Anthropic’s Claude Mythos Preview has found thousands of critical vulnerabilities spanning every major operating system and every major web browser. Over 99% of them are still unpatched. Anthropic isn’t publishing details, the company says doing so would be “irresponsible” given the exposure rate, but it is doing something more consequential: organizing the entire industry to fix the problem.
That’s Project Glasswing. Announced April 8, it’s a cross-industry coalition that Anthropic describes as an initiative “to secure the world’s most critical software and give defenders a durable advantage.” More than 45 organizations have signed on, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, and Nvidia. The Linux Foundation is a confirmed participant per its own announcement.
That list deserves a second read. Google, Microsoft, and Apple, Anthropic’s direct competitors in the frontier model race, joined an Anthropic-led security initiative. That doesn’t happen by accident.
What Mythos Preview actually found
The model has already surfaced notable specific vulnerabilities. One, per Anthropic’s disclosure, had been hiding in OpenBSD for 27 years. The scope isn’t limited to obscure codebases: Anthropic’s research page states the findings cover operating systems, browsers, and cryptographic software. The 99% unpatched rate isn’t a failure of the model – it’s a statement about how far ahead of remediation capacity the discovery engine now runs.
Why this changes the prior Mythos story
Earlier reporting established that Claude Mythos Preview existed as a restricted model deployed only to vetted partners. Project Glasswing is the answer to the obvious follow-up question: restricted to do what, exactly? The answer is large-scale vulnerability research with real disclosure stakes. This shifts Mythos from a capability demonstration to an active security operation with named organizational partners and a coordinated remediation timeline.
What to watch
Glasswing’s value will be tested when the first coordinated disclosures happen. The process, Anthropic finds the bug, coalition members work on patches, Anthropic publishes details only after remediation reaches a responsible threshold, is standard coordinated disclosure practice. The question is whether a coalition of this size can execute it at the speed the discovery rate demands. Security teams responsible for OS and browser-layer infrastructure should monitor Glasswing’s disclosure schedule and audit their own exposure across the named categories now, before the findings become public.
TJS synthesis
Project Glasswing is the most significant AI security initiative announced this cycle, and arguably in the past year. It demonstrates something the agentic AI safety conversation often misses: the same autonomy and capability that makes frontier models dangerous as attack tools makes them extraordinarily powerful as defensive infrastructure. Anthropic has turned its most capable and restricted model into an industry-wide bug-hunting operation. Whether the remediation side of the coalition can keep pace with the discovery side is the question that will determine whether Glasswing delivers durable value or produces a vulnerability backlog no one can clear.