I woke to a note that a secret model’s specs were sitting in a public database. You could feel the room go quiet at Anthropic—then fast decisions followed. Within weeks that same model was in the hands of Amazon Web Services, Apple, Google, JPMorgan Chase, Microsoft and NVIDIA.
A public leak revealed more than a development note.
I watched the leak story and felt the same odd tug you might when a flashlight is dropped in a cathedral—sudden exposure where there should have been shadow. Anthropic’s Claude Mythos, unearthed because an unpublished data dump was accessible, went from secret to seized-on evidence that the model exists and behaves in ways the company had warned could be dangerous.
Now Anthropic calls the limited rollout Project Glasswing. About 40 launch partners—including AWS, Apple, Google, JPMorgan Chase, Microsoft and NVIDIA—get a preview build designed to hunt vulnerabilities. Anthropic says Mythos flagged thousands of high-severity flaws across major operating systems and browsers, including a 27-year-old bug in OpenBSD and a Linux chain that could let an attacker seize a machine.
What is Project Glasswing?
You should treat it as a controlled preview: Anthropic’s label for a restricted program that grants select firms access to Mythos Preview to scan code and systems for weaknesses. It’s presented as more capable than Claude Opus 4.6 on vulnerability detection—Anthropic points to benchmark wins, including the CyberGym test, and early anecdotes that read like a security team’s fever dream.
A benchmark win was followed by an uncomfortable claim.
I ran the numbers in my head: Mythos outperforming Claude Opus 4.6, consistent results on CyberGym, and real-world catches in OpenBSD and Linux. Anthropic’s public messaging has been a hard pivot—first warning Mythos “presents unprecedented cybersecurity risks,” then offering it to the largest companies that run critical infrastructure.
This is where the PR narrative and the operational reality collide. Anthropic won’t open Mythos to the public because it says the model could facilitate attacks. Yet the same model is now a defensive tool inside Amazon and Microsoft data centers. You feel the tension: an AI too dangerous for public use, but acceptable inside corporate walls.
Why is Anthropic keeping Mythos private?
The company argues that unrestricted release could arm bad actors. I hear that claim and also the logic of damage control: limiting distribution reduces attack surface while letting trusted partners benefit. But there’s another layer—selling confidence to customers like JPMorgan Chase and NVIDIA by saying, essentially, “We’ll keep this within a vetted circle.”
Big tech accepting access is a practical choice with trade-offs.
Servers at Amazon and Google get millions of requests a minute; security teams there want tools that run faster and find deeper chains of exploitation. Anthropic’s early partners are not random—these are the companies with the most to lose from invisible breaches. The choice to invite them in is a pragmatic one: the same model can harden systems and, if mishandled, hand attackers a roadmap.
I’ve watched this pattern before. Claude Opus 4.6 was touted for finding hundreds of previously unidentified bugs, and now Mythos is being framed as even more potent. These models will become part of the security toolkit and the attacker’s toolkit. Think of the technology as a double-edged scalpel: precise and useful in skilled hands, dangerous in the wrong ones.
How will Mythos affect cybersecurity?
Short answer: it raises the stakes. You’ll see faster discovery of deep, chained exploits and a shift in how vulnerability discovery is resourced. Security teams at Microsoft, Apple and others will likely integrate these models into threat-hunting pipelines, while red teams and malicious actors will race to adapt. The net effect is more rapid patching cycles and a persistent cat-and-mouse game.
A long history of exaggeration and surprise colors what we expect next.
I remember the 2019 OpenAI moment, when a text model was called “too dangerous” and then released; the headlines roared and the world adjusted. Anthropic’s arc follows a familiar script: alarm, guarded release, then corporate adoption. That pattern doesn’t invalidate the risks, but it does suggest that fear-driven messaging is part product strategy and part safety posture.
Anthropic’s claims matter because of scale: when a company says a model found thousands of serious flaws, major platforms sit up. You, as a security professional or a curious reader, should ask who gets access, what limits exist, and how disclosures will be coordinated with projects like OpenBSD and Linux maintainers.
AI will be weapon and shield at once, and industry names—AWS, Google Cloud, Microsoft Azure, NVIDIA—are already trading on that ambiguity. Anthropic is playing a high-stakes hand: steward an incredibly powerful tool without letting it become a universal threat. That choice will shape corporate security playbooks and influence regulators watching models that can reveal or repair critical flaws.
So where does that leave you, and the broader internet community—safe inside a walled garden with better scanners, or on the menu for whoever can replicate the same capability first?