Anthropic Deploys Mythos AI Model in Project Glasswing Cybersecurity Initiative
Anthropic has launched Project Glasswing, a cybersecurity initiative deploying its most powerful AI model Mythos to 12 partner organizations including Amazon, Apple, Microsoft, and Google. The model has already identified thousands of zero-day vulnerabilities, many decades old, as part of defensive security work.
Anthropic Deploys Mythos AI Model in Project Glasswing Cybersecurity Initiative
A New Tier of AI for Cyber Defense
Anthropic on April 7, 2026 announced Project Glasswing, a major cybersecurity initiative that brings together 12 partner organizations to deploy the company most powerful AI model yet—Mythos—for defensive security work. The model has already identified "thousands of zero-day vulnerabilities, many of them critical," according to Anthropic.
Project Glasswing represents a coordinated industry effort to secure critical software infrastructure using AI. The partner organizations include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
Mythos: Anthropic Most Capable Model
Mythos is a general-purpose frontier model that Anthropic describes as "by far the most powerful AI model we have ever developed." The model was originally revealed through a data leak in late March 2026, when a draft blog post was inadvertently left in a publicly accessible data cache.
In the leaked document, Anthropic referred to the model internally as "Capybara" and described it as "a new tier of model: larger and more intelligent than our Opus models—which were, until now, our most powerful." The company said Mythos achieves "dramatically higher scores on tests of software coding, academic reasoning, and cybersecurity" compared to Claude Opus 4.6.
Dual-Use Capabilities
Anthropic has been explicit about the dual-use nature of Mythos capabilities. The same cybersecurity prowess that makes it valuable for defensive work could also be weaponized by malicious actors.
"In preparing to release Claude Capybara, we want to act with extra caution and understand the risks it poses," the leaked document stated. "In particular, we want to understand the model potential near-term risks in the realm of cybersecurity—and share the results to help cyber defenders prepare."
Anthropic noted that Mythos is "currently far ahead of any other AI model in cyber capabilities" and "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders."
The Rollout Strategy
Rather than a general release, Anthropic is taking a measured approach:
- 12 core partners are participating in Project Glasswing, deploying Mythos for defensive security work
- 40 organizations total will gain access to the Mythos preview
- Knowledge sharing — Partners will ultimately share what they learn so the broader tech industry can benefit
- No general availability — The preview is not being made broadly available, Anthropic said
The model is being used to scan both first-party and open source software systems for code vulnerabilities. Despite not being specifically trained for cybersecurity work, Mythos has demonstrated strong agentic coding and reasoning skills that make it effective at identifying security issues.
Context: AI Cybersecurity Arms Race
The Mythos deployment comes as AI labs grapple with the cybersecurity implications of increasingly capable models. In February 2026, OpenAI released GPT-5.3-Codex, which the company classified as "high capability" for cybersecurity-related tasks under its Preparedness Framework—the first model it had directly trained to identify software vulnerabilities.
Anthropic navigated similar risks with Claude Opus 4.6, which demonstrated an ability to surface previously unknown vulnerabilities in production codebases. The company has also reported that hacking groups, including those linked to the Chinese government, have attempted to exploit Claude in real-world cyberattacks.
In one documented case, Anthropic discovered that a Chinese state-sponsored group had been running a coordinated campaign using Claude Code to infiltrate roughly 30 organizations—including tech companies, financial institutions, and government agencies.
Regulatory Tensions
The Project Glasswing announcement comes amid ongoing tensions between Anthropic and the U.S. government. The company is currently locked in a legal battle with the Trump administration after the Pentagon labeled Anthropic a supply-chain risk over the company refusal to allow autonomous targeting or surveillance of U.S. citizens.
Anthropic has engaged in "ongoing discussions" with federal officials about Mythos, though the regulatory environment remains uncertain.
What to Watch
- Vulnerability disclosures — How many of the thousands of identified vulnerabilities will be publicly disclosed
- Partner outcomes — What security improvements result from the Glasswing initiative
- Competitive response — Whether OpenAI, Google, or other AI labs announce similar defensive security initiatives
- Regulatory developments — How U.S. and international regulators respond to increasingly capable AI cybersecurity tools
Sources
- TechCrunch — "Anthropic debuts preview of powerful new AI model Mythos in new cybersecurity initiative" (April 7, 2026) https://techcrunch.com/2026/04/07/anthropic-mythos-ai-model-preview-security/
- Fortune — "Exclusive: Anthropic Mythos AI model representing step change in power revealed in data leak" (March 26, 2026) https://fortune.com/2026/03/26/anthropic-says-testing-mythos-powerful-new-ai-model-after-data-leak-reveals-its-existence-step-change-in-capabilities/
- Anthropic Official — "Project Glasswing" (April 7, 2026) https://www.anthropic.com/news/project-glasswing