Anthropic isn’t releasing Mythos Preview to the public. It’s doing something more deliberate.
According to Anthropic’s Project Glasswing announcement, the company has assembled more than 45 organizations to test and deploy Mythos Preview specifically for defensive cybersecurity applications, patching vulnerabilities rather than exploiting them. The named participants include Amazon, Microsoft, Apple, Google, and Nvidia, alongside more than 40 additional organizations confirmed by Wired’s reporting.
Mythos Preview earned its restricted status. The model has found thousands of high-severity vulnerabilities, including some in every major operating system and web browser, according to Anthropic’s announcement. According to Anthropic’s internal evaluation, the model reproduced and exploited vulnerabilities in over 80% of cases tested, a figure that is vendor-reported and has not been independently verified. What the model does is chain exploits across systems with a degree of autonomy that prior AI tools haven’t demonstrated.
Why Project Glasswing changes the conversation
The prior story on Mythos focused on the capability: what it can do, and why Anthropic chose not to release it. This is the follow-up: what Anthropic chose to do instead.
Full restriction is the safe choice. It’s also a dead end for the defensive use case. If the same model that finds critical vulnerabilities can be directed to patch them, keeping it locked away entirely means the cybersecurity community can’t use it either. Project Glasswing is Anthropic’s answer to that problem, a structured access model that lets vetted organizations use the capability while limiting exposure.
That distinction matters for practitioners. Security teams at participating organizations gain access to a model that NPR’s reporting describes as capable of reshaping cybersecurity, their words, attributed to Anthropic. Teams outside the initiative get none of that access. The gap between those two groups could widen quickly.
Context: the restricted access pattern
Project Glasswing isn’t the first time a frontier lab has restricted a capable model. But it’s the most explicit attempt to build a governance structure around the restriction rather than simply withholding. Prior approaches have been passive, a lab decides not to release something, offers no access, and moves on. Glasswing is active: Anthropic is deciding who gets access, under what terms, and toward what ends.
That raises questions the initiative doesn’t yet answer. Who audits the participating organizations’ defensive deployments? What liability framework governs a Glasswing partner that misses a vulnerability Mythos should have caught? How does the initiative scale if 45 organizations becomes 450?
What to watch
Watch for partner organizations to begin disclosing specific defensive deployment results, that’s when the initiative’s effectiveness becomes testable rather than theoretical. Watch also for whether other frontier labs build comparable structures. If Glasswing produces measurable defensive outcomes, the pressure on competitors to match the model (not just the capability) will increase.
TJS synthesis
Project Glasswing is worth watching not just as a cybersecurity story but as a governance prototype. Structured, vetted multi-stakeholder access, rather than full release or full restriction, is a model that could apply to any frontier capability deemed too risky for general availability. Whether it works depends on details Anthropic hasn’t fully disclosed yet. That’s exactly what makes it worth tracking.
[For full context on Mythos Preview’s vulnerability capabilities, see our earlier brief: “Anthropic’s Claude Mythos Can Exploit Zero-Day Vulnerabilities, So the Company Is Keeping It Off the Market.”]