Author: Anthropic

Compiled by: TechFlow

TechFlow Introduction: Anthropic has released a cutting-edge, unreleased model known as Claude Mythos Preview, which surpasses the code auditing capabilities of the vast majority of human security experts and can autonomously discover zero-day vulnerabilities that have existed for decades.

Based on this capability, Anthropic, in partnership with 12 major tech giants including AWS, Apple, Google, Microsoft, and Nvidia, has launched the Project Glasswing initiative, investing a credit line of $100 million, with the goal of patching vulnerabilities in critical global software before attackers gain comparable abilities.

Introduction

Today we announce Project Glasswing, a new initiative that brings together Amazon Web Services (AWS), Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks, aimed at protecting the security of the world's most critical software.

We initiated Project Glasswing because a new cutting-edge model trained by Anthropic has demonstrated capabilities that we believe could reshape the cybersecurity landscape. Claude Mythos Preview is a general-purpose, unreleased cutting-edge model that reveals a harsh reality: the coding capabilities of AI models have reached a level where they can surpass everyone except the top experts in discovering and exploiting software vulnerabilities.

The Mythos Preview has already uncovered thousands of critical vulnerabilities across every mainstream operating system and browser. With the pace of AI advancement, this capability is likely to proliferate in the near future, potentially falling into the hands of irresponsible users. The implications for the economy, public safety, and national security could be severe. Project Glasswing is an urgent attempt to prioritize these capabilities for defense.

As part of Project Glasswing, the aforementioned partners will use Mythos Preview in their defensive security efforts; Anthropic will share learnings to benefit the entire industry. We have also opened access to more than 40 additional organizations that build or maintain critical software infrastructure, allowing them to scan and fortify their own systems as well as open-source systems. Anthropic has committed up to $100 million in Mythos Preview usage credits and $4 million in direct donations to open-source security organizations.

Project Glasswing is just a starting point. No single organization can solve the cybersecurity issue alone: cutting-edge AI developers, other software companies, security researchers, open-source maintainers, and governments around the world all have indispensable roles to play. Defending global cyber infrastructure may take years; however, cutting-edge AI capabilities may make significant leaps in the coming months. For cyber defenders to gain an edge, they must act now.

Cybersecurity in the Age of AI

The software we rely on daily—running banking systems, storing medical records, connecting logistics networks, and maintaining power grids—has always had bugs. Most are trivial, but some are severe security flaws that, once discovered, could allow attackers to hijack systems, cripple operations, or steal data.

Cyberattacks have already shown devastating consequences for corporate networks, healthcare systems, energy infrastructure, transportation hubs, and government agencies around the world. On a global scale, nation-state attacks from China, Iran, North Korea, and Russia have threatened the infrastructure that supports civilian life and military readiness. Even small-scale attacks on a single hospital or school can result in huge economic losses, expose sensitive data, and even endanger lives. The annual economic losses from global cybercrime are difficult to estimate accurately, but may be around $500 billion.

In the past, many software defects went undiscovered for years because finding and exploiting them required specialized knowledge possessed only by a few security experts. But with the advent of the latest cutting-edge AI models, the cost, effort, and expertise needed to find and exploit software vulnerabilities has dramatically decreased. In the past year, AI models have become increasingly powerful in code reading and reasoning, particularly in discovering vulnerabilities and constructing exploits. Claude Mythos Preview has made significant strides in these cybersecurity skills—some of the vulnerabilities it discovered had survived human scrutiny for decades and undergone millions of automated security tests, while the exploit code it developed has also become increasingly sophisticated.

A decade after the inaugural DARPA Cyber Grand Challenge, cutting-edge AI models are approaching or even matching the vulnerability discovery and exploitation abilities of top human experts. Without necessary security measures, these powerful capabilities could be used to exploit numerous existing flaws in the most important software worldwide. Cyberattacks will become more frequent and destructive, also empowering US and allied adversaries. This is a security priority that democratic nations must take seriously.

The good news is: the abilities that make AI models dangerous in the wrong hands also make them invaluable for discovering and fixing critical software flaws—helping to produce new, safer software with fewer bugs. Project Glasswing is an important step for defenders to establish a lasting advantage in the upcoming AI-driven cybersecurity era.

The Capability of Claude Mythos Preview in Discovering Vulnerabilities and Exploits

In the past few weeks, we have used Claude Mythos Preview to discover thousands of zero-day vulnerabilities (defects unknown to software developers before) across every mainstream operating system, browser, and a range of other critical software, many of which are high-severity.

On the Frontier Red Team Blog, we disclosed some technical details of vulnerabilities that have been fixed, along with the exploits found by Mythos Preview. Almost all of these vulnerabilities’ discovery (as well as many related exploit developments) was accomplished entirely autonomously by the model, without any human guidance. Here are three examples:

• Mythos Preview discovered a 27-year-old vulnerability in OpenBSD. OpenBSD is renowned for its high level of security hardening and is widely used in firewalls and other critical infrastructure. This vulnerability allows an attacker to remotely crash the target machine simply by connecting to it.
• It also found a 16-year-old vulnerability in FFmpeg. FFmpeg is utilized by countless software for video encoding and decoding. The issue was in a single line of code, and automated testing tools had hit this line 5 million times without ever detecting the problem.
• The model autonomously discovered and chained several vulnerabilities in the Linux kernel (which powers much of the world's servers), achieving privilege escalation from ordinary user rights to full control of the machine.

We have reported all the aforementioned vulnerabilities to their respective software maintainers, and they have all been fixed. For many other vulnerabilities, we are today providing cryptographic hashes of the details (see Red Team blog), with the intention to disclose specifics after they have been repaired.

Benchmark assessments such as CyberGym have also validated the significant gap between Mythos Preview and our second strongest model, Claude Opus 4.6:

Cybersecurity Vulnerability Reproduction - CyberGym

In addition to our own work, many partners have been using Claude Mythos Preview for several weeks. Here’s their feedback:

“AI capabilities have crossed a threshold, fundamentally changing the urgency required to protect critical infrastructure from cyber threats, and this change is irreversible. The foundational work with these models shows that security vulnerabilities in hardware and software can be identified and fixed at an unprecedented speed and scale. This is a profound shift and a clear signal: the old methods of system hardening are no longer sufficient. Technology providers must actively embrace new approaches immediately, and clients need to be prepared for deployment. This is why Cisco has joined Project Glasswing—this work is too important and urgent to go it alone.”

— Anthony Grieco, Senior Vice President and Chief Security and Trust Officer, Cisco

“At AWS, we build defenses before threats emerge, from custom chips to the entire technology stack. Security is not a phase; it is ongoing and embedded in everything we do. Our team analyzes over 400 trillion network traffic each day to detect threats, and AI is at the core of our large-scale defense capabilities. We have been testing Claude Mythos Preview in our security operations, applying it to critical codebases, and it has been helping us harden our code. We are infusing deep security expertise into our collaboration with Anthropic, and strengthening Claude Mythos Preview to allow more organizations to advance their work with the highest security standards.”

— Amy Herzog, Vice President and Chief Information Security Officer, Amazon Web Services

“When cybersecurity is no longer limited to purely human capabilities, the opportunity to responsibly use AI to significantly enhance security and reduce risk is unprecedented. Joining Project Glasswing and gaining access to Claude Mythos Preview enables us to identify and mitigate risks proactively, enhancing our security and development solutions to better protect our customers and Microsoft. During testing on our open-source security benchmark CTI-REALM, Claude Mythos Preview has shown substantial improvement over previous models. We look forward to collaborating with Anthropic and the broader industry to improve security outcomes for everyone.”

— Igor Tsyganskiy, Executive Vice President of Cybersecurity and Microsoft Research, Microsoft

“The window between when a vulnerability is discovered and when it is exploited by an attacker has collapsed—something that used to take months can now be done in minutes with AI. Claude Mythos Preview showcases the potential for defenders to act at scale, while adversaries will inevitably seek to exploit the same capabilities. This is not a reason to slow down; it is a call to accelerate together. To deploy AI, security must be a given. That is why CrowdStrike has been involved from day one.”

— Elia Zaitsev, Chief Technology Officer, CrowdStrike

“In the past, security expertise was a luxury only organizations with large security teams could afford. Open-source software maintainers—their software supports much of the world’s critical infrastructure—have historically had to find their own ways to solve security issues. Open-source software constitutes the majority of code in modern systems, including the systems that AI agents use to write new software. By giving maintainers of these critical open-source codebases access to next-generation AI models that can proactively identify and fix vulnerabilities at scale, Project Glasswing provides a practical pathway to change this dynamic. This is how AI-enhanced security can move from being the exclusive tools of large teams to being reliable assistants for every maintainer.”

— Jim Zemlin, CEO of the Linux Foundation

“Facilitating the cybersecurity and resilience of the financial system is at the core of JPMorgan Chase's mission, and we believe the industry is strongest when leading organizations collaborate on common challenges. Project Glasswing provides a unique early opportunity for us to evaluate the capabilities of next-generation AI tools in defensive cybersecurity for critical infrastructure against our standards while standing shoulder to shoulder with respected technology leaders. We will take a rigorous, independent approach to determine how to proceed and how to help. Anthropic's initiative embodies the forward-looking, collaborative approach needed at this moment.”

— Pat Opet, Chief Information Security Officer, JPMorgan Chase

“Google is pleased to see the formation of this cross-industry cybersecurity initiative and provide access to Mythos Preview through Vertex AI for participants. Collaboration across the industry is critical for emerging security issues, whether it’s post-quantum cryptography, responsible zero-day vulnerability disclosure, open-source software security, or defending against AI-based attacks. We have long believed that AI in cyber defense presents both new challenges and new opportunities, which is why we have built AI-driven tools like Big Sleep and CodeMender to discover and fix critical software defects. We will continue to invest in leading cybersecurity platforms and a culture focused on protecting users, customers, ecosystems, and national security.”

— Heather Adkins, Vice President of Security Engineering, Google

“In the past few weeks, we have been using the Claude Mythos Preview model to identify complex vulnerabilities that the previous generation of models completely missed. This not only changes the game for discovering hidden vulnerabilities, but also means that attackers will soon be able to discover more zero-day vulnerabilities and develop exploit code faster than ever before. Clearly, these models need to be put in the hands of open-source project owners and all defenders, to discover and fix vulnerabilities before attackers gain access. More importantly, everyone needs to be prepared for AI-assisted attackers. Attacks will be more frequent, faster, and more complex. It’s time to comprehensively upgrade our cybersecurity frameworks. We appreciate Anthropic's collaboration with the industry to ensure these powerful capabilities prioritize defense.”

— Lee Klarich, Chief Product and Technology Officer, Palo Alto Networks

The powerful cybersecurity capabilities of Claude Mythos Preview stem from its exceptional coding and reasoning abilities. The following assessment results show that this model achieved the highest scores in various software coding tasks among all known models.

Agent Coding

Reasoning

Agent Search and Computer Use

Notes:

• SWE-bench Verified, Pro, and Multilingual: Memoization screening marked some items. The advantage of Mythos Preview relative to Opus 4.6 remains unchanged after excluding items that may be memoized.
• SWE-bench Multimodal: Scores are not directly comparable to the public leaderboard using internal implementation.
• Terminal-Bench 2.0: Using Terminus-2 framework, maximum effort under adaptive thinking mode, total budget of 1 million tokens per task, 1x guarantee / 3x upper limit resource allocation, averaging over 5 attempts per task. After raising the timeout limit to 4 hours and updating with Terminal-Bench 2.1, Mythos Preview scored 92.1%.
• BrowseComp: Claude Mythos Preview scores higher than Opus 4.6, while token consumption is only 1/4.9 of the latter.
• Humanity's Last Exam: Mythos performs well in low effort mode, suggesting some degree of memoization.

For more information about the model's capabilities, security properties, and foundational features, please refer to the Claude Mythos Preview System Card.

We do not plan to make Claude Mythos Preview publicly accessible, but the ultimate goal is to allow users to deploy Mythos-level models safely and at scale—not just for cybersecurity, but for many other values these high-capability models will bring. To achieve this, we need to make progress in developing cybersecurity (and other) safeguards to detect and block the most dangerous outputs of the models. We plan to release new safeguards in the upcoming Claude Opus models that will enable us to enhance and refine these measures with a model that does not carry the same risk level as Mythos Preview.

Next Steps for Project Glasswing

Today's release marks the beginning of a long-term effort. Success requires broad participation from within and outside the technology industry.

Partners in Project Glasswing will gain access to Claude Mythos Preview to discover and fix vulnerabilities and weaknesses in their foundational systems—these systems comprise a significant portion of the global shared attack surface. The expected focus of the work includes local vulnerability detection, binary black-box testing, endpoint hardening, and system penetration testing.

Anthropic has committed $100 million in model usage credits for Project Glasswing and other participants, covering substantial usage during the research preview period. Following this, Claude Mythos Preview will be offered to participants at a rate of $25 per million input/output tokens for participants (who can access the model through Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry).

In addition to model usage credits, we have donated $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5 million to the Apache Software Foundation, to help open-source software maintainers cope with this changing landscape (interested maintainers can apply for access through the Claude for Open Source program).

We intend for this work to continue to expand in scope over the coming months and to share learnings as widely as possible, allowing other organizations to apply these experiences to their own security. Partners will share information and best practices with each other as conditions allow; within 90 days, Anthropic will publicly report our findings as well as specific details on repaired vulnerabilities that can be disclosed. We will also collaborate with leading security organizations to develop a set of practical recommendations on the evolution of security practices in the AI era, potentially covering: vulnerability disclosure processes, software update processes, open-source and supply chain security, secure design practices in software development life cycles, regulated industry standards, triage expansion and automation, and patch automation.

Anthropic has also been in discussions with US government officials regarding the offensive and defensive cybersecurity capabilities of Claude Mythos Preview. Protecting critical infrastructure is a foremost national security priority for democratic nations— the emergence of these cybersecurity capabilities underscores the necessity for the US and its allies to maintain a decisive advantage in AI technology. Governments have an indispensable role in helping maintain this lead and in assessing and mitigating the national security risks associated with AI models. We are willing to work with representatives at all levels of government to assist in accomplishing these tasks.

We hope Project Glasswing can catalyze a larger-scale effort across the industry and public sectors to jointly address the most significant challenges posed by powerful models to security. We invite other members of the AI industry to join in developing industry standards. In the medium term, an independent third-party organization—capable of bringing together private and public sector organizations—could be an ideal platform to support the subsequent work on these large-scale cybersecurity projects.

Notes

1. The project is named after the Glasswing butterfly (Greta oto). This metaphor has two layers of meaning: the butterfly's transparent wings allow it to be invisible, much like the vulnerabilities hidden in the code discussed in this document; transparent wings also help it evade harm, akin to the transparent approach we advocate.
2. The term Mythos originates from ancient Greek, meaning "narrative" or "story": the systems of stories that civilizations use to understand the world.
3. Security professionals whose legitimate work is affected by these safeguards can apply for the upcoming Cyber Verification Program.