severity vulnerabilities across every major operating system and every major web browser. Some of those vulnerabilities had been sitting undetected for one or two decades. The model found them in weeks.
Then Anthropic announced it wasn’t releasing the model.
Instead, twelve companies — AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks — get access through a programme called Project Glasswing. About 40 additional organisations that maintain critical open-source software can apply. Everyone else waits for a public report in 90 days.
The framing is defensive. The concern is legitimate. The exclusivity structure raises questions that are worth sitting with.
Direct Answer: What is Project Glasswing and what has Claude Mythos Preview found?
Project Glasswing is a cybersecurity initiative announced by Anthropic on April 8, 2026, built around Claude Mythos Preview — an unreleased frontier AI model that Anthropic says has found thousands of high-severity zero-day vulnerabilities across every major operating system and every major web browser. A zero-day is a vulnerability that is unknown to the software’s developers and therefore unpatched. Finding thousands of them across systems like Windows, macOS, Linux, Chrome, and Safari — including some that have persisted undetected for one to two decades — represents a qualitative change in what AI-assisted security research can do. Twelve major technology companies and approximately 40 additional critical-infrastructure organisations have been given access to Mythos Preview for defensive security work. The model is not publicly available. Anthropic has committed $100 million in model usage credits to the programme and $4 million in donations to open-source security projects, and has promised a public vulnerability report within 90 days of the April 8 launch — landing in early July 2026.
The Vucense Glasswing Sovereignty Index
Who benefits from Project Glasswing’s vulnerability discoveries — and who is left to wait.
| Organisation Type | Glasswing Access | Benefit from Discoveries | Timeline | Sovereign Risk |
|---|---|---|---|---|
| Launch partners (AWS, Apple, Microsoft, etc.) | ✅ Immediate, gated | Patching their own systems now | Ongoing | Low — they know first |
| 40 critical OSS maintainers | ✅ Application-based | Can fix libraries that underpin everything | Ongoing | Low if included |
| Other enterprises (non-partners) | ❌ No access | Receive patches after disclosure | 90+ day delay | Moderate — depend on others’ disclosure |
| Small businesses | ❌ No access | Patching after public release | 90+ day delay | Moderate |
| Individuals | ❌ No access | Benefit when patches ship to them | Unknown | Depends on patch velocity |
| Adversary state actors | ❌ No formal access | May already have equivalent capability | Unknown | Critical if they find same bugs first |
The fundamental tension: the 90-day public report commitment means known vulnerabilities spend up to three months in a state where Glasswing partners know about them but the broader world does not. The question is whether adversaries find those same bugs independently in the meantime.
What Mythos Preview Actually Did
Zero-day vulnerability research has historically required skilled human security researchers — people with deep expertise in memory management, compiler behaviour, operating system architecture, and attack surface enumeration. A talented team might find dozens of significant vulnerabilities in a year of focused effort on a single target.
Claude Mythos Preview, according to Anthropic’s Project Glasswing page, found thousands of high-severity vulnerabilities including some in every major operating system and web browser in a matter of weeks. Anthropic has published a technical post on its Frontier Red Team blog detailing a subset of those vulnerabilities — specifically ones that have already been patched and, in some cases, the exploitation methods that Mythos discovered.
The model did this without being specifically trained for cybersecurity. Anthropic is explicit about this: Mythos is a general-purpose frontier model whose strength in finding vulnerabilities is a direct result of its broader capability to deeply understand and modify complex software. It didn’t learn to find bugs the way a specialised security tool would. It learned to understand code thoroughly enough that bugs became visible as what they are: deviations from correct behaviour.
This distinction matters because it means the capability isn’t bounded by the domain of “security research” the way a dedicated vulnerability scanner might be. Mythos can find bugs because it can read code the way a skilled engineer reads code — not because it was trained to look for specific vulnerability patterns. And that general capability is going to get better with each model generation, not hit a ceiling.
Anthropic’s statement about the rate of progress is worth reading carefully: “Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely.” This is a company telling you that the attack capability its model demonstrates will soon be available to actors without Anthropic’s safety commitments. The 90-day window isn’t an abundance of caution. It’s a race.
The Structure of Glasswing — and What It Means That It’s Exclusive
Anthropic’s design choices for Project Glasswing are reasonable on their surface and worth interrogating below it.
Why restricted access makes sense: A model that can find and demonstrate exploitation of zero-day vulnerabilities is, by definition, a dual-use capability. Making it freely available would be equivalent to publishing a step-by-step exploitation guide for every critical vulnerability it finds, before patches exist. The harm that could cause — to hospitals running unpatched Windows servers, to power grids with vulnerable SCADA systems, to individuals whose devices run unpatched operating systems — is real. Restricting access while coordinating with affected vendors to produce patches is how responsible vulnerability disclosure works, scaled by AI.
Why the specific structure deserves scrutiny: The twelve launch partners are not a random sample of organisations motivated by security. They are twelve of the most valuable and influential companies in the technology industry. AWS and Google are Anthropic’s largest investors and compute providers. Apple, Microsoft, and Nvidia are partners across multiple Anthropic initiatives. The Linux Foundation represents open-source infrastructure broadly. JPMorganChase is among the world’s largest financial institutions.
These organisations have a legitimate claim to early access: they maintain software that billions of people depend on, and patching their software before it becomes weaponised is genuinely important. But they also now know about vulnerabilities in their competitors’ systems before those competitors know. Microsoft knows about bugs in Google’s software. Apple knows about bugs in Microsoft’s software. Google knows about bugs in Apple’s software. The disclosure commitments that govern what each partner shares with whom, and on what timeline, are not public.
The open-source dimension: The Linux Foundation’s inclusion is significant. Open-source software underpins most of the world’s critical infrastructure — the web servers, container runtimes, cryptographic libraries, and kernel code that every organisation depends on whether they know it or not. Open-source maintainers have historically been under-resourced for security work: they write code for free, they fix bugs for free, and they don’t have the budgets to run the kind of security audits that proprietary software vendors can afford. Glasswing offers these maintainers access to a model that can find bugs faster than any prior tool. If the programme actually delivers on that promise, it could permanently change the security posture of the open-source ecosystem. That’s genuinely important.
The Intelligence Community’s Reaction
Anthropic briefed senior US government officials on Mythos Preview’s capabilities before the public announcement, including both offensive and defensive cyber applications. The intelligence community’s reaction, according to a source familiar with internal deliberations quoted by Nextgov, was interest: “They want secure code and to use AI to find network vulnerabilities as well.”
That interest is straightforward. A model that can find zero-days in every major operating system is also a model that could be used to find zero-days in adversary systems — and potentially to exploit them. US Cyber Command and NSA have long used both offensive and defensive capabilities, and a model with Mythos-level vulnerability discovery capability is of obvious interest to both functions.
Anthropic’s position — that Glasswing is defensive, that the model is gated to partners committed to responsible disclosure, that the company has briefed officials — is consistent with its public safety framing. But as Nextgov noted, Anthropic is simultaneously in a dispute with the Department of Defense about government contracting, which makes the relationship between Glasswing’s defensive framing and the intelligence community’s offensive interests more complicated than the press release suggests.
Gary DePreta of Cisco’s US Public Sector Organisation put the underlying dynamic clearly: “We’re going from an age of detect-and-respond — and as we automate with AI — to predict-and-prevent threats. There is a paradox of progress as it relates to AI and the enterprise. The capabilities of AI are far exceeding the enterprise’s ability to implement it in a safe and secure way.”
That paradox — capability outrunning the institutional capacity to use it safely — is precisely what Glasswing is trying to address. Whether a coalition of twelve technology companies constitutes the right institutional structure for managing that paradox is a question no one is quite answering.
What the 90-Day Report Will Tell You
Anthropic committed to publishing a public report within 90 days of Glasswing’s April 8 launch — which puts it in early July 2026. That report will be the most substantive public document about AI-scale vulnerability discovery ever produced. What to watch for:
The number and severity of patched vulnerabilities. Anthropic said Mythos found thousands. The July report will tell you how many were classified as critical (CVSS 9.0+), how many were high-severity, and how many were exploitable in realistic conditions. This is the number that tells you how much has actually been fixed before you knew it needed fixing.
Which operating systems and browsers. Anthropic said every major OS and every major browser. The report will presumably name them. That disclosure will retrospectively validate — or complicate — each vendor’s public security track record.
The disclosure timeline. For each vulnerability class, when was the affected vendor notified? When was the patch released? How long did the vulnerability exist in a state where Glasswing partners knew but the public didn’t? This timeline is the accountability document for the exclusivity structure.
What Mythos couldn’t find. Perhaps most important: what classes of vulnerabilities does Mythos miss? Understanding the model’s blind spots tells you what adversaries with similar capability could still find that Glasswing didn’t.
Actionable Steps: What to Do While Glasswing Finds Your Bugs
The practical implication of Glasswing is that patches are coming, faster than usual, for vulnerabilities that have existed for decades in software you use today. Here’s how to make sure you’re ready to receive them.
1. Turn on automatic updates everywhere, right now. The vulnerabilities Glasswing finds will ship as patches through normal software update channels. The only way to benefit is to apply those patches promptly. Check Windows Update, macOS Software Update, Chrome, Firefox, and Safari settings. Enable automatic updates for any software where you currently defer them. The 90-day public report is a patch wave signal — be ready to receive it.
2. If you maintain open-source software, apply to Project Glasswing. Anthropic’s Claude for Open Source programme offers access to Mythos Preview for open-source maintainers whose code is part of critical infrastructure. If you maintain a library, framework, or tool with significant downstream usage, apply now. The programme is specifically designed to reach maintainers who don’t have enterprise security budgets.
3. For enterprise security teams: prepare a patching surge response plan for July. When the 90-day report drops, there will be a wave of patches accompanying it. Some will require system restarts. Some will affect production dependencies. Enterprise environments that have complex change management processes around patching should begin now to build a fast-track exception pathway for Glasswing-disclosed vulnerabilities.
4. Track the CVSS scores on patches shipped between now and July. Critical and high-severity patches that ship between April 8 and early July may be Glasswing disclosures — they will carry CVSS scores that reflect their severity. Monitor your vulnerability management system for clusters of critical patches across OS and browser vendors. That clustering pattern is the signature of a coordinated AI-discovered disclosure campaign.
5. Verify your attack surface for software that last received security audit more than five years ago. Mythos found vulnerabilities that are one to two decades old. Software that hasn’t received a fresh security review in that window — legacy systems, older enterprise applications, inherited codebases — is where the oldest unpatched bugs tend to live. Prioritise auditing and patching those systems before the 90-day report creates public knowledge of what Mythos found there.
6. Read the Frontier Red Team blog post. Anthropic published technical details for a subset of already-patched vulnerabilities on its Frontier Red Team blog at the time of the April 8 announcement. Reading that post gives you a sense of the vulnerability classes Mythos finds, the exploitation techniques it identifies, and the kinds of code patterns that create the bugs. This is the most concrete public technical documentation available about what the model actually discovered.
FAQ: Project Glasswing and Claude Mythos Preview
Q: What is a zero-day vulnerability? A zero-day is a software vulnerability that is unknown to the software’s developer — meaning there is “zero days” of warning before it could be exploited. Because the developer doesn’t know about it, there is no patch available. Zero-days are the most dangerous class of vulnerabilities because anyone who knows about them — attackers or defenders — has an advantage over the defenders of unpatched systems.
Q: Why didn’t Anthropic just release the vulnerabilities it found publicly? Responsible vulnerability disclosure practice requires notifying the affected vendor and giving them time to develop and distribute a patch before the vulnerability is publicly disclosed. If Anthropic published thousands of zero-day vulnerabilities simultaneously without patches available, attackers could immediately begin exploiting them. The Glasswing structure — restricted access to partners while patches are developed — follows standard responsible disclosure norms, scaled by AI.
Q: Can adversaries — including state actors — build similar capability? Anthropic’s own statement acknowledges that these capabilities will proliferate “not long” from now. China’s Zhipu AI lab has demonstrated frontier coding capability through GLM-5.1. Russia’s intelligence services have historically shown sophisticated capability in vulnerability research. The question is not whether adversaries can build Mythos-equivalent capability but when — and Anthropic’s Glasswing timeline implicitly acknowledges it may be sooner than most people assume.
Q: Why is Apple a Glasswing partner if Apple competes with some of the other partners? The Glasswing partnerships are structured around a shared defensive interest: each company wants the vulnerabilities in its own software found and patched. Apple wants to know about bugs in macOS and iOS. Microsoft wants to know about bugs in Windows. The fact that they also compete commercially doesn’t prevent them from sharing a common interest in their software being secure. The disclosure arrangements between partners — what each one shares about bugs in others’ software, and when — are not publicly specified.
Q: When will Claude Mythos be publicly available? Anthropic has not announced a general availability date for Claude Mythos. The company has said that the cybersecurity safeguards developed during Glasswing will eventually ship with a future Claude Opus model that will be more broadly accessible. The current Mythos Preview is explicitly restricted to Glasswing participants.
Q: What is the Linux Foundation doing in this project? The Linux Foundation represents the open-source maintainers of critical software infrastructure — the Linux kernel, OpenSSL, Apache, and hundreds of other projects that underpin most of the world’s digital systems. Open-source maintainers have historically been under-resourced for security work, running critical infrastructure on volunteer effort without enterprise security budgets. Glasswing’s commitment to giving those maintainers access to Mythos Preview is the part of the programme with the broadest potential benefit, because the open-source software it would secure runs underneath nearly every enterprise system.
Related Articles
- Kyber Ransomware Claims Post-Quantum Encryption — But It’s Lying on ESXi
- Your Phone Is Being Tracked Through the Network Itself — No Malware Required
- Amazon Just Bet $33 Billion on Anthropic — and Claude Is Now AWS Infrastructure
- Your AI Agent Is Lying to You — to Protect Another AI
- Anthropic Just Took $100 Billion From Its Three Biggest Competitors
