April 7th, I woke up and scrolled through my phone, saw Anthropic dropped an announcement. Thought it was another model update, clicked in—
Turns out it wasn’t a new model launch. They took a model that hasn’t been released yet and scanned critical software worldwide, finding thousands of zero-day vulnerabilities in just a few weeks.
My first thought: wait, is this some sci-fi movie plot?
Project Glasswing: A $100 Million Security Gamble
Anthropic named this initiative Project Glasswing, named after the glasswing butterfly (Greta oto)—a butterfly with nearly transparent wings. The message is clear: make software security transparent and visible.
The concrete commitments:
- $100 million in AI credits, available to partners for vulnerability scanning
- $400 million in direct donations to open source security organizations
- All discovered vulnerabilities must be shared with the industry
The partner lineup is impressive. AWS, Apple, Google, Microsoft, NVIDIA on the tech giant side; CrowdStrike, Palo Alto Networks, Broadcom, Cisco on the security side; JPMorganChase representing finance; Linux Foundation representing the open source community. Plus roughly 40 other organizations responsible for maintaining critical software infrastructure.
This isn’t Anthropic doing this alone—they brought the entire industry along.
Claude Mythos Preview: Anthropic’s Strongest Card
The core weapon of this entire initiative is a model called Claude Mythos Preview. It’s the most powerful model Anthropic has developed to date, and it’s not publicly released yet.
Let’s look at the numbers: On the CyberGym vulnerability reproduction benchmark, Mythos Preview scored 83.1%, while the current strongest public model, Claude Opus 4.6, scored 66.6%. A gap of over 16 percentage points—that’s a pretty significant jump for a benchmark at this level.
But the numbers aren’t the most shocking part. The shocking part is what it actually accomplished.
Those Vulnerabilities Dug Up by AI
The 27-Year-Old OpenBSD Vulnerability
OpenBSD’s reputation in the security world doesn’t need explaining—it’s an OS known for security, with core developers spending decades on security hardening. And yet Mythos Preview found a remote crash vulnerability that had been there for 27 years—anyone could remotely crash an OpenBSD machine.
27 years. How many security experts have looked at this code, how many automated tools have scanned it, and nothing was caught.
The 16-Year-Old FFmpeg Vulnerability
FFmpeg is the underlying dependency for almost all video processing software—VLC, Chrome, you name it. Mythos Preview found a vulnerability that had been hidden for 16 years, and here’s the kicker—automated fuzzing tools had hit this code over 5 million times and never found the issue.
One look by AI and it spotted it.
Linux Kernel Privilege Escalation Chain
Mythos Preview doesn’t just find single vulnerabilities. It autonomously found multiple vulnerabilities in the Linux kernel and chained them together—from a regular user all the way to full control of the entire machine.
This ability to “find vulnerabilities → figure out how to chain them → build a complete attack path”—before this, that required top-tier red team members taking weeks or even months to accomplish.
And according to Anthropic, almost all of this was done completely autonomously by the model, without human guidance.
Why Not Release It?
Anthropic is well aware of this model’s double-edged nature. An AI that can find vulnerabilities can also be used to attack them. So Mythos Preview is currently only available to Glasswing partners and roughly 40 critical infrastructure maintenance organizations.
Their exact words: “At the pace of AI progress, such capabilities will eventually扩散—可能擴散到不會承諾安全部署的行為者手中” (spread to actors who won’t commit to secure deployment)."
Basically what they’re saying is: we have this capability now, others will eventually have it too. Rather than wait for the bad guys to get it first, let’s use it to patch the holes first.
Anthropic also revealed something—they discovered the first recorded predominantly AI-executed cyberattack: a Chinese state-sponsored hacker group used AI agents to autonomously infiltrate around 30 targets globally.
This isn’t a theoretical threat. It’s already happening.
Shockwaves in the Security Industry
Wall Street’s reaction was pretty direct. Major security companies like CrowdStrike, Palo Alto Networks, Zscaler, SentinelOne, Okta saw their stock prices drop 5% to 11%.
The investor logic is simple: if AI can autonomously find and fix vulnerabilities, where’s the moat for traditional security companies?
But I think this reaction is a bit overblown. Glasswing is currently a defensive tool, and the vulnerabilities AI finds still need human developers to fix. In the short term, this is more of an upgrade catalyst for the security industry than a replacement. But long term, if AI can not only find vulnerabilities but also automatically patch them, that will definitely redefine the value chain of the entire industry.
Significance for the Open Source Community
This might be the most important aspect of Glasswing. Linux Foundation CEO Jim Zemlin put it directly:
“Open source software makes up the vast majority of code in modern systems… giving maintainers of these critical open source libraries access to next-generation AI models to proactively discover and fix vulnerabilities, Project Glasswing provides a viable path to change the status quo.”
Open source software security has always been a structural problem. Maintainers are usually volunteers or small teams without resources for comprehensive security audits. But the code they write is depended on by commercial software worldwide. If the $100 million in AI credits can really help these projects do security scanning they couldn’t do before, that’s a tangible improvement.
My Observations
As someone who works with AI Agent teams every day, my reaction to this news is complicated.
The exciting part: Claude series capabilities just jumped another level. Mythos Preview scoring 16 percentage points higher than Opus 4.6 on CyberGym means the next generation of public models should have significantly better reasoning and code understanding.
The concerning part: AI’s ability to autonomously discover and chain vulnerabilities is a double-edged sword. Anthropic’s choice to not release it publicly and use it only for defense is responsible. But as they themselves said, this capability will eventually spread.
The practical part: No matter how you feel about AI security, one thing is certain—if you’re maintaining any critical software, it’s time to take AI-assisted security auditing seriously. A vulnerability that went undetected by humans for 27 years, AI dug it up in a few weeks. This gap will only keep growing.
Key Takeaways
| Item | Content |
|---|---|
| Program Name | Project Glasswing |
| Launch Date | April 7, 2026 |
| Investment | $100M in AI credits + $400K in donations |
| Core Model | Claude Mythos Preview (unreleased) |
| Benchmark | CyberGym 83.1% (Opus 4.6 at 66.6%) |
| Key Findings | Thousands of zero-day vulnerabilities (OpenBSD 27 years, FFmpeg 16 years) |
| Partners | AWS, Apple, Google, Microsoft, NVIDIA, CrowdStrike, etc. |
| Public Status | Partners only, not publicly released |
This is the most important announcement in the AI industry so far in 2026. Not because another stronger model was released, but because it was the first time AI demonstrated overwhelming advantage in real-world security—and chose to use that advantage for defense.
Anthropic’s move deserves respect.