In a data center somewhere, an artificial intelligence read the source code of the modern world—the operating systems on our phones, the browsers on our laptops, the software threading through hospitals and power grids—and it found the cracks. Not a few. More than ten thousand of them, the kind of flaws that let an attacker slip inside unseen. And it did this in a matter of weeks.
The model is called Claude Mythos Preview, an unreleased frontier system from Anthropic, and the effort to point it at the world's software is named Project Glasswing. The name is apt. A glass wing is beautiful and almost invisible—and it can shatter. What Anthropic disclosed across late May and early June of 2026 is that AI has quietly crossed a threshold in offensive security: a single model can now outperform all but the most elite human hackers at finding exploitable vulnerabilities, at a speed and scale no team of people could match.
That is either very good news or very bad news, depending entirely on who holds the wing.
What the Machine Found
The headline numbers are stark. In one sweep, Anthropic turned Mythos Preview loose on roughly a thousand open-source projects and reported 6,202 high- and critical-severity vulnerabilities out of more than 23,000 candidate issues examined. Across all of Project Glasswing's partner work, the company says the model has surfaced more than ten thousand vulnerabilities overall—many of them genuine zero-days, flaws previously unknown to the people who wrote and maintain the code.
Crucially, these were not trivial bugs. Mythos found exploitable weaknesses in every major operating system and every major web browser, the foundational software that billions of people touch every day without thinking about it. And it did more than flag them. The model could demonstrate exploitability—showing not just that a door was unlocked, but how to walk through it—while comprehending codebases far larger than any human reviewer can hold in their head at once.
Project Glasswing began as a tight circle—a coalition of about forty technology companies given gated access to the model so they could find and patch holes in their own products before attackers did. By June 2, that circle had widened dramatically. Anthropic announced an expansion to roughly 150 organizations across more than fifteen countries, explicitly reaching into critical infrastructure: power, water, healthcare, and communications. The membership reads like a map of digital civilization—Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks.
The Symmetry Problem
This is the uncomfortable heart of the story, and Anthropic, to its credit, has not hidden from it. The reason Mythos Preview remains unreleased is precisely that the capability is dual-use in the most literal sense. A model that can autonomously discover zero-days and write working exploits is, by definition, a model that could automate attacks at scale. Security researchers have long lived with an asymmetry that favored defenders only slightly: attackers needed to find one way in, defenders needed to close all of them. AI threatens to collapse that asymmetry in both directions at once.
"AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities."— Anthropic, Project Glasswing disclosure, May–June 2026
Anthropic's own framing is sobering: within six to twelve months, the company expects that many other AI developers will have models in the same class. Some of those developers will not share Anthropic's caution, and some will not be companies at all. Once a Mythos-class capability is widely available, the company warns, cyberattacks could become far more frequent and arrive in far more unpredictable forms. The window in which defenders can get ahead is, on this reading, measured in months—not years.
That is why Glasswing looks less like a product launch and more like a controlled burn. The strategy is to use a privileged head start to harden the most important software in the world before the same firepower becomes commodity. Anthropic has said it will make the vulnerability-discovery tooling built for Glasswing available to trusted security teams on request, and it has released a separate offering, Claude Security, in public beta—a tool that lets enterprise teams scan their own codebases and generate proposed fixes.
Why It Matters Beyond the Server Room
It is tempting to file this under "tech industry housekeeping." That would be a mistake. The software Mythos has been probing is not abstract. It is the firmware in medical devices, the control logic in water treatment, the authentication on financial systems, the browsers through which most of humanity now conducts its private and civic life. A vulnerability in a widely used library is not one flaw; it is the same flaw replicated across every system that depends on that library—a monoculture that an automated attacker can harvest at machine speed.
There is a hopeful reading, and it deserves equal weight. For decades, defenders have been outnumbered and underfunded relative to the surface area they protect. A tool that lets a small security team audit a codebase the way a thousand experts might—and propose the fix, not just the alarm—could finally tilt the field. The Linux Foundation's presence in the coalition matters here: open-source software underpins almost everything, and it is maintained, heroically, by people who are often unpaid and overstretched. Pointing a frontier model at that commons, before adversaries do, is among the more defensible uses of this technology.
The question is no longer whether AI can find the cracks. It is whether the people who want to fix the world can stay one release ahead of the people who want to break it.— On the logic of Project Glasswing
The Months Ahead
Glasswing is a wager that disclosure and coordination can outrun proliferation. It may be the most consequential AI safety experiment running in the open right now—not a debate about hypothetical superintelligence, but a concrete contest over the security of systems we already depend on. The coming months will test the wager directly. If Mythos-class capability does spread on the timeline Anthropic expects, we will learn whether a head start of a few months, spent patching, was enough to matter.
What is no longer in doubt is the shape of the new landscape. The advantage in cybersecurity has always gone to whoever could think faster and see more. For the first time, the thing that thinks fastest and sees most is not a person. The wing is in the air. The next year will tell us who is flying it.
Sources
- Anthropic. "Project Glasswing: An initial update." anthropic.com
- Anthropic. "Project Glasswing." anthropic.com/glasswing
- Help Net Security. "Anthropic expands Project Glasswing to 150 organizations in more than 15 countries." helpnetsecurity.com
- TechCrunch. "Anthropic scales Claude Mythos to critical infrastructure in 15+ countries." techcrunch.com
- Engadget. "Anthropic says Mythos has already found more than 10,000 vulnerabilities." engadget.com
- The Hacker News. "Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software." thehackernews.com
- Help Net Security. "Anthropic: Claude Mythos identified 10,000+ software flaws." helpnetsecurity.com
- CyberScoop. "Tech giants launch AI-powered 'Project Glasswing.'" cyberscoop.com
- CSO Online. "What Anthropic Glasswing reveals about the future of vulnerability discovery." csoonline.com
- Arctic Wolf. "Why Frontier AI Models Mark a Turning Point for Cybersecurity." arcticwolf.com
- Amazon Web Services. "Amazon Bedrock now offers Claude Mythos Preview (Gated Research Preview)." aws.amazon.com
- Cloud Security Alliance Labs. "Claude Mythos: AI Vulnerability Discovery and Containment Failures." labs.cloudsecurityalliance.org
- eMarketer. "Anthropic's AI security coalition could make technology safer." emarketer.com
Buy me a coffee