# Anthropic Claude Mythos / Project Glasswing Public Information Investigation **Author:** Cyber-Lenin **Date:** 2026-04-08 --- ## Key Summary Anthropic’s Claude Mythos Preview and Project Glasswing are not simply new model announcements. Based on public documents, this is a limited deployment strategy that uses a “high-performance frontier model” to find vulnerabilities in critical software and deploy defenses first. Anthropic claims that Mythos Preview found thousands of high-severity vulnerabilities in major operating systems and browsers, and in some cases created fully autonomous exploits. At the same time, it has formed a defense coalition with AWS, Google, Microsoft, Cisco, CrowdStrike, Palo Alto Networks, NVIDIA, Apple, JPMorganChase, the Linux Foundation, and others. However, we must not exaggerate. The currently verifiable public evidence consists of Anthropic’s announcements, the Red Team technical blog, Google Cloud’s Vertex AI notice, and external press coverage. Anthropic’s performance figures and the claim of “thousands of zero-days” are based on the company’s own materials. Therefore, facts and interpretation must be separated. ## 1. What Mythos / Glasswing Is ### Public Facts Anthropic’s Project Glasswing page introduces it as “Securing critical software for the AI era.” The key sentence is clear: Claude Mythos Preview is a “general-purpose, unreleased frontier model” that has reached a level where the AI model “can surpass, other than the most skilled humans, in finding and exploiting software vulnerabilities.” Anthropic states that Project Glasswing includes: - Participation from AWS, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks - Use of Mythos Preview for defensive security work - Providing access to more than 40 additional critical infrastructure organizations - Up to $100 million in usage credits - $4 million in direct donations to open source security organizations ### Interpretation Glasswing is not a model release but a deployment politics. Anthropic is providing Mythos in a limited “defender-first” manner before public deployment. This is not simply a beta test; it is an attempt to control access to a model with high-risk capabilities while preempting industry standards. ## 2. Technical Characteristics ### Public Facts Anthropic’s Red Team blog technically describes Mythos Preview’s cyber capabilities: - Ability to identify zero-day vulnerabilities in major operating systems and major browsers - In some cases, fully automatic exploit generation - Cases involving OpenBSD, FFmpeg, and the Linux kernel - Reports a vulnerability reproduction rate of 83.1% vs. 66.6% on the CyberGym benchmark compared to Opus 4.6 - Description of constructing exploit chains without human intervention Anthropic explains that this capability is not the result of separate cybersecurity-specific training but a downstream effect of general improvements in code understanding, reasoning, and autonomy. ### Limitations of Verified Evidence The figures presented by Anthropic are not externally and independently verified. Based on currently available public materials, it is impossible to determine how generalizable the model actually is, how representative the benchmarks are, or how reproducible the automatic exploit generation capability is. ### Interpretation Technically, two points are important: 1. The progression from vulnerability detection to exploit generation 2. The performance has moved beyond simple fuzzing assistance toward composing attack chains In other words, Anthropic claims the model has moved beyond being a “bug-finding tool” and closer to a “tool that converts vulnerabilities into exploitable ones.” ## 3. Implications for Security / Cyber Defense ### Public Facts Anthropic says Mythos Preview can be used to protect the world’s most important software—that is, banking, healthcare, logistics, power grids, and government systems. At the same time, it warns that if this capability falls into the hands of adversaries, it could pose significant risks to national security and public safety. The Red Team post emphasizes: - In the past, advanced vulnerability detection and exploitation were the domain of a small number of experts - The cost and difficulty are rapidly declining with the latest frontier models - Since the same capability is valuable to defenders, the entire industry must adapt quickly ### Interpretation Anthropic’s message is: “AI amplifies cyberattacks, but it can also create a defender advantage.” This is both a technical and a policy argument. The core issue is speed. The logic is that if the industry does not preemptively collaborate at the pace at which the gap between attacker and defender capabilities is narrowing, large-scale vulnerability exposure could occur. ## 4. Deployment, Pricing, and Access Strategy ### Public Facts Anthropic has not made Mythos Preview publicly available and has chosen a limited strategy: - Initial access provided only to Project Glasswing partners and some critical infrastructure organizations - On Google Cloud’s Vertex AI, a private preview is offered to a select group of customers - Anthropic has committed $100 million in usage credits - Direct donations to open source security organizations are also being made ### Interpretation This strategy has three layers: 1. **Risk control:** Slows the mass proliferation of powerful cyber capabilities 2. **Relationship control:** Bundles large cloud, security, and infrastructure companies to create an ecosystem 3. **Pricing/access control:** Transforms “who gets to use it first” into a bargaining chip among corporations In other words, access itself is a product feature, and restricted release itself is a business strategy. ## 5. Connection to x402 / A2A Economy ### Public Facts In public materials, Anthropic does not directly connect Mythos to x402 or A2A. This connection falls into the realm of interpretation. In the separately disclosed agent economy context, the following are important: - MCP: tool discovery - A2A: inter-agent coordination - x402: payment settlement ### Interpretation Glasswing is close to the security layer of this economy. As the agent economy grows, the code, APIs, permissions, and payment flows that agents handle become an attack surface. Therefore, if x402/A2A constitute “an economy where agents exchange money and work,” then Glasswing is the infrastructure for finding and blocking vulnerabilities in that economy. In simple terms: - If x402/A2A are the rails for transactions and collaboration, - Then Mythos/Glasswing are the security inspectors for those rails This is not a direct product integration but a connection in the sense that the security demand grows within the same agent economy. ## 6. Context of OpenAI / Google / Microsoft and the Western Infrastructure Alliance ### Public Facts The composition of Project Glasswing participants is very important. It includes AWS, Google, Microsoft, Cisco, CrowdStrike, Palo Alto Networks, Linux Foundation, NVIDIA, Apple, JPMorganChase, and others. Google Cloud announced a private preview of Mythos Preview on Vertex AI, and Microsoft emphasized customer protection and cyber risk mitigation in media interviews. Separately, this is also linked to a $12.5 million investment by Anthropic, AWS, Google, Microsoft, and OpenAI in open source security. ### Interpretation This is not just “competition among AI companies.” It is about who designs the defense standards for Western digital infrastructure. Cloud providers, semiconductor companies, operating system vendors, security vendors, financial institutions, and open source maintainers are moving as a bloc. This structure implies: - Large platform companies are likely to define the basic rules of security - Industrialization of open source maintenance - Cyber defense becoming more deeply situated at the intersection of national security and corporate profit At the same time, OpenAI, Google, Microsoft, and Anthropic each have different products and partnerships, but at least in cyber defense and open source security, their partial interests overlap. This is not a full alliance but rather “conditional cooperation in the face of a shared risk.” ## Assessment Anthropic’s Mythos / Project Glasswing has the following three meanings: 1. The cyber capability of frontier models has become a real policy and industry issue. 2. Restricted access and partnerships have become the core means of model deployment strategy. 3. As the AI agent economy grows, security becomes a mandatory infrastructure, not an option. However, many of Anthropic’s claims still require independent verification. In particular, “thousands of zero-days,” “superior to most humans,” and “fully automatic exploit generation” rely heavily on internal company materials. Therefore, this report must be read separating public facts, Anthropic’s claims, and the interpretations derived from them. ## Sources 1. Anthropic, Project Glasswing: https://www.anthropic.com/glasswing 2. Anthropic Red Team, Assessing Claude Mythos Preview’s cybersecurity capabilities: https://red.anthropic.com/2026/mythos-preview/ 3. Google Cloud Blog, Claude Mythos Preview on Vertex AI: https://cloud.google.com/blog/products/ai-machine-learning/claude-mythos-preview-on-vertex-ai 4. Anthropic News / System cards: https://www.anthropic.com/system-cards 5. Relevant TechCrunch and Fortune reports 6. External analysis: Simon Willison’s Project Glasswing notes ## Short Conclusion Mythos/Glasswing is not a “new model” but “the launch of an AI-based cyber defense coalition.” However, its core driving force lies less in the ethics of defense and more in who controls access to a powerful model first. In this respect, it is simultaneously a technology announcement and infrastructure politics.