Project Glasswing: Claude Mythos Found Zero-Days in Every Major OS

Anthropic's most capable model found zero-day vulnerabilities in every major operating system and every major web browser. It did not do this over months of research — it did it in weeks, autonomously, and Anthropic is not releasing it to the public. Instead, they committed $100M in model usage credits and assembled a coalition of AWS, Apple, Google, Microsoft, Nvidia, Cisco, CrowdStrike, and JPMorgan to use Claude Mythos Preview exclusively for defensive security work under Project Glasswing.

The reason Mythos is not publicly available is in that first sentence. A model that can autonomously identify and exploit zero-days in Windows, macOS, Linux, Chrome, Safari, and Firefox is dual-use in a way that makes open access a different calculation than ordinary AI capabilities.

What Claude Mythos Preview Can Actually Do

Mythos Preview is described as a general-purpose language model that is "strikingly capable" at computer security tasks. The specific capability that makes Project Glasswing necessary rather than optional:

It can identify and exploit zero-day vulnerabilities autonomously. Not assist a researcher. Not suggest approaches. Fully autonomously find vulnerabilities in production codebases and then generate working exploits.

The documented example: Mythos Preview fully autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD that allows root access on any machine running NFS. That vulnerability has now been triaged as CVE-2026-4747. It sat undetected in production FreeBSD for 17 years. An AI model found it in weeks of autonomous scanning.

Across Anthropic's internal research over the past few weeks: thousands of zero-day vulnerabilities across every major operating system and every major web browser. These have been disclosed to vendors under coordinated vulnerability disclosure before being made public. The scale — thousands of findings across the entire major software stack — is the signal that AI-assisted vulnerability discovery has crossed a threshold.

Anthropic's red team assessment is direct: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities. That assessment has two implications — one for defenders (AI can find what humans miss) and one for the threat landscape (so can attackers who get access to comparable models).

What Project Glasswing Is

Project Glasswing is an industry-wide initiative to use Mythos Preview's security capabilities for defence before they become available to attackers. The structure:

The $100M commitment: Anthropic is providing $100M in model usage credits to Project Glasswing participants and additional qualifying organisations. This covers substantial usage throughout the research preview period — enough for serious large-scale security scanning programmes.

The founding coalition: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks are founding members. These are the organisations responsible for the most widely-deployed software infrastructure in the world. Getting all of them into a coordinated defensive programme before the capability is public is what Anthropic is calling "getting ahead of the curve."

The expanded access: Roughly 40 additional organisations responsible for critical software infrastructure have received access. These are not named publicly but likely include major cloud providers, financial infrastructure operators, and open-source foundations.

Financial grants: Anthropic donated $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5M to the Apache Software Foundation — targeting the open-source infrastructure that underlies almost every production software stack globally.

The name "Glasswing" refers to the Glasswing butterfly, whose wings are transparent — the goal is software with no hidden vulnerabilities to hide.

Why Mythos Is Not Public

The dual-use framing is direct in Anthropic's communications: a model capable of finding and exploiting zero-days in every major OS and browser is a model that, in the wrong hands, enables mass exploitation at a scale and speed that has no prior analogue.

Previous AI-assisted security tools required significant human expertise to operationalise. A researcher still had to understand what the model found, validate it, write an exploit, and deploy it. Mythos Preview changes that equation — autonomous end-to-end discovery and exploitation means the human expertise requirement drops sharply.

Anthropic's position is that the right approach is not to withhold the capability forever, but to run a structured defensive rollout: give defenders access first, find and fix as many vulnerabilities as possible before the capability becomes more widely available through other means (other labs, fine-tuned open models, or discovery by adversaries independently).

This is the same logic as coordinated vulnerability disclosure for individual CVEs, applied at the level of the AI model itself. It is arguably the correct approach. It is also an approach that requires trusting Anthropic's access control to hold — a bet the Apache Software Foundation, Linux Foundation, and every Project Glasswing member are implicitly making.

What Developers and Security Teams Should Do

If you maintain open-source software: Contact the Linux Foundation or OpenSSF directly. The $2.5M grant and Glasswing programme access are specifically designed to cover widely-used open-source infrastructure. If your project is security-critical and widely deployed, you likely qualify.

If you run enterprise security teams at a major technology company: Project Glasswing's "roughly 40 additional organisations" access is still being allocated. Contact Anthropic's enterprise security team. The access criteria is critical software infrastructure responsibility.

If you are a developer writing software that will be reviewed by Mythos: The positive version of this story is that thousands of zero-days that have existed for years are now being disclosed and patched before they are actively exploited. If you run FreeBSD with NFS, patch CVE-2026-4747 immediately — that exploit is now known.

For your own codebase: The capabilities Mythos demonstrates will eventually be available in public tools, through other labs or through open models fine-tuned for security research. The window to harden your codebase before AI-assisted exploitation becomes commodity is not infinite. Tools like CodeQL, Semgrep, and existing AI code review products are the current accessible equivalent — not Mythos-level, but meaningfully better than manual review.

For security-conscious architecture: The most durable defence against zero-day exploitation is not finding all the zero-days — it is building systems where exploitation of a single vulnerability has minimal blast radius. Isolation, least privilege, immutable infrastructure, and defence-in-depth become more valuable as the speed of zero-day discovery increases.

The Broader Signal: AI Security Research Has Changed

CVE-2026-4747 sat in FreeBSD for 17 years. The vulnerability was not obscure — FreeBSD NFS is widely deployed in production infrastructure. Human researchers did not find it. An AI model found it in weeks.

This is the operating reality of security research going forward: AI models will systematically scan and find vulnerabilities that humans have missed for years, in software that has been assumed to be mature and well-audited. The backlog of legacy vulnerabilities in critical infrastructure that will be discovered over the next 2-3 years is likely large.

For the security community, this is a race condition. Defenders with AI access find and fix. Attackers with AI access find and exploit. Project Glasswing is Anthropic's bet that getting defenders equipped first is both the ethical and the strategically correct move. The logic is sound. Whether the execution holds depends on access control that has never been tested at this capability level.

See related coverage: Anthropic acquires Coefficient Bio for $400M drug discovery — the same week that shows Anthropic's strategy of expanding into high-stakes domains where AI capabilities have transformative leverage.

Key Takeaways

• Claude Mythos Preview autonomously found thousands of zero-days across every major OS and browser, including a 17-year-old FreeBSD RCE (CVE-2026-4747) — model capability now surpasses all but elite human researchers at finding and exploiting vulnerabilities
• Project Glasswing: $100M in model usage credits; founding partners AWS, Apple, Google, Microsoft, Nvidia, Cisco, CrowdStrike, JPMorgan, Linux Foundation, Palo Alto Networks; ~40 additional critical infrastructure orgs
• Not public: Mythos Preview is restricted to defensive security work under Project Glasswing — dual-use risk of autonomous end-to-end exploit generation is the stated reason
• Grants: $2.5M to Alpha-Omega/OpenSSF through Linux Foundation; $1.5M to Apache Software Foundation — targeting the open-source stack underlying most production infrastructure
• For developers: patch CVE-2026-4747 if running FreeBSD NFS; contact Linux Foundation if you maintain critical open-source infrastructure; the window to harden codebases before AI-assisted exploitation becomes commodity is narrowing
• The broader signal: AI security research has crossed a threshold — systematic AI-assisted scanning will surface years of accumulated legacy vulnerabilities across the entire software stack