Anthropic announced Project Glasswing on April 7, in partnership with AWS, Apple, Google, and Microsoft. The core claim is that Claude Mythos Preview has reached a level of coding capability where it “can surpass all but the most skilled humans at finding and exploiting software vulnerabilities”. The project deploys that capability defensively, scanning foundational open source software for zero-day exploits before attackers find them. The model has already identified thousands of high-severity flaws across the Linux kernel, OpenBSD, and FFmpeg. Partners get access to Mythos for their own defensive security work. Anthropic is also committing $100M in model usage credits and $4M in donations to open source security organisations.
-finding at this level was previously the domain of elite human researchers and expensive fuzzing infrastructure. Dedicated security teams at Google Project Zero or the OpenSSF Vulnerability Disclosures Working Group could find dozens of high-severity flaws in a year across a single major project. A frontier model scanning the same codebase continuously is a different order of magnitude. The Linux kernel has roughly 30 million lines of C; FFmpeg’s attack surface has been a target for over a decade precisely because it is so widely deployed and so difficult to audit fully. The claim that Mythos is finding “thousands” of flaws suggests either a broader search surface than previous human efforts or a qualitatively different capability for pattern recognition in unsafe code.
Anthropic is releasing a red team report assessing Mythos’s offensive cybersecurity capabilities alongside the defensive initiative. The underlying capability is symmetric: a model that can find and explain exploitable vulnerabilities in the Linux kernel can also help an attacker weaponise them. Anthropic’s bet is that deploying the capability defensively, at scale, before adversaries have equivalent access to the same model, creates a window to patch faster than attackers can exploit. That logic holds as long as the defensive deployment is meaningfully ahead. How long that window stays open is not something anyone can answer honestly, and the announcement does not try to.
For teams maintaining or depending on critical infrastructure, the practical implication is narrower than the headline suggests. The organisations most immediately affected are those responsible for maintaining OpenBSD, FFmpeg, and the Linux kernel, who will receive vulnerability reports generated by Glasswing. For everyone else, the relevant signal is that the bar for automated security review is moving fast. Static analysis tools and traditional fuzzing are now competing with models that can reason about code semantics, not just pattern-match against known bad constructs. Internal security review processes that rely on “we run Semgrep and bandit” as their primary automated layer are increasingly underspecified.
The $100M in model credits is allocated to partners for defensive use, not open access. This is not a tool practitioners can run against their own codebases today. The near-term takeaway is that zero-day discovery for foundational infrastructure is now an AI problem, the economics of it have changed, and organisations that depend on that infrastructure will see faster patch cycles from upstream maintainers as a result.