Project Glasswing Launch — The Claude Mythos Preview Anthropic Chose Not to Release

Anthropic Official / April 15, 2026

Dario Amodei (Anthropic CEO) · 01:09 The fact that LLMs can now write code on par with the world's best software developers means that, with the very same capability, they can also find and exploit software vulnerabilities.

Anthropic official "An initiative to secure the world's software | Project Glasswing" (released April 2026, approximately 5 minutes 48 seconds). Narrated by Dario Amodei (CEO), with Newton Cheng (Frontier Red Team Cyber Lead) featured as a security researcher, plus commentary from Jim Zemlin (Linux Foundation CEO).

In April 2026, Anthropic informed the world of the existence of an AI model it had decided not to release. Its name is Claude Mythos Preview A frontier model with no planned public release that Anthropic began internal evaluation of on February 24, 2026. Trained with a specialization in code generation, it saw a dramatic, side-effect rise in cybersecurity capability. Discovered thousands of zero-day vulnerabilities across major operating systems and every major web browser; autonomously discovered and exploited a 27-year-old bug in OpenBSD and a 17-year-old RCE in FreeBSD. . The reason for not releasing it publicly: its capabilities are too high. Announced at the same time was an industry-wide initiative — together with over 40 partners — to use Mythos for defensive purposes only: Project Glasswing An Anthropic-led cybersecurity initiative announced in April 2026. The name derives from the glasswing butterfly (Greta oto) with its transparent wings — a symbol of the idea that 'even bugs buried in complex code can be addressed once they are made visible.' $100 million in usage credits plus a $4 million open-source donation. Partners: AWS / Apple / Amazon / Google / Microsoft / NVIDIA / Cisco / CrowdStrike / Palo Alto Networks / Broadcom / JPMorgan Chase / Linux Foundation and over 40 others. .

Using Anthropic's official video (5:48) as source material, this article covers (1) what happened technically, (2) why the decision was made not to release, and (3) what Project Glasswing aims to achieve. Around the same time, The AI Show Ep.209 (SmarterX) spent approximately 1 hour 46 minutes unpacking the announcement; that analysis is collected in a separate article, "How to Read Claude Mythos and Project Glasswing — The AI Show Ep.209."

Key Observations

"We trained it to be good at code, and it turned out to be good at cyber too" (01:09 - 01:58)

The core point Dario Amodei opens with. "We recently developed a new model called Claude Mythos Preview. From an early stage, it was clear that this model was substantially better at cybersecurity. There's an accelerating exponential, and on top of it sit meaningful milestones. Mythos Preview is a particularly large jump" (01:09 - 01:45).

The critical recognition: "We didn't train this model to be good at cyber. We trained it to be good at code. But as a side effect of being good at code, it also became good at cyber" (01:45 - 01:58). This implies that security AI is not an independent research area but appears as an inevitable byproduct of general-purpose LLM capability gains.

It reads more naturally in the context of Karpathy's "jagged intelligence" and Hinton's multi-dimensional capability thesis — capabilities do not rise uniformly. Train in one domain and unpredictable jumps occur in another. Cyber happens to be the case where that jagged protrusion emerged in the direction most dangerous to society.

"More bugs in the past few weeks than I'd found in my entire life before" — technical results (03:36 - 04:26)

The testimony of Newton Cheng, Cyber Lead at Anthropic's Frontier Red Team: "Over the past few weeks, I've found more bugs than the sum total of bugs I'd found in my entire career before" (03:36).

Concrete results:

  • A 27-year-old bug in OpenBSD: "Just send a little data and you can crash any OpenBSD server." OpenBSD has been designed as "the unhackable OS" and is used in the lineage running many internet routers and firewalls. A vulnerability buried there for a quarter century was discovered by Mythos.
  • Privilege escalation bugs in Linux: "An unprivileged user can gain administrator privileges just by executing a binary." Multiple instances discovered.
  • Long-undiscovered vulnerabilities in FFmpeg (video tool): ones that automated testing tools had missed across 5 million scans.
  • A 17-year-old RCE in FreeBSD: discovered and demonstrated end-to-end exploitation fully autonomously (zero human intervention after the initial instruction).
  • Firefox benchmark: where Claude Opus 4.6 produced 2 working exploits across hundreds of attempts, Mythos generated 181 (approximately 90x).
  • Thousands of zero-day vulnerabilities across major operating systems and every major web browser discovered, reported to maintainers, with patches already deployed.

The autonomy of "chaining vulnerabilities together" (01:58 - 02:45)

A qualitatively new capability of Mythos. "It has the ability to chain together vulnerabilities. It can find two vulnerabilities that on their own aren't all that useful, then three, four, and sometimes five, combining them in sequence to generate an exploit producing a highly sophisticated final outcome" (02:00 - 02:30).

Why this is possible: "This model is very autonomous. It's generally good at pursuing the kind of long-range tasks a human security researcher would spend a full day on" (02:30 - 02:45). In other words, it can sustain the continuous loop of hypothesis generation → testing → failure → revision at human levels.

"We are not going to release this" — the first full activation of the RSP (02:45 - 03:30)

Dario's declaration. "Obviously, a model with these capabilities could cause harm if it fell into the wrong hands. So we are not going to release this model broadly. More capable models will come, from us and from others. So we need a plan to respond to this" (02:45 - 03:08).

Newton Cheng called this "the starting point of an industry change point, or a reckoning." Within the framework of Anthropic's previously published Responsible Scaling Policy (RSP) / AI Safety Level (ASL) Anthropic's responsible AI scaling policy, announced in 2023. It defines AI Safety Levels (ASLs) according to model capability levels and incrementally tightens safety requirements (containment, monitoring, alignment) at each level. Mythos Preview is in effect an ASL-4-class judgment — the first full activation of the clause that says 'if deployment risk reaches an unacceptable level, deployment will be halted.' (running ASL-1 through ASL-4), the clause stating "if deployment reaches an unacceptable level, we will stop" has been invoked in earnest for the first time.

The alternative strategy is Project Glasswing: "Partner with the organizations running the world's most important code, and have them use it for defense" (03:00 - 03:30). The aim: "Give the people running the world's most important software these advanced tools ahead of anyone else — that becomes our collective head start" (03:00).

The emergence of a coalition — cloud, devices, security, finance, and OSS at the same table (04:26 - 05:18)

The Glasswing partner coalition is a group of normally competing companies:

  • Cloud: AWS, Google Cloud, Microsoft Azure
  • Devices: Apple, NVIDIA, Broadcom
  • Security: CrowdStrike, Palo Alto Networks, Cisco
  • Finance: JPMorgan Chase
  • Open source: Linux Foundation

Dario: "We've also had conversations with senior officials at the U.S. government. We're proposing that we collaborate on assessing the risks of these models and on defending against them" (04:26).

"Cybersecurity is the security of our society. It is essential that the industry comes together, coordinates, and builds better defensive capability" (04:50 - 05:18). This is not a solo Anthropic research project but a declaration of a cross-industry defense coalition. It reads as a recognition of emergency that supersedes the usual competitive relationships.

Video Structure

  • (00:00) Software bugs and vulnerabilities aren't unusual, but some ripple out to society as a whole
  • (01:09) Announcement of Claude Mythos Preview: "becoming good at code made it good at cyber too"
  • (01:58) "Finds bugs on par with professional humans"; "the autonomy to chain vulnerabilities"
  • (02:45) "Not releasing broadly" — the RSP in full operation
  • (03:00) Announcement of Project Glasswing, a collective head start
  • (03:36) "More bugs in the past few weeks than I'd found in my entire life"
  • (03:50) The 27-year-old OpenBSD bug; Linux privilege escalation bugs
  • (04:26) Collaboration with the U.S. government, "software has eaten the world"
  • (04:50) "Cybersecurity is the security of our society"
  • (05:18) Closing — positioned as a long-term project spanning months to years

Related X Posts

Anthropic (@AnthropicAI)
Anthropic
@AnthropicAI

Introducing Project Glasswing: an urgent initiative to help secure the world's most critical software. It's powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans.

2026-04 (estimated) 原典 →

Sources

An initiative to secure the world's software | Project Glasswing — Anthropic official (YouTube)

Related resources:

ダリオ・アモデイ (Dario Amodei)

ダリオ・アモデイ

Dario Amodei

Anthropic 共同創業者・CEO / 元 OpenAI 研究担当 VP

NC

ニュートン・チェン

Newton Cheng

Anthropic Frontier Red Team Cyber Lead

Glossary

Claude Mythos Preview
An unreleased frontier model whose internal evaluation began at Anthropic on February 24, 2026. Trained with a specialization in code generation, it gained dramatically improved cybersecurity capability as a side effect. Discovered thousands of zero-day vulnerabilities across major operating systems and every major web browser; autonomously discovered and exploited a 27-year-old bug in OpenBSD and a 17-year-old RCE in FreeBSD. The decision not to release publicly is the first full-fledged RSP activation in Anthropic's history.
Project Glasswing
An Anthropic-led cybersecurity initiative announced in April 2026. The name derives from the glasswing butterfly (Greta oto) with its transparent wings — a symbol of the idea that "even bugs buried in complex code can be addressed once they are made visible." $100 million in usage credits plus a $4 million open-source donation. Partners include AWS / Apple / Amazon / Google / Microsoft / NVIDIA / Cisco / CrowdStrike / Palo Alto Networks / Broadcom / JPMorgan Chase / Linux Foundation, and over 40 others.
Responsible Scaling Policy (RSP) / AI Safety Level (ASL)
Anthropic's responsible AI scaling policy, announced in 2023. It defines AI Safety Levels (ASL) according to model capability and progressively tightens safety requirements (containment, monitoring, alignment) at each level. Mythos Preview is in effect an ASL-4-class judgment — the first full activation of the clause that says "if deployment risk reaches an unacceptable level, deployment will be halted."
Vulnerability Chaining
A technique in which multiple vulnerabilities that on their own cause little damage are combined in sequence to compose a sophisticated exploit. Dario cites this as a distinctive capability of Mythos. A multi-stage attack that uses one vulnerability (e.g., information disclosure) as an entry point to another (e.g., privilege escalation), then executes the next (e.g., RCE). Mythos can autonomously compose chains of 3-5 stages.
Collective head start
Dario's term. "By giving Mythos to the people running the world's most important software before anyone else, we create a temporal advantage to build defenses before attackers catch up to comparable capability." The strategic rationale of Project Glasswing. Under the assumption that open-source models will catch up within 9-12 months, the goal is to make maximum use of this time differential.