The story of Anthropic's most powerful model started with a leak - and it has now become an official program.
Anthropic has launched Project Glasswing, a cybersecurity initiative deploying a limited preview of Claude Mythos - its most capable model to date - to more than 40 partner organizations for defensive security work. Partners include Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, and Palo Alto Networks. The model will scan first-party and open-source software systems for code vulnerabilities. Anthropic claims that over the past few weeks, Mythos identified thousands of zero-day vulnerabilities, many of them critical and some dating back one to two decades.
How Mythos Came to Light
The model's existence was first revealed in late March when Anthropic accidentally left an unpublished draft blog post and nearly 3,000 internal documents in a publicly accessible data cache - a remarkable security lapse for a company warning about AI-driven security threats. Anthropic attributed it to human error in its content management system, where assets are set to public by default unless explicitly changed.
The leaked draft described Mythos as "by far the most powerful AI model we've ever developed" and as a new tier - dubbed Capybara - above its existing Opus line. The document stated: "Although Mythos is currently far ahead of any other AI model in cyber capabilities, it presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders."
Anthropic confirmed the model's existence to Fortune, calling it "a step change" in AI performance.
The Dual-Use Problem
The same capabilities that make Mythos powerful for defense make it dangerous in the wrong hands. A single AI agent scanning for vulnerabilities can operate faster and more persistently than hundreds of human hackers. In January, a Russian-speaking cybercriminal used multiple AI tools - including Anthropic's own Claude - to compromise over 600 devices running firewall software across 55 countries. A Chinese state-sponsored group previously used Claude Code to infiltrate roughly 30 organizations before Anthropic detected and shut down the campaign.
The founder of Cato Networks called Mythos a "watershed event in the history of cybersecurity." The asymmetry is stark: defenders must secure every surface, while attackers only need to find one way in.
The Defensive Bet
Project Glasswing is Anthropic's answer to this asymmetry - a pre-emptive strike to harden critical software before AI-powered attack tools become widely available. Partner organizations will share findings with the broader tech industry. Anthropic is also briefing government officials on the threat landscape Mythos represents.
The preview is not going to be made generally available. For business leaders responsible for cybersecurity infrastructure, the implication is direct: AI-powered vulnerability scanning at scale is already happening among the world's largest technology companies. The gap between organizations with access to tools like this and those without is about to become a meaningful security divide.
