Anthropic announced on 7 April that it is giving a select group of major technology and cybersecurity firms early access to Claude Mythos — described internally as 'by far the most powerful AI model' the company has ever developed. The initiative, called Project Glasswing, is focused exclusively on defensive cybersecurity, allowing participating organisations to use Mythos Preview to identify vulnerabilities in critical software infrastructure before the model sees a wider release.
The participating organisations read like a who's who of global technology: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, and Nvidia, alongside approximately 40 additional organisations involved in critical software infrastructure. Within weeks of testing, Anthropic reports the model has identified thousands of zero-day vulnerabilities, many of which were critical and difficult to detect using conventional methods. Among the discoveries was a 27-year-old bug in OpenBSD that had evaded detection for nearly three decades.
The strategic logic is clear. Anthropic recognises that AI models capable of autonomous vulnerability detection will eventually proliferate — as the company stated, 'Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors committed to deploying them safely.' By giving defenders access first, Anthropic aims to ensure that critical infrastructure is hardened before offensive actors gain similar capabilities. It is a responsible disclosure approach applied at the model level rather than the vulnerability level.
For context engineers, Project Glasswing signals something important about the trajectory of AI capabilities. A model that can autonomously discover zero-day vulnerabilities in decades-old codebases represents a qualitative leap in agentic reasoning — the same capabilities that make Mythos dangerous in the wrong hands also make it extraordinarily useful for code review, security auditing, and the kind of deep codebase analysis that developers working with Claude Code already rely on. When Mythos eventually reaches general availability, the implications for how we build, test, and secure software will be profound.
