Inside Project Glasswing: How Anthropic's Claude Mythos is Autonomously Patching the Internet

For decades, the fundamental math of cybersecurity has heavily favored the attacker. A defensive team must secure millions of lines of code against every conceivable vector, while an adversary only needs to find a single overlooked flaw to compromise a network [8]. In early 2026, the emergence of highly autonomous frontier AI models threatened to accelerate this asymmetry to a breaking point. However, an unprecedented industry mobilization is currently attempting to invert that dynamic, deploying advanced AI to autonomously audit and patch the world's critical infrastructure before threat actors can acquire equivalent capabilities [1, 8].[1][8]

The catalyst for this shift is Claude Mythos Preview, an unreleased frontier AI model developed by Anthropic. Originally designed to push the boundaries of autonomous software engineering, the model's deep comprehension of complex codebases inadvertently resulted in exceptional cybersecurity capabilities [1]. Evidence of these capabilities is strong and empirically verified: rather than merely flagging potential errors like traditional static analyzers, Mythos can autonomously trace data flows, identify zero-day vulnerabilities, and write the functional exploit code required to compromise a system [1, 3].[1][3]

The most rigorous public assessment of the model's offensive potential comes from the United Kingdom's AI Security Institute (AISI). In April 2026, the agency published evaluations demonstrating that Mythos Preview represents a significant escalation in machine-driven cyber performance [3]. The AISI tested the model against "The Last Ones" (TLO), a highly complex 32-step corporate network attack simulation that requires an estimated 20 hours of human labor to complete [3].[3]

The AISI's findings provide concrete evidence of the model's autonomy. Mythos Preview became the first AI model to solve the TLO simulation from start to finish, succeeding in 3 out of 10 attempts and completing an average of 22 out of 32 steps across all trials [3]. The agency concluded that the model is capable of executing multi-stage attacks and autonomously exploiting vulnerabilities in weakly defended enterprise systems—tasks that would traditionally require days of work by human professionals [3].[3]

Recognizing that releasing such a model to the public could trigger a catastrophic wave of automated cyberattacks, Anthropic restricted access to Mythos [1, 4]. Instead, on April 7, 2026, the company launched Project Glasswing, a defensive coalition granting exclusive access to the model to a vetted group of major technology providers [1]. The founding partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, Microsoft, NVIDIA, and Palo Alto Networks [1].[1][4]

The stated objective of Project Glasswing is to weaponize the model for defense, utilizing its capabilities to scan and secure both proprietary platforms and the open-source software that underpins the modern internet [1]. The early empirical results from this deployment are staggering. By late May 2026, Anthropic reported that the initial 50 partners had collectively used Mythos to discover more than 10,000 high- or critical-severity vulnerabilities in systemically important software [2].[1][2]

The nature of the discovered vulnerabilities underscores the limitations of traditional security tooling. According to Anthropic's red team, Mythos uncovered a 27-year-old remote-crash vulnerability in OpenBSD, an operating system renowned for its rigorous security hardening [1]. It also identified a 16-year-old flaw in FFmpeg—a ubiquitous video processing library—locating a vulnerable line of code that automated fuzzing tools had tested five million times without triggering an alert [1]. Furthermore, the model demonstrated the ability to autonomously chain together multiple low-level vulnerabilities in the Linux kernel to achieve full system control [1].[1]

While the evidence for AI-driven vulnerability discovery is robust, the initiative faces a significant operational bottleneck: human verification and patching [2]. Discovering a flaw takes seconds, but verifying the finding, developing a secure patch, and coordinating its deployment across the global software supply chain remains a labor-intensive process [2]. This friction is particularly acute in the open-source ecosystem, which relies heavily on volunteer maintainers [2].[2]

To address this disparity, Anthropic committed up to $100 million in usage credits for defensive security work and $4 million in direct donations to open-source security organizations [1]. However, there is transparent uncertainty regarding whether this financial injection will be sufficient to clear the massive backlog of vulnerabilities the AI is generating, or if open-source maintainers will simply be overwhelmed by the influx of critical reports [2, 8].[1][2][8]

In the enterprise sector, where organizations control their own codebases, remediation is moving significantly faster. By late May, enterprise partners had already deployed patches for over 2,100 vulnerabilities discovered by the model [2]. The initiative expanded rapidly; by early June 2026, the coalition had grown to encompass approximately 200 organizations across more than 15 countries [4].[2][4]

The deployment extends deep into critical financial infrastructure. On June 4, 2026, the Intercontinental Exchange (ICE)—the operator of the New York Stock Exchange and major global clearinghouses—announced it had integrated Claude Mythos Preview into its core cybersecurity architecture [5]. ICE executives confirmed the model is actively scanning the trading platforms and mortgage technology systems that serve as the backbone of global capital markets, aiming to remediate flaws before they can be exploited [5].[5]

Despite the success of the defensive rollout, the broader strategic window is closing. Security analysts at Bain & Company note that while Mythos is currently restricted, equivalent capabilities are actively being developed by other organizations, including OpenAI's GPT-5.4-Cyber and Google's Big Sleep [6]. The era of AI-enabled cyberattacks at scale is inevitable, shifting the immediate priority to strengthening foundational cybersecurity postures before these tools proliferate [6].[6]

Bain's analysis highlights a critical vulnerability: chronic corporate underinvestment in cybersecurity [6]. Many organizations, particularly those operating legacy operational technology in the energy, manufacturing, and transportation sectors, possess deep underlying weaknesses that AI-driven attacks will rapidly expose [6]. Analysts argue that incremental budget increases will be insufficient, suggesting that many businesses will need to double their cybersecurity spending to survive the coming shift [6].[6]

In the interim, AI developers are attempting to thread a delicate needle between releasing capable models and preventing mass exploitation. When Anthropic released its consumer-facing Fable 5 model to the public on June 9, 2026, it implemented strict safeguards [4]. Any user queries related to advanced cybersecurity, biology, or chemistry are automatically intercepted and routed to the older, less capable Opus 4.8 model, effectively neutering the public tool's hacking potential [4].[4]

The ultimate efficacy of Project Glasswing remains an open question [8]. While the initiative has successfully demonstrated that frontier AI can be harnessed to identify and patch thousands of critical zero-day vulnerabilities, it is fundamentally a race against time [1, 7]. The coalition must secure the internet's foundational architecture before the inevitable democratization of these offensive capabilities places a machine-speed hacker on the laptop of every threat actor in the world [7, 8].[1][7][8]