Anthropic just handed Claude Mythos to eleven launch partners. Not a public preview. Not a research release. A controlled handoff, named Project Glasswing, with AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks on the inside, plus around forty other organisations getting access behind them.

Twelve days ago, a draft of the Mythos announcement leaked through a CMS toggle. That document called Mythos "currently far ahead of any other AI model in cyber capabilities" and warned it "presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders." CrowdStrike fell 7 percent on the news. Palo Alto Networks fell 6. Stifel analyst Adam Borg called it "the ultimate hacking tool."

Both of those companies are now Glasswing partners.

That isn't subtle. Anthropic spent twelve days watching their own model get described in the financial press as a vulnerability factory, and their answer is to put it directly in the hands of the firms whose stock prices moved.

The benchmarks earn the framing. On CyberGym, a vulnerability reproduction test, Mythos scored 83.1 percent against Opus 4.6's 66.6 percent. That's a sixteen-point jump on a benchmark where prior frontier models had been clustered tightly. More telling is the Firefox 147 JavaScript engine work. Anthropic's own writeup notes that Opus 4.6 turned its findings into working JavaScript shell exploits "only two times out of several hundred attempts." Mythos developed working exploits 181 times in the same setup, and achieved register control on 29 more. That isn't an incremental improvement. It's a different kind of capability.

OSS-Fuzz tells the same story from another angle. Across roughly seven thousand entry points, Sonnet 4.6 and Opus 4.6 each reached tier 1 between 150 and 175 times and hit tier 2 about 100 times, but each landed only a single tier 3 crash. Mythos hit 595 crashes at tiers 1 and 2 and achieved full control flow hijack on ten separate, fully patched targets. Some of the vulnerabilities it found in major operating systems had survived decades of human review.

So Anthropic has a model that reliably finds and exploits the kind of bugs that ship in every browser and kernel. They're committing $100 million in usage credits to the Glasswing partners, plus $4 million in direct donations to open-source security organisations. And they aren't releasing it publicly.

Whether the head start works is the real question.

Defenders patching with Mythos help everyone, because patches ship to all users. Attackers exploiting with Mythos help only themselves, until the patches catch up. The asymmetry favours the defenders if they move fast and if Mythos stays inside Glasswing. Both of those conditions are doing a lot of work.

The first one I believe in. CrowdStrike and Palo Alto Networks aren't slow. Cisco has incident response teams that move on weekends. JPMorganChase has the budget to throw a model at every internal codebase they own. If Mythos can find decades-old browser bugs in testing, it can find decades-old bugs in proprietary banking infrastructure too, and the patches will quietly ship inside the partner organisations long before anything equivalent becomes public.

The second condition is harder. Anthropic's last two weeks haven't been a triumph of operational security. The same company that shipped 512,000 lines of unobfuscated TypeScript through a missing .npmignore is now the gatekeeper for the most cyber-capable model anyone has talked about publicly. Forty-plus additional organisations are getting access behind the named eleven. That's forty-plus opportunities for a misconfigured CMS toggle, a forgotten npm publish step, or a researcher leaving a laptop in a hotel.

The dual-use problem isn't solved by picking the right first eleven companies. It's delayed. And the delay is the entire strategy. Give defenders enough lead time, the thinking goes, and the security baseline rises before the attackers catch up. It's a reasonable bet. It's also a bet that has to keep being placed, because every Glasswing-style program eventually expires when the model becomes public.

One detail I can't stop thinking about. The system card notes that Mythos found vulnerabilities in cryptographic libraries. Cryptographic library bugs are the worst kind. They break silently, they affect everything downstream, and they often sit undiscovered for years because reviewing crypto code requires specific expertise that almost nobody has. If Mythos is finding these autonomously and the patches flow through Glasswing partners first, the Linux kernel maintainers and the Mozilla security team are about to have a very busy month.

The lab that tried to walk away from defence work over surveillance concerns just picked up a different kind of weapon and handed it to the people who run incident response for half the Fortune 500. The framing is defensive. The capability isn't. Whether those two things stay aligned depends on what happens between now and the public release date that Anthropic hasn't announced yet.

Sources: