In late April 2026, Anthropic did something no security team on the planet had done. It pointed a preview of its newest frontier model, Claude Mythos, at every major operating system and every major web browser and told it to find vulnerabilities. The model found thousands. Zero-days. Flaws that had been sitting in production software, undetected, some for over a decade.
One vulnerability had been in FreeBSD for 17 years. A remote code execution flaw in the network file system that gave anyone who found it full root access to the server. It was cataloged as CVE-2026-4747. It had survived 17 years of manual code audits, penetration tests, and security reviews. Mythos found it autonomously.
That is not a product announcement. It is a signal about what defensive security looks like from this point forward.
What Glasswing Actually Is
Project Glasswing is Anthropic’s initiative to use frontier AI capability for defensive cybersecurity. The structure is straightforward: Anthropic gave early access to Mythos Preview to roughly four dozen organizations, primarily large tech companies and major banks. The goal is to find and fix critical software vulnerabilities before they are exploited.
Anthropic was direct about the capability level. Its own assessment: Mythos can “surpass all but the most skilled humans at finding and exploiting software vulnerabilities.” That sentence came from the company that built the model, not from a marketing deck.
Because of that capability, Anthropic chose not to make Mythos Preview generally available. The access is restricted. The disclosure is coordinated. The safeguards are being developed alongside the deployment.
Why This Matters Outside of Security Teams
If you are a business leader reading this and thinking “that is a cybersecurity story, not my problem,” consider the math.
Your organization runs on software that contains vulnerabilities nobody has found yet. Every operating system. Every browser. Every enterprise application. The question was never whether the vulnerabilities existed. The question was who would find them first.
Before Glasswing, the answer was usually: a small number of exceptionally skilled researchers, working slowly, finding vulnerabilities one at a time. The economics of defense were brutal. Defenders had to find every flaw. Attackers only had to find one.
Mythos changes the ratio. It found thousands. Autonomously. In weeks.
Here is the implication that nobody is translating for business leaders: the organizations inside the Glasswing program now have a security posture that the rest of the market cannot match. They are running AI-powered vulnerability discovery against their own infrastructure while everyone else is still running last quarter’s penetration test with a human team that bills by the hour.
The gap is operational, not just technical. And it compounds.
The 17-Year Lesson
The FreeBSD vulnerability is worth sitting with. Seventeen years. That flaw predates the iPhone. It was present through every major security framework, every compliance audit, every SOC 2 certification that any organization running FreeBSD went through between 2009 and 2026.
Nobody found it. Not because people were not looking. Because the volume of code and the complexity of interactions exceed what human review can reliably cover. The best security teams in the world were doing their jobs. The math was just against them.
This is the same pattern that shows up everywhere AI is being applied seriously. Not that people were incompetent. That the scale of the problem exceeded what human effort alone could handle. The warehouse that could not count inventory fast enough. The legal team that could not review contracts at the pace the business needed. The security team that could not audit codebases faster than code was being written.
AI does not replace the security team. It changes what the team can cover. The difference between scanning a codebase once a quarter with a human red team and scanning it continuously with an AI agent is not incremental. It is categorical.
The Access Problem
Here is the honest downside: you cannot get Mythos. Anthropic restricted access to roughly 48 organizations. If your company is not on that list, this capability is not available to you today.
But the capability exists. And capability, once demonstrated, proliferates. Anthropic has stated it plans to launch safeguards that will eventually allow Mythos-class models to be deployed more broadly. Other frontier labs are working on similar capabilities. The window between “this is restricted research” and “this is a product you can buy” has been shrinking with every generation of AI models.
Six months from now, AI-powered vulnerability discovery will not be a research preview. It will be a product category. The question for every organization is whether your security operations will be ready to absorb it, or whether you will be starting from zero while your competitors and your attackers are already running it.
What to Do With This
Start with an honest audit. How many lines of code does your organization produce or maintain? How much of that code has been reviewed in the last 12 months? If the ratio is unfavorable, that is the gap Glasswing just made visible.
Then talk to your security vendors. Ask them directly: what is your roadmap for AI-augmented vulnerability discovery? If the answer is vague or absent, that tells you something about their positioning for the next 12 months.
But the bigger shift is treating security as an AI operations question. The organizations inside Glasswing are not just using better tools. They are integrating AI into their security workflows as an ongoing collaborator, not a point-in-time scanner. Building the muscle to work with AI agents continuously rather than in quarterly bursts — that is the part that takes time. The model is the easy part. The workflow change is the hard part.
Anthropic found a 17-year-old vulnerability in weeks. The next generation of these models will be faster. The organizations that build the operational capacity to use them will have a security posture that others cannot replicate by buying a license. They will have built the practice.
That is the gap. It compounds from here.