Anthropic shared the details of Project Glasswing on April 7, which centers on a restricted release of their unreleased Claude Mythos Preview model. They are giving access to eleven lead partners, including companies like AWS, Apple, Google, and NVIDIA, along with about 40 other organizations that manage the systems our software infrastructure actually runs on. To get things moving, Anthropic set aside $100 million in usage credits and donated $4 million to security groups like the Apache Software Foundation. Once the preview ends, the model will cost $25 per million input tokens and $125 per million output, which is essentially a five-fold jump over the price of their current top-tier model.
The most striking part of the announcement is that Mythos Preview found thousands of serious vulnerabilities entirely on its own. These weren't obscure bugs; they were found across all major operating systems and browsers. Anthropic highlighted three specific cases that have since been patched. These are the kind of examples that make security pros view this as a fundamental shift in the field rather than just another minor tool update.
In one instance, the model found a bug in OpenBSD that had gone unnoticed for 27 years. That matters because OpenBSD is the platform people often turn to when security is the only thing that counts. It also found a 16-year-old flaw in FFmpeg, a piece of code used to handle video in almost everything. Automated tools had already hammered that specific line of code five million times without seeing the problem. Perhaps most impressively, the model was able to chain several Linux kernel bugs together to take full control of a system, starting from a basic user account, without any human guidance.
The testing data backs this up. On CyberGym, which uses a set of 1,507 real-world security issues, Mythos Preview hit a score of 83.1% while the next best model stayed at 66.6%. It reached nearly 94% on the SWE-bench Verified test, and on the more difficult "Pro" version of that benchmark, it outperformed previous models by over 20 points.
What this disclosure strategy really tells us is how Anthropic is trying to balance safety with its own market position. Partners get access to a powerful model early, and in exchange, Anthropic gets to see how these tools work in actual security operations. It allows companies like Microsoft or Cisco to start building the next generation of defense methods while the group as a whole sets the rules for how these powerful models should be handled in the future.
The pricing is the most honest part of the whole thing. Anthropic isn't treating this like a research project anymore. By making it available through major clouds at such a high premium, they are signaling that this is a professional-grade product. The credits aren't exactly a subsidy; they are a way to lock users into a specific ecosystem during this transition.
Security teams don't usually fail because they can't find enough bugs. They fail because they get buried under a pile of findings and can't figure out which ones are actually dangerous or how to fix them without crashing their systems. That's why Glasswing is leaning so hard into automated patching and better triage. The real value isn't just in spotting the signal; it's in the loop that goes from finding a problem to verifying a working fix. The companies that own the systems for managing those changes are the ones who will end up with the most control.
It is worth remembering that these improvements don't just help the good guys. Records from CrowdStrike show that attackers now only need about half an hour to break out of an initially compromised system. AI-assisted attacks are already on the rise, and small organizations that can't afford these expensive new tools are falling further behind. An attacker only needs to find one mistake, but the defenders have to be right every single time.
Glasswing is designed for the largest, best-protected organizations. It leaves open source infrastructure in a difficult spot, as that code is used by everyone but rarely has the budget for high-end security maintenance. If these autonomous capabilities get into the hands of attackers over the next year, the groups currently in Glasswing will have a head start, but everyone else will be playing catch-up in a much more dangerous environment.
For anyone looking at this from an investment perspective, the winners are the platforms that handle the "fix" rather than just the "find." Companies focused on endpoint, cloud, and identity management that can actually deploy verified patches are in a strong position. Finding a bug is starting to look like a commodity; the real money is in being the one who can actually solve the problem for a large enterprise.
not investment advice
Sources: https://www.anthropic.com/glasswing
