Anthropic's restricted AI model has done in weeks what human security researchers couldn't achieve in decades. The company's cybersecurity coalition, Project Glasswing, identified over 10,000 high- and critical-severity software vulnerabilities, including thousands of zero-day flaws that had remained undetected in widely used systems for years.
Among the discoveries: a 27-year-old vulnerability in OpenBSD and a 16-year-old bug in FFmpeg. Both had survived every prior round of human code review and automated testing.
Anthropic launched Project Glasswing on April 7, 2026, built around its unreleased frontier model called Claude Mythos Preview. The model is so adept at finding and exploiting vulnerabilities that Anthropic decided not to release it publicly. Instead, it formed a coalition of over 40 technology and infrastructure companies that get exclusive access for defensive security work.
The $100 million in usage credits Anthropic committed to the initiative signals how seriously major AI labs are taking the dual-use nature of their models. By restricting Claude Mythos Preview to a vetted coalition rather than releasing it broadly, Anthropic demonstrates responsible deployment while building deep relationships with enterprise security teams.
Of the thousands of validated high-severity findings, fewer than 100 confirmed patches have been deployed. The AI can discover flaws at a pace that dramatically outstrips the industry's ability to remediate them.