There’s an irony underlying this situation. An artificial intelligence (AI) model that Anthropic was working on was ‘leaked’ a few days ago. Codenamed Mythos, and capabilities claimed to be “substantially beyond those of any model we have previously trained, this model was discovered after descriptions of the model were found in publicly accessible data following an ‘error’ in the AI company’s content management system. Now, Anthropic says Claude Mythos is so powerful, they’ll not make this model generally available. Instead, it provides the foundation for something called Project Glasswing, to secure every other software.
Where have you heard this before? In 2019, Dario Amodei who is now the CEO and co-founder of Anthropic was still at OpenAI as Vice President of Research. In February 2019, OpenAI had said that its text-generation GPT-2 algorithm was too dangerous for public release. Has the marketing playbook been carried forward with the passage of time? now, this model is the basis for an industry consortium, called Project Glasswing, with an intention to deploy this for cybersecurity
“Instead, we are using it as part of a defensive cybersecurity program with a limited set of partners,” the company details, in the system card for the Claude Mythos Preview released this week. The partners include Apple, Google, Microsoft, Amazon Web Services, Nvidia and Cisco. Anthropic insists the model’s “striking leap in scores on many evaluation benchmarks” is the reason for the advantage over Claude Opus 4.6 across agentic coding, reasoning and computer use benchmarks.
The GPT-2 resemblance seems difficult to ignore. Back then, the rhetoric was more about AI responsibility and restraint. Eventually, GPT-2 was released (small model in Feb 2019, the medium model in May and the larger models in August and November) , relegating the ‘too dangerous to share’ pitch more to the AI marketing folklore, than a pure safety debate. The Project Glasswing revives those memories, as a model that’s claimed to be exceptionally capable and therefore very risky, with a need for controlled usage.
“As part of Project Glasswing, the launch partners listed above will use Mythos Preview as part of their defensive security work; Anthropic will share what we learn so the whole industry can benefit. We have also extended access to a group of over 40 additional organisations that build or maintain critical software infrastructure so they can use the model to scan and secure both first-party and open-source systems,” the company says in a statement.
Anthropic says they’ll be committing up to $100 million worth of usage credits for the Mythos Preview across these efforts—after that, Claude Mythos Preview will be available to participants at $25/$125 per million input/output tokens. Important to note the commercial architecture that’s being created here, with Claude Mythos still very much a product in Anthropic’s scheme of things—scarcity, capabilities, and therefore premium pricing strategies will be at work.
They are bullish about their claims, saying the model found a 27-year-old vulnerability in OpenBSD operating system and a 16-year-old vulnerability in FFmpeg software used to encode and decode video. They also say that the Mythos Preview has already found thousands of high-severity vulnerabilities—including some in every major operating system and web browser.
The partners insist this will be one part of their overall cybersecurity efforts.
“We will take a rigorous, independent approach to determining how to proceed and where we can help,” says Pat Opet, Chief Information Security Officer at JPMorganChase. Heather Adkins, VP of Security Engineering at Google, says they’ll make the Mythos Preview available via the Vertex AI platform and “will continue investing in our leading cybersecurity platform and a culture focused on protecting users.”
Amy Herzog, Amazon Web Services’ Vice President of CSIO, notes that their teams analyse over 400 trillion network flows every day for threats, and AI is crucial for identifying and defending at scale. They’ve applied Claude Mythos Preview to these security operations, and it has helped strengthen the code in critical instances.
The unwritten caveat must be noticed. None of the Project Glasswing partners are fully handing over their cybersecurity apparatus or architecture to the new model. This will be an additional layer, not the entirety. This lends the necessary perspective. Claude Mythos’ claimed scores and capabilities are impressive, but it is unlikely that one AI model will fundamentally restructure the approach to cybersecurity across industries.
Anthropic’s positioning with Claude Mythos for Project Glasswing is two-pronged—for cybersecurity applications including finding vulnerabilities in software, and secondly, for zero-day vulnerabilities that were previously not discovered or known to exist.
Also Read: OpenAI, Anthropic, Google unite to combat AI model copying in China
The AI company’s Frontier Red Team, a specialised technical group that tests AI models for capabilities and any possible harmful indicators in autonomous or specific behaviour, notes that while the Opus 4.6 model mostly had a near 0% success rate at autonomous exploit development, the Mythos Preview does significantly better.
“For example, Opus 4.6 turned the vulnerabilities it had found in Mozilla’s Firefox 147 JavaScript engine—all patched in Firefox 148—into JavaScript shell exploits only two times out of several hundred attempts. We re-ran this experiment as a benchmark for Mythos Preview, which developed working exploits 181 times, and achieved register control on 29 more,” they note, regarding cybersecurity capabilities.
Anthropic wants the industry to believe that Claude Mythos is better than anything before it, and that may well be the case. Alongside, selective deployment via a consortium lends credence to the projection of responsibility. But more than anything else, in its entirety, this seems to be an extraordinarily effective narrative starting with the purported leak.
