Two weeks ago, the world found out about Claude Mythos through a leak nobody at Anthropic intended. A misconfigured S3 bucket or CMS exposed internal details about a highly capable, unreleased cybersecurity model being quietly handed off to security researchers. The disclosure was accidental. The capabilities it described were not.
Now Anthropic has gone on record. They've officially announced Project Glasswing, a structured initiative built around a simple question: what do you do with an AI model so powerful you can't responsibly release it to the public?
What Is Claude Mythos?
Mythos Preview is Anthropic's unreleased frontier model purpose-built around cybersecurity. According to the official announcement, it has already identified thousands of high-severity vulnerabilities, including flaws in every major operating system and web browser. In Anthropic's own words, its capabilities "surpass all but the most skilled humans at finding and exploiting software vulnerabilities."
To put that in context: Opus 4.6 is already one of the strongest publicly available models on agentic coding and reasoning benchmarks. Mythos Preview outperforms it by roughly 25% across software engineering tasks. On penetration testing evaluations like Cyber Gym, it isn't close. This isn't an incremental upgrade. It's a genuinely different class of capability.
The problem follows naturally from that. A model this capable of finding and exploiting vulnerabilities is just as useful for offense as defense. Anthropic's answer is that it won't be released to the general public, not as a consumer product and not as an API tier anyone can sign up for. Instead, it becomes the foundation of Project Glasswing.
What Project Glasswing Actually Is
Glasswing is a controlled access program. A coalition of major technology companies, including Amazon Web Services, Apple, Broadcom, and Cisco, will receive access to Mythos Preview to find and fix vulnerabilities in their own foundational systems. Penetration testing is permitted, but only against participants' own infrastructure. The model cannot be pointed at external targets.
Beyond the named launch partners, Anthropic has extended access to over 40 additional organizations that build or maintain critical software infrastructure, so they can scan and secure both proprietary and open-source systems. Anthropic is committing up to $100 million in model usage credits to support this work, plus $4 million in direct donations to open-source security organizations, including $2.5 million to Alpha-Omega and the Open Source Security Foundation through the Linux Foundation, and $1.5 million to the Apache Software Foundation.
Post-preview pricing for participants has also been disclosed: $25 to $125 per million input and output tokens. Access runs through the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Azure Foundry. This is firmly in enterprise territory.
Why This Matters Beyond the Announcement
The transparency here is deliberate. Glasswing is partly a research initiative and partly a proof of concept. Anthropic intends to publish findings, including vulnerability counts, improvements made, and general learnings that can be shared without compromising partner security. Partners are expected to share best practices with each other within 90 days.
The longer-term angle is what I find most interesting. A model that gets tested against real production infrastructure at some of the largest technology companies in the world is building up something genuinely valuable: ground truth data on what secure and insecure code looks like at scale. That knowledge doesn't disappear. The logical next step is a version of this capability embedded into something like Claude Code, not the full offensive power of Mythos, but the remediation intelligence it accumulates. Secure-by-default code generation backed by a model that has seen real vulnerabilities in real systems is a compelling pitch.
Anthropic is also being upfront about urgency. Their statement notes that AI capabilities of this magnitude will likely reach actors who aren't committed to deploying them safely, and probably sooner than most people expect. Glasswing is a preemptive move to get defensive capabilities operational before the gap between defenders and attackers gets any wider.
A Note on Anthropic's Track Record Right Now
It's worth saying plainly: Anthropic has had two significant configuration-related leaks in the past 30 days. One of them is how Mythos became public knowledge in the first place. For a company now handling a model with real offensive cybersecurity potential, that's a pattern worth watching. The Glasswing announcement shows responsible thinking about deployment. The operational security around the model itself needs to hold up at the same level.
What Comes Next
Project Glasswing is a starting point, not a finished product. Anthropic has said the work will continue for months, scope will expand, and findings will be shared publicly where possible. Given how fast things have been moving, meaningful updates could come sooner than anyone expects.
The bigger open question is whether some version of Mythos eventually reaches a broader audience, through Claude Code, a tiered enterprise offering, or something else entirely. That answer isn't here yet. But Anthropic isn't trying to lock this away permanently. They're building the track record that makes a broader release defensible, and Glasswing is how they're doing it.