Anthropic has built an AI model so capable at AI cybersecurity research that it will not release it to the public. Claude Mythos Preview, the company’s newest and most powerful system, is instead being made available exclusively to a coalition of more than 40 technology companies, including Apple, Amazon, Microsoft, and Google. Their mission: find and patch critical software vulnerabilities before malicious actors gain access to similar capabilities. Anthropic is committing up to $100 million in Claude usage credits to the effort and calling it the beginning of an industry reckoning.
A model too powerful for public release
Anthropic revealed on Tuesday that Claude Mythos Preview, code-named “Capybara” during development, represents what the company calls a “step change” in AI capabilities, with dramatic improvements in coding and cybersecurity research.
The coalition, called Project Glasswing, also brings together hardware providers such as Cisco and Broadcom, alongside organizations that maintain critical open-source software, including the Linux Foundation.
“The goal is both to raise awareness and to give good actors a head start on the process of securing open-source and private infrastructure and code,” said Jared Kaplan, Anthropic’s chief science officer.
The name Project Glasswing borrows from the glasswing butterfly, an insect that uses transparent wings to hide in plain sight. According to Kaplan, the metaphor is apt. Many of today’s most critical software programs contain bugs and vulnerabilities that have existed in the open for years, buried in technical systems too complex for any human to fully examine.
Why this matters for AI cybersecurity
The implications for AI cybersecurity are staggering. Anthropic says Claude Mythos Preview can already carry out autonomous security research. It can scan for and exploit so-called zero-day vulnerabilities, the kind of flaws unknown even to a program’s own developers. These efforts can often be triggered by amateurs with simple prompts.
Logan Graham, who leads the Anthropic team responsible for testing new models for dangerous capabilities, described the moment in stark terms. He called the new model “the starting point for what we think will be an industry change point, or reckoning, with what needs to happen now.”
The model has already identified thousands of bugs and vulnerabilities in popular software programs, including every major operating system and browser. One discovery was a 27-year-old bug in OpenBSD, an open-source operating system specifically designed to resist hacking. Many internet routers and secure firewalls rely on OpenBSD’s technology. Another was a longstanding issue in a popular video software program that automated testing tools had scanned five million times without flagging a single problem.
“This model is good at finding vulnerabilities that would be well understood and findable by security researchers,” Graham said. “At the same time, it has found vulnerabilities, and in some cases crafted exploits, sophisticated enough that they were both missed by literally decades of security researchers, as well as all the automated tools designed to find them.”
The business of building and warning
Anthropic occupies an unusual position in today’s AI landscape. The company races to build increasingly powerful AI systems while simultaneously drawing attention to the risks those very systems create. It generates billions in revenue selling access to its models. At the same time, it provokes difficult conversations about what that technology could do in the wrong hands.
That tension is not new. The company was deemed a supply-chain risk earlier this year by the Pentagon for demanding certain limitations on how its technology could be used. A federal judge later stopped that designation from going into effect.
On Monday, Anthropic announced that its projected annual revenue had more than tripled in 2026, surging past $30 billion from $9 billion. Much of that growth stems from the popularity of Claude as a programming tool. The company has focused on making Claude exceptionally good at completing lengthy coding tasks, positioning it as indispensable for both professional programmers and amateur “vibecoders.”
Here is the critical connection for anyone tracking the AI cybersecurity space: an AI system designed to write and understand code at that level is also extraordinarily good at finding flaws in code. It can run automated scans for bugs and vulnerabilities that allow hackers to seize control of machines, expose sensitive data, or cause widespread disruption.
The precedent and why this time is different
The decision to withhold Claude Mythos Preview from general release has some precedent. In 2019, OpenAI announced it had built GPT-2 but chose not to release the full version right away. The company argued that its text-generation capabilities could be weaponized to automate propaganda or misinformation at scale. OpenAI eventually released the model after additional safety testing. Many of the leaders behind that GPT-2 project later left OpenAI to start Anthropic.
This time, though, Anthropic is making a more urgent claim. The company’s executives say Claude Mythos Preview goes beyond theoretical risk. It is already performing autonomous security research at a level that redefines what defenders and attackers can accomplish. The AI cybersecurity threat is no longer something to prepare for in the abstract. It is here.
Elia Zaitsev, the chief technology officer of CrowdStrike and a participant in Project Glasswing, reinforced that urgency. He said in a statement that the model “demonstrates what is now possible for defenders at scale, and adversaries will inevitably look to exploit the same capabilities.”
“What once took months now happens in minutes with A.I.,” Zaitsev added.
A fundamental question about software security
Graham raised a question that every executive and founder should sit with: does the current paradigm of software security still work?
“There are a lot of really critical systems around the world, whether it’s physical infrastructure or things that protect your personal data, that are running on old versions of code,” Graham said. “If these previously were mostly secure because it took a lot of human effort to attack them, does that paradigm of security even work anymore?”
That question cuts to the heart of the AI cybersecurity conversation. For decades, organizations have relied on the assumption that their legacy systems were safe enough because exploiting them required resources that most attackers did not have. A sophisticated zero-day exploit might take a team of elite researchers weeks or months to develop. When a sufficiently powerful AI model can do the same work in minutes, the economics of cybersecurity change entirely.
Nikesh Arora, the chief executive of Palo Alto Networks, captured the scale of the challenge in a recent blog post. “Imagine a horde of agents methodically cataloging every weakness in your technology infrastructure, constantly,” he wrote.
What leaders should take away from this
It is fair to approach claims about unreleased AI models with a healthy degree of skepticism. AI companies have a track record of overpromising. In this case, however, independent cybersecurity researchers who have tested Claude Mythos Preview characterize it as a genuine and significant risk.
According to Kaplan, the AI cybersecurity capabilities of Claude Mythos Preview are not a result of special training. They are simply one of many areas where the model outperforms its predecessors. He predicted that competing models will develop similar capabilities soon. As that happens, the arms race between attackers and defenders will only intensify.
“As the slogan goes, this is the least capable model we’ll have access to in the future,” Kaplan said.
That statement should serve as both a warning and a call to action. The organizations that move quickly to audit their code, patch their systems, and adopt AI-powered defensive tools will be the ones best positioned to weather what comes next. Those who wait may find that the vulnerabilities buried in their software for decades are no longer hidden from anyone.
