Anthropic’s Project Glasswing: Protecting the Public Versus Public Relations and If It Matters Either Way

On April 7, Anthropic announced the launch of a limited access alliance between 40 cybersecurity and critical infrastructure firms, granting the group limited access to its unreleased Claude Mythos Preview model for vulnerability discovery and remediation purposes, supported by Anthropic’s commitment of US$100 million in model usage credits with further usage charged at US$25/US$125 per million input/output tokens.

Restricting the general-purpose frontier model to limited release is based on Anthropic’s claims as to the potentially destabilizing or, in the worst-case scenario, catastrophic consequences of general availability (as well as compute limitations faced by Anthropic). This is due to Mythos’ purported ability to find and chain together thousands of zero-day vulnerabilities within operating systems, web browsers, and leading software providers’ code (some of which are tens of years old) via reasoning and agentic code capabilities that surpass preexisting expectations of the Artificial Intelligence (AI) model’s vulnerability detection prowess. Just over a week later, on April 16, Anthropic announced the release of Claude Opus 4.7, outlining its plans to benchmark that model’s capabilities against the more powerful Mythos Preview model.

Impact of Mythos Preview

Anthropic claims that Mythos Preview’s vulnerability detection and exploitation capabilities, magnified on an agentic scale, significantly lower the threshold of resources and skills required to launch more frequent and destructive cyberattacks, potentially destabilizing organizations and nations worldwide. The prospective threat manifests through various vectors, including: 1) the weaponization of Mythos in a state or armed conflict context; 2) exploitation of vulnerabilities by external, malicious actors; and 3) exploitation of vulnerabilities by legitimate users within systems, i.e., the “insider threat.” Yet, on the other hand, the magnitude of code within major operating systems leads others to conclude that vulnerability detection by a Large Language Model (LLM) like Mythos is akin to shooting fish in a barrel; demonstrating little more than a capability to “exploit systems with weak security posture” at a rate that is not dramatically better than Opus 4, according to the U.K. AI Security Institute following an independent assessment of Mythos against other leading models (e.g., GPT-5 and 5.4, Claude Sonnet 4.5 and Opus 4.6, and Codex 5.2).

Unlike smaller models, Mythos does tackle the more complex “needle-in-a-haystack” issue, detecting vulnerabilities beyond isolated code. For some, the natural consequence of a fully autonomous pipeline is AI Research and Development (R&D) and, later, rapidly accelerating improvement that leads to Artificial General Intelligence (AGI). However, slicing through the hype here also involves a deeper interrogation into whether existing hardware constraints and compute limitations will prevent AI advancements from reaching AI R&D and, if it is achieved, whether it can bring about AGI. Model limitations with regard to the necessary cognitive capabilities for AGI suggest it may not be achievable, despite ongoing mitigation measures (namely, when it comes to systems forming original insights and performing continual learning).

Panic also continues to swirl regarding Mythos’ ability to break containment from its sandbox and the natural emergence of Mythos’ capabilities compared to models like GPT-5.4, which were fine-tuned to discover and exploit zero-day vulnerabilities. Some dismiss these concerns, outlining that Mythos breaking out of its sandbox was not an independent action, but rather an inherent aspect of its performance instructions: to find security gaps and exploit those.

Impact of Project Glasswing

Regardless of whether Mythos carried out an independent “sandbox escape” or its capabilities were shaped via training versus being unexpected emergent properties, the security, market, and geopolitical impacts are undeniable. Limiting access to Mythos Preview or the other latest models to the giants of the cybersecurity and software world is practical in that it helps those vendors tackle what are likely to be the most critical threats with the largest blast radius. Yet, from a market perspective, this approach opposes the democratization that has underpinned much of AI innovation and serves to further entrench advantage asymmetries that exist within cyber and software development, compounding market power discrepancies.

Governments are also largely excluded from the Project—despite some federal agencies broaching Trump’s ban on Anthropic to test Mythos—meaning that regulatory bodies lose any headstart on modifying existing standards requirements to reflect AI’s capabilities. This is also indicative of an increasingly pervasive paradox between politics and cybersecurity: increasing politicization of cybersecurity as a key tenet of national security amid growing tensions between governments and the cybersecurity industry. Other AI organizations (e.g. OpenAI) are already criticizing Anthropic’s restricted rollout, adding weight to the notion that upcoming rollouts may not follow Anthropic’s lead, forcing states to be reactive with their governance and strategies.

While there is the prospect of heightened regulatory efforts to combat the risks of new AI models, Mythos itself indicates that the capabilities of models are constantly evolving and with an ever-shifting goalpost, regulation may not be the answer either. This is especially true as the European Union (EU)—which has historically taken the most stringent regulatory approach to AI—has largely been excluded from Mythos Preview and Project Glasswing. Organizations like OpenAI beat out Anthropic on compute power, heightening concerns regarding their prospective models’ capabilities. While transparency helps combat accusations of arbitrary exclusionary policies, full transparency regarding models and their training can provide malicious actors with the tools to build their own Mythos-class systems.

The full extent of Mythos’ technical capabilities remains shrouded in both alarmism and cynicism at either side of the spectrum, while Project Glasswing itself creates its own horde of security, policy, and legal issues. But it is not all doom and gloom. AI’s growing capabilities create new opportunities across the cybersecurity continuum, including:

• Increased Opportunities for Both AI-Specific and Other Security Vendors: Non-Human Identity (NHI) experts and Identity Access Management (IAM) and Privileged Access Management (PAM) vendors are most actively positioning themselves to be the solution to the issues raised by Mythos and other AI advancements as securing service accounts, Application Programming Interface (API) keys, workloads, and machine-to-machine access becomes increasingly important, especially as the risk of insider threats and lateral movement become more potent. But you also have traditional cryptography experts (Public Key Infrastructure (PKI)) moving in. Specialization of existing capabilities to accommodate AI agents is key here. At the same time, in the AI age, data are the most critical strategic asset. Thus, Data Security Posture Management (DSPM) solutions are key and, perhaps more importantly, Data Lifecycle Protection (DLP) offerings and remediation, which combines the data and identity components.
• Enhanced Cross-Ecosystem Collaboration on an Unprecedented Scale: While the group selected to participate in Project Glasswing is subject to ongoing contention, the Project illustrates that competitors are able to engage in large-scale cooperation when and where necessary. Further, Anthropic’s investment in open-source software also reflects an understanding of the need for a collaborative front against emergent AI threats, whatever form they take.

While overly nihilistic or fatalistic approaches impede the formation of reasoned representations of AI—and other tools’—capabilities, naively optimistic approaches also render the cybersecurity and international community unprepared to face the emergent threats that AI could pose. Treading the line between the two is not easy; however, it is necessary to secure resilience against new threats on the horizon. As outlined in a recent ABI Insight, with the frontline of armed conflict increasingly disappearing into the cyber realm and cybersecurity and national security becoming growingly ubiquitous, excessive politicization of cybersecurity only serves to weaken national cyber defense strategies. Cynics continue to point to the boosted valuation of Anthropic—up to US$800 billion from US$380 billion in February—alongside the loss of its U.S. government contract and recent Claude Opus 4.7 launch as evidence that Mythos Preview and Project Glasswing are part of a broader Anthropic business strategy. Yet, two things can be true: Project Glasswing can pander to its broader Public Relations (PR) strategy, while also conveying a critical message to the cybersecurity community, which should listen.