Anthropic Mythos and Project Glasswing Explained

An AI That Finds Exploits Humans Missed for 27 Years

In early April 2026, Anthropic quietly disclosed something that sent shockwaves through the security community: a specialized AI model called Mythos had autonomously discovered and chained together a series of software vulnerabilities — including one that had been sitting unpatched in a widely-used open-source library for 27 years. No human guidance. No hints about where to look. Just a model pointed at a codebase with one instruction: find what's broken.

That disclosure kicked off a chain of events that's still unfolding. Anthropic announced Project Glasswing, an industry consortium with Apple, Google, and Microsoft to responsibly manage Mythos's capabilities. The White House publicly opposed expanding access to the model. And security researchers are divided between "this is exactly what defense needs" and "this is the most dangerous AI capability yet built."

Here's what's actually going on, what it means for you, and — most importantly — what you can do about it today.

What Mythos Actually Is (and Isn't)

Mythos is not a chatbot. It's not a general-purpose model you'll be prompting anytime soon. It's a specialized derivative of Claude, fine-tuned specifically for offensive cybersecurity research — vulnerability discovery, exploit development, and attack chain construction.

What makes it different from existing AI-assisted security tools:

• Autonomous exploit chaining. Most AI security tools find individual bugs. Mythos maps how multiple low-severity vulnerabilities combine into critical attack paths. It found a chain of four bugs across three different components that, individually, would each be rated "medium" severity — but together allowed remote code execution.
• Deep codebase reasoning. It doesn't just pattern-match against known vulnerability types. It builds an internal model of how data flows through a system and identifies logical flaws that static analyzers miss entirely.
• Historical blind spots. That 27-year-old bug? It was in a date-parsing routine that had been audited multiple times by human security teams. Mythos identified an integer overflow condition that only triggers under a specific combination of locale settings and input encoding — the kind of edge case humans consistently overlook.

The critical distinction: Mythos doesn't just find bugs. It writes working proof-of-concept exploits and describes exactly how an attacker would use them. That's what makes it both incredibly valuable for defense and genuinely dangerous if misused.

Why Anthropic Won't Release It

Anthropic classified Mythos under their highest internal risk tier — a category they call ASL-4, which until now had been theoretical. The model is not available through any API, not included in any Claude plan, and not scheduled for public release.

Their reasoning is straightforward: the asymmetry between offense and defense. If Mythos finds a zero-day vulnerability in, say, a Linux kernel networking stack, the responsible path is to report it to maintainers and wait for a patch. But if that same capability were widely available, thousands of actors could find the same bug simultaneously — and not all of them would report it responsibly.

Anthropic's internal testing reportedly showed that Mythos could identify exploitable vulnerabilities in production software at a rate roughly 8x faster than their best human red team. More concerning, it found classes of bugs that the human team hadn't found at all during the same engagement.

This isn't theoretical risk. This is a concrete capability gap that currently favors defense only because access is restricted.

Project Glasswing: The Industry Response

Project Glasswing is Anthropic's answer to the question "if we can't release it, how do we still use it to protect people?" The consortium — announced in mid-April with Apple, Google, and Microsoft as founding members — works like this:

• Coordinated scanning. Member organizations submit codebases (or specific components) for Mythos analysis under strict NDAs and data handling agreements. Results go only to the code owners.
• Responsible disclosure pipeline. Vulnerabilities found in open-source dependencies get reported through existing CVE processes, with Glasswing providing a 90-day disclosure window before any details become public.
• Shared defense signatures. When Mythos identifies a new vulnerability class (not just a specific bug, but a pattern), Glasswing members get detection signatures they can deploy in their own security tooling.
• No model access. Nobody outside Anthropic runs Mythos directly. The consortium is a service relationship, not a licensing deal.

The notable absence from the founding members: Amazon and Meta. Neither company has commented publicly, though reporting from the WSJ suggests that Meta objected to the "no model access" restriction, preferring an approach where member companies could run Mythos on-premises.

The White House Pushback

On April 30, the WSJ reported that the White House has formally opposed expanding Glasswing access beyond the current founding members, at least until new oversight frameworks are in place. The administration's concern isn't with the consortium itself — it's with the precedent.

The core tension: if Anthropic can build Mythos, other labs can build equivalents. And not all of them will implement the same restrictions. The White House position, according to people familiar with the discussions, is that expanding access to Mythos — even through a controlled consortium — normalizes the existence of offensive AI cyber capabilities before regulation catches up.

Security researchers have pushed back hard on this. Bruce Schneier wrote on his blog that restricting defensive use of these tools while offensive development continues unchecked is "exactly backwards." His argument: state-sponsored threat actors are almost certainly building similar capabilities already. Keeping the defensive applications locked down doesn't prevent offense — it just handicaps defense.

It's a genuinely hard problem with no clean answer.

What This Means If You're a Developer

You're not getting access to Mythos. That's the reality. But the vulnerabilities it finds aren't magic — they're the same classes of bugs that have always existed. Mythos is just dramatically better at finding them. The good news: many of the tools and practices that protect against these bugs are available to you right now.

Run a Static Analysis Tool You're Not Currently Running

If you're only using your IDE's built-in linting, you're missing entire categories of vulnerabilities. Here's what's actually worth your time:

Tool	Best For	Cost
Semgrep	Custom rules, multi-language, catches logic bugs beyond syntax	Free (open source), Team plan from $40/mo
CodeQL	Deep dataflow analysis, closest public tool to what Mythos does	Free for public repos on GitHub
Snyk Code	Real-time IDE scanning, good for catching issues before commit	Free tier for individuals
Bandit (Python)	Python-specific security linting	Free (open source)
Brakeman (Ruby)	Rails security scanner	Free (open source)

CodeQL deserves special attention here. It's the closest publicly available tool to Mythos's approach — it models data flow through your application and identifies paths where untrusted input reaches sensitive operations. If you're on GitHub and not running CodeQL, you're leaving free security scanning on the table.

Audit Your Dependencies (Seriously, Do It Today)

That 27-year-old bug Mythos found? It was in a dependency. Not the application code. The vast majority of exploitable vulnerabilities in modern applications come from third-party packages, not the code you wrote.

• Run npm audit, pip audit, or cargo audit right now. Not next week. Now.
• Enable Dependabot or Renovate if you haven't. Automated dependency updates catch the majority of known vulnerabilities before they become problems.
• Check your transitive dependencies. Your package.json might list 20 packages, but your node_modules contains 800. Tools like npm ls --all or pipdeptree show you what's actually in your dependency tree.

Use AI-Assisted Code Review — But Know Its Limits

Claude, GPT-4, and Gemini can all review code for security issues, and they're surprisingly good at catching common vulnerabilities like SQL injection, XSS, and insecure deserialization. I regularly paste functions into Claude and ask "what could go wrong here from a security perspective?" and get genuinely useful feedback.

But these models aren't Mythos. They work best on isolated functions or small modules. They can't reason about how a vulnerability in your authentication middleware interacts with a race condition in your job queue to create a privilege escalation path. That kind of cross-component reasoning is exactly what makes Mythos different — and why its capabilities are restricted.

Use AI code review as one layer in your defense. Not the only layer.

What This Means If You Run a Business

If you're a freelancer, startup founder, or small business owner, the Mythos news probably feels abstract. You're not running critical infrastructure. Nobody's chaining zero-days to attack your SaaS app.

Probably.

But here's the practical concern: as AI-powered offensive tools become more capable (whether Mythos or its inevitable equivalents), the cost of attacking smaller targets drops. A vulnerability that would take a human attacker weeks to find and exploit might take an AI minutes. That changes the economics of who's worth attacking.

Three things you can do this week:

• Enable MFA everywhere. Not just your admin panels — your email, your hosting provider, your domain registrar, your DNS. Credential theft is still the #1 attack vector, and MFA blocks the vast majority of it.
• Review your attack surface. What's actually exposed to the internet? Old staging servers? Forgotten API endpoints? Admin panels on default ports? Each one is a potential entry point. Tools like Shodan and Censys can show you what's visible from outside your network.
• Get a penetration test. If you've never had one, budget for it. A basic web application pentest from a reputable firm runs $3,000–$8,000 and will find the kinds of issues that automated tools miss. Several firms are now using AI-assisted testing (not Mythos, but commercial tools) that bring costs down further.

The Bigger Picture: AI and the Offense-Defense Balance

Mythos represents a genuine inflection point in cybersecurity. For the first time, an AI system has demonstrated the ability to autonomously discover and exploit vulnerabilities at a level that matches or exceeds top-tier human security researchers. That capability exists now. It's not going back in the box.

The Glasswing consortium is a reasonable first attempt at managing this — keeping the capability centralized while distributing the defensive benefits. But it's a temporary arrangement. Other AI labs will develop similar capabilities. Open-source security models will eventually approach this level. The window where "just don't release it" is a viable strategy is probably 18–24 months, maybe less.

The security community needs to use that window to build better defenses, not just better locks on the offensive tools. That means:

• Making tools like CodeQL and Semgrep more powerful and accessible
• Building AI-powered defensive scanning into CI/CD pipelines by default
• Training developers to think about exploit chains, not just individual bugs
• Creating regulatory frameworks that incentivize responsible disclosure without criminalizing security research

What to Do Right Now

You don't need access to Mythos to improve your security posture. Most breaches still exploit known vulnerabilities with available patches, default credentials, or missing MFA. The fundamentals haven't changed — there are just stronger reasons to actually do them.

Start here: pick one tool from the table above and run it against your main project today. Enable Dependabot or Renovate on your repos. Turn on MFA for any service that supports it. These three actions, done this afternoon, will protect you against more real-world threats than worrying about restricted AI models ever will.

Mythos is a signal that the security landscape is shifting faster than most people realize. The organizations and developers who take that signal seriously — not with panic, but with action — are the ones who'll be fine.