Anthropic just turned the cybersecurity industry inside out.

The company announced Project Glasswing, a defensive cybersecurity initiative built on something genuinely alarming: its unreleased Claude Mythos Preview model independently discovered thousands of zero-day vulnerabilities in every major operating system and every major web browser. Not theoretical weaknesses. Real, exploitable flaws that survived decades of human security review and millions of automated tests.

The launch partners read like a who's who of critical infrastructure: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. All twelve are now using Mythos Preview to hunt for vulnerabilities in their own systems before attackers do.

The Model Too Dangerous to Release

Here is what makes this story genuinely different from the usual "our model is so smart" announcements. Anthropic is not releasing Mythos to the public. It is not even calling it a product. The company is explicitly saying: this model is so capable at finding and exploiting security flaws that putting it in the wrong hands would be catastrophic.

Instead, Anthropic is doing something nobody expected from an AI company: spending $100 million in usage credits to let more than 40 organizations scan and secure critical software infrastructure. Plus another $4 million in direct donations to open-source security organizations.

Mythos Preview found its vulnerabilities almost entirely autonomously. No human prompting it toward specific code paths. No guidance on where to look. It read the code, found the flaws, developed working exploits, and in some cases chained multiple vulnerabilities together into full attack sequences. All on its own.

The Uncomfortable Math

If Anthropic's model can find these flaws, other models can too. It is a matter of when, not if. Anthropic is essentially racing against the clock to patch critical software before less responsible actors build similar capabilities and use them offensively.

The pricing tells you how seriously they are taking this. Mythos Preview is available to Project Glasswing participants at $25 per million input tokens and $125 per million output tokens. For context, Claude Opus costs $15/$75. Anthropic is charging nearly double because the model is genuinely more capable, and it is limiting access to organizations that can use it defensibly.

Cybersecurity professionals are already calling it a reckoning. The New York Times quoted security researchers saying the model's capabilities make existing vulnerability scanning tools look like children's toys.

What This Actually Means

Anthropic just created the most powerful argument for responsible AI development anyone has ever made. Not with a blog post or a policy paper. With a product so dangerous they will not sell it, and so valuable that the biggest companies in the world are lining up to use it defensively.

Every major OS. Every major browser. Thousands of flaws nobody knew existed. Found by an AI that never sleeps, never gets tired, and can read more code in an hour than a human security team can review in a year.

The defenders got to this one first. Next time, they might not.

Sources: Anthropic, The New York Times, The Hacker News, The Register, Business Insider, Quartz