Anthropic Withholds Mythos From Public Over Cyberattack Risk

30-Second Summary

Anthropic has formally launched Project Glasswing, restricting access to Claude Mythos Preview to approximately 40 carefully vetted organisations. The model autonomously identified tens of thousands of zero-day vulnerabilities across every major operating system and web browser, and successfully exploited them on the first attempt in 83.1% of cases. Anthropic's rationale is explicit: releasing Mythos publicly would give attackers a tool capable of crippling critical infrastructure before defenders could respond. The controlled rollout gives security partners a window to harden systems before models of equivalent capability reach the open market.

At a Glance

• Topic: AI Security
• Company: Anthropic
• Date: 7 April 2026
• Announcement: Project Glasswing launches with Claude Mythos Preview restricted to vetted cyber defence partners
• What Changed: Anthropic formally withholds a frontier model from public release, citing unprecedented offensive cyber capability
• Why It Matters: The model can autonomously find and exploit critical vulnerabilities at a scale no human researcher can match, raising the threat ceiling for AI-assisted cyberattacks
• Who Should Care: CISOs, IT security leads, operators running critical infrastructure, and any business relying on major operating systems or cloud platforms

Key Facts

• Company: Anthropic
• Launch Date: Announced 7 April 2026
• What Changed: Claude Mythos Preview released to approximately 40 vetted organisations only, under Project Glasswing, for defensive security use
• Who It Affects: All organisations running systems on major operating systems and browsers, regardless of whether they have Mythos access
• Primary Sources: Anthropic Project Glasswing announcement, CNBC, TechCrunch, Fortune, Axios

What Happened

On 7 April 2026, Anthropic formally announced Project Glasswing, a controlled release programme for its most capable model to date, Claude Mythos Preview. Rather than a standard product launch, the announcement was structured as a cybersecurity initiative: Mythos Preview would be deployed exclusively for defensive security work, restricted to approximately 40 vetted companies and organisations.

The reason for the restriction is the model's offensive capability. During internal testing, Mythos Preview autonomously identified tens of thousands of previously unknown zero-day vulnerabilities across every major operating system and every major web browser. In one documented case, the model found multiple flaws in the Linux kernel and independently chained them together in a sequence that would allow a remote attacker to take complete control of any machine running Linux. It successfully reproduced vulnerabilities and created working proof-of-concept exploits on the first attempt in 83.1% of cases.

Anthropic described Mythos Preview as the first AI model it believes is capable of bringing down a Fortune 100 company, disrupting large sections of the internet, or penetrating critical national defence systems.

Twelve anchor partners are deploying the model for defensive security research. Named organisations include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic is backing the initiative with up to $100 million in usage credits for Mythos Preview and $4 million in direct donations to open-source security organisations.

The Project Glasswing strategy is explicit: give defenders access to the most capable offensive tool before equivalent capability becomes broadly available, creating a window to harden the most critical systems.

Why It Matters

• Anthropic has confirmed that frontier AI models can autonomously perform advanced offensive security tasks at a scale that outpaces human researchers
• The 83.1% first-attempt exploit success rate means the barrier to executing sophisticated cyberattacks with AI is now significantly lower than it was 12 months ago
• Operating systems and browsers used by virtually every business have known, AI-identified vulnerabilities that are being actively addressed by Glasswing partners
• Organisations outside the Glasswing programme are relying on their software vendors to patch flaws that Mythos has found, without visibility into timelines
• Equivalent capability will reach the broader market within 12 to 18 months as competing labs advance, removing the defender advantage Glasswing is designed to establish
• The $4 million donation to open-source security projects signals that free and open-source software tooling is a deliberate part of Anthropic's defensive strategy

The David and Goliath View

Project Glasswing is a rare moment of transparency in the AI industry: a lab admitting it has built something too dangerous to release and structuring its rollout accordingly. That honesty is valuable. But it does not reduce the risk for the 99.9% of organisations that are not among the 40 vetted partners.

The practical reality is that Mythos Preview has already mapped the vulnerability surface of the systems your business runs on. The Glasswing partners are now patching those systems. If your ERP, cloud infrastructure, or operating environment is not on their priority list, you may be waiting for patches to arrive through the standard vendor update cycle, while a future attacker uses a similar model to exploit the same flaws.

The businesses that will fare best in this environment are not necessarily those with the largest security budgets. They are the ones with the tightest patch discipline, the clearest asset inventory, and the fastest incident response capability. Start there. A 48-hour patch window is not a policy, it is a liability.

Where This Fits in the AI Stack

Secure AI Brain: Project Glasswing directly illustrates the threat environment your AI security posture needs to account for. Continuous vulnerability monitoring, AI-assisted patch prioritisation, and clear data access controls are the baseline response to a world where offensive AI can autonomously chain exploits.

Employee Amplification Systems: Security teams can use AI-assisted tools, some emerging from the open-source projects Anthropic is funding, to automate vulnerability triage and accelerate response. This is especially relevant for operators who cannot afford a large in-house security team.

Questions Operators Are Asking

Does this affect my business even if I am not a Glasswing partner? Yes. The vulnerabilities Mythos Preview identified exist in systems your business relies on. The question is whether your software vendors are part of the patching programme and how quickly they will distribute fixes. Contact your critical vendors and ask about their participation in AI-assisted vulnerability programmes.

Are attackers already using models like this? Not at Mythos level, based on current public evidence. But Anthropic's own statement makes clear that equivalent capability will become more widely available over time. The Glasswing programme exists specifically because Anthropic expects the window between defender access and attacker access to be limited.

What should we do right now? Three things. First, audit your patch management process and set a firm maximum update window for critical systems. Second, review your incident response plan and ensure it accounts for AI-assisted attack scenarios. Third, ask your cloud and software vendors what their security posture looks like in light of AI-identified vulnerabilities.

Is Anthropic legally required to restrict this model? No current law mandates it. The restriction is a voluntary decision by Anthropic based on its own assessment of the risk. This is relevant for operators evaluating AI vendors: ask about their responsible release policies, not just their capabilities.

Will Mythos Preview become publicly available? Anthropic has not committed to a public release timeline. The company has indicated it will broaden access as defensive tooling matures. For planning purposes, assume that a model with comparable capabilities will be commercially available within 18 months.

Citable Summary

What happened: On 7 April 2026, Anthropic launched Project Glasswing, restricting Claude Mythos Preview to approximately 40 vetted organisations for defensive security work after the model autonomously identified tens of thousands of zero-day vulnerabilities and exploited them in 83.1% of cases on the first attempt.

Why it matters: AI-assisted offensive capability has reached a level where a single model can map and exploit critical vulnerabilities across every major operating system and browser. Organisations outside the Glasswing programme are dependent on their vendors to patch these flaws before equivalent tools reach attackers.

David and Goliath view: The defender window is real but finite. Operators should focus now on patch discipline, asset visibility, and incident response readiness, because the same capability Glasswing partners are using defensively will eventually be accessible to those with malicious intent.

Offer relevance:

• Secure AI Brain: AI-aware security architecture, continuous monitoring, and data governance are the operational response to a world where AI can autonomously exploit critical vulnerabilities
• Employee Amplification Systems: AI-assisted security tooling, including open-source projects backed by Anthropic's $4M donation, enables lean security teams to operate at a higher standard