📖 5 min read
An AI model so capable at breaking into computer systems that its own creator refuses to release it publicly. That is where we are in May 2026.
On May 10, Anthropic launched Project Glasswing – a defensive cybersecurity initiative built around Claude Mythos Preview, a frontier AI model the company describes as “far ahead” of anything else when it comes to finding and exploiting software vulnerabilities. The model has already identified thousands of high-severity security flaws, including vulnerabilities in every major operating system and web browser on the planet.
Anthropic is not releasing Mythos to the public. Instead, access is limited to a hand-picked coalition of about 50+ organizations across Project Glasswing – with Anthropic committing up to $100 million in usage credits and an additional $4 million in direct donations to open-source security groups.
Who Is In the Room
Project Glasswing’s launch partners read like a who’s who of big tech and enterprise security:
📧 Want more like this? Get our free The 2026 AI Playbook: 50 Ways AI is Making People Rich — Free for a limited time - going behind a paywall soon
| Company | Sector |
|---|---|
| Amazon Web Services | Cloud infrastructure |
| Apple | Consumer hardware/software |
| Broadcom | Semiconductors / enterprise software |
| Cisco | Networking |
| CrowdStrike | Cybersecurity |
| Cloud / software | |
| JPMorganChase | Banking / finance |
| Linux Foundation | Open-source infrastructure |
| Microsoft | Enterprise / cloud |
| NVIDIA | AI compute |
| Palo Alto Networks | Cybersecurity |
Beyond these launch partners, Anthropic extended access to an additional 40+ organizations that build or maintain critical software infrastructure – covering first-party and open-source systems. Senior US government officials have also been briefed on Mythos capabilities, according to CNN. The European Union is still waiting for access, with Anthropic holding out on releasing the model to the bloc as of this week, per CNBC.
Why This Is Unprecedented
AI companies routinely publish model cards, safety reports, and benchmarks. They do not normally say: “this thing is too dangerous for the general public.” That is what Anthropic is effectively saying with Mythos.
Join 2,400+ readers getting weekly AI insights
Free strategies, tool reviews, and money-making playbooks - straight to your inbox.
No spam. Unsubscribe anytime.
The reason is capability, not caution theater. Mythos Preview – still a preview, not a final release – can scan codebases and pinpoint exploitable vulnerabilities at a speed and depth that, per Anthropic’s own language, “can surpass all but the most skilled humans.” The model found serious flaws across every major OS and browser tested – the kind of bugs state-sponsored hackers spend months hunting manually.
The threat scenario is straightforward: if a model this capable fell into the hands of a ransomware gang, a nation-state actor, or even a well-funded criminal syndicate, the damage to banking systems, healthcare networks, power grids, and government agencies could be catastrophic. The Colonial Pipeline attack in 2021 caused fuel shortages across the US East Coast. A Mythos-level attacker would not stop at one pipeline.
Reuters reported this week that US banks are already in emergency mode – rushing to patch systems after learning of Mythos’ capabilities. The fact that financial institutions are scrambling before the model is even widely accessible says a lot about how seriously the industry is taking this.
The Dual-Use Dilemma in Numbers
| What Mythos Can Do | Defensive Use | Offensive Risk |
|---|---|---|
| Scan for zero-days | Patch before attackers find them | Attackers find and exploit them faster |
| Analyze OS code | Harden Windows, Linux, macOS | Target billions of devices at once |
| Review open-source libs | Secure the supply chain | Poison widely-used packages |
| Speed: superhuman | Defenders scale up fast | Attackers outpace human defenders |
Anthropic’s bet is that controlled, heavily vetted access to Mythos for defenders can outrun the risk of the same capabilities eventually proliferating to bad actors. That is a defensible position – but it is also a race with no finish line.
The $100M Question – Is Restricted Access Enough?
The $100 million in usage credits sounds generous, but context matters. Google alone operates infrastructure handling hundreds of billions of requests per day. A hundred million dollars of AI compute is a real investment, but it is not unlimited coverage across the entire attack surface of the global internet.
The $4 million donation to open-source security organizations is also notable – but small relative to the scale of the problem. The Linux kernel, the software underlying most of the world’s servers, has a total annual security budget far below what a single mid-size ransomware payout generates.
There is also the question of what happens when Mythos-level capabilities – or something equivalent – are developed by labs with less caution. OpenAI, Google DeepMind, and open-source projects are all advancing fast. Anthropic’s controlled rollout buys time. How much time is unknown.
What the EU Situation Reveals
Anthropic is reportedly withholding Mythos from the EU. While OpenAI announced this week that it would grant EU access to its new cyber model, Anthropic has not done the same. This is either a regulatory caution play – EU AI Act compliance is complex – or a geopolitical choice, or both. Either way, it creates an awkward asymmetry where US organizations can defensively scan with Mythos but European infrastructure cannot, at least not yet.
The Glasswing Name – Not an Accident
A glasswing butterfly is nearly transparent – hard to see, near-invisible. The name is fitting for a security initiative meant to find invisible vulnerabilities before attackers do. Whether that brand exercise lands or not, the initiative itself is structurally serious: Microsoft, Google, and Apple at the same table on a security project is not a PR stunt. These companies compete fiercely and agree on very little. The fact that they are all here suggests the threat is real.
BetOnAI Verdict
Anthropic deserves credit for taking the dual-use problem seriously – and for actually doing something concrete rather than just writing a safety blog post. Bringing in 11 major technology companies and 40+ critical infrastructure organizations into a coordinated defensive effort is meaningful.
But the limitations are real. $100M in credits is a floor, not a ceiling. Restricted access is a temporary shield, not a permanent solution. The EU exclusion is a notable gap. And the core tension – that the same capability which can defend systems can also destroy them – does not get resolved by any press release or coalition.
If you run infrastructure – even moderate-scale – the Mythos story is a signal to accelerate your own vulnerability patching backlog now, before equivalent tools become available to attackers. The defenders got a head start. The question is how long it lasts.
The bet: Glasswing succeeds at hardening a meaningful chunk of critical infrastructure before Mythos-level tools proliferate to bad actors. The odds are uncertain. The stakes are not.
Sources:
- Anthropic – Project Glasswing: Securing critical software for the AI era
- The Guardian – What is Mythos AI and why could it be a threat to global cybersecurity?
- Reuters – Anthropic’s Mythos sends US banks rushing to plug cyber holes
- CNBC – OpenAI to give EU access to new cyber model but Anthropic still holding out on Mythos
- CNN – Microsoft, Google and xAI will let the government test their AI models before launch
Enjoyed this? There's more where that came from.
Get the AI Playbook - 50 ways AI is making people money in 2026.
Free for a limited time.
Join 2,400+ subscribers. No spam ever.