You’re reading NeuralWired — the publication built for technologists, CISOs, investors, and operators who can’t afford to be surprised by frontier AI. This piece is part of our ongoing series on AI Safety & Cyber Intelligence. For weekly briefings on what matters before everyone else covers it, subscribe to The Neural Loop.
Breaking Analysis · AI Cybersecurity · April 10, 2026
The AI Too Dangerous to Release Just Found Zero-Days in Every Major OS — Here’s What That Means for Your Security
Claude Mythos Preview autonomously discovered thousands of high-severity vulnerabilities before Anthropic locked it away. Project Glasswing gives 50+ organizations early access. Everyone else gets a ticking clock.
On April 7, 2026, Anthropic published a blog post that most security teams hadn’t fully absorbed by the time it went viral. The headline: an AI model they built — and chose not to release — had independently found thousands of critical vulnerabilities hiding in software that runs the internet, every major operating system, and every major browser. Some of those bugs had been sitting there for decades, surviving millions of automated fuzz tests and years of human review.
The model is called Claude Mythos Preview. The initiative using it is called Project Glasswing. And understanding what both of these mean — not just for Anthropic, but for every organization that depends on software — is quickly becoming a baseline competency for any security leader.
What Anthropic’s Claude Mythos Actually Is
Mythos Preview is Anthropic’s most capable model by a considerable margin — and, crucially, the first frontier AI model any major lab has explicitly withheld from public release because of what it can do. This isn’t a safety decision born of ambiguity. It’s a deliberate choice backed by a stark internal assessment.
According to Anthropic’s own Project Glasswing documentation, Mythos represents a model that is presently far ahead of any other AI in cyber capabilities and presages an era in which AI models can find and exploit vulnerabilities “in ways that far outpace the efforts of defenders.” That language, which appeared in Anthropic’s internal communications before the public announcement, is what triggered stock volatility across major cybersecurity vendors — CrowdStrike, Palo Alto Networks, SentinelOne, and others — when it began circulating in March.
Mythos isn’t a specialized security scanner. It’s a frontier language model whose advanced agentic coding and reasoning capabilities happen to translate with frightening effectiveness into autonomous vulnerability discovery. Give it access to a codebase and a single prompt, and it can identify subtle logic flaws, construct working exploit chains, and document everything — without requiring human steering at each step.
What It Found — And Why That Keeps CISOs Up at Night
The specific vulnerabilities Mythos uncovered aren’t just impressive in aggregate. The type of bugs it found tells you something important about the limits of conventional security tooling.
Consider: a 27-year-old vulnerability in OpenBSD that allowed remote machines to crash. A 16-year-old out-of-bounds write in FFmpeg that automated fuzz testing had touched over 5 million times without flagging. A 17-year-old unauthenticated remote root privilege in FreeBSD (CVE-2026-4747). Multiple Linux kernel vulnerabilities that Mythos chained together to escalate from user-level access to full system control. These weren’t obscure corner cases. They were in widely deployed software that billions of systems depend on.
As Salt Data’s security analysis documented, the FFmpeg finding is particularly instructive. The bug had survived extensive automated testing precisely because discovering it required semantic understanding of intent — what the code was trying to do — not just syntactic pattern matching. Mythos brought that understanding.
“The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took months now happens in minutes with AI. Claude Mythos Preview demonstrates what is now possible for defenders at scale, and adversaries will inevitably look to exploit the same capabilities. That is not a reason to slow down; it’s a reason to move together, faster.”
— Elia Zaitsev, CTO, CrowdStrike · Anthropic Project Glasswing blogThe strategic implication Zaitsev is pointing at is the one that should drive your board conversation: the question isn’t whether adversaries will eventually access Mythos-class capabilities. It’s whether your organization will be patched, hardened, and instrumented before they do.
The Benchmarks: Quantifying the Capability Jump
Anthropic published direct benchmark comparisons between Mythos Preview and Claude Opus 4.6 — currently their top publicly available model. The gap is substantial across every relevant dimension.
| Benchmark | What It Measures | Claude Mythos | Claude Opus 4.6 | Delta |
|---|---|---|---|---|
| SWE-bench Verified | Real-world code bug fixing | 93.9% | 80.8% | +13.1 pts |
| CyberGym | Cybersecurity vuln reproduction | 83.1% | 66.6% | +16.5 pts |
| Terminal-Bench 2.0 | Agentic tool-use in terminal | 82.0% | 65.4% | +16.6 pts |
| Terminal-Bench 2.1 (extended) | Agentic tool-use, longer horizon | 92.1% | — | — |
| OSWorld-Verified | OS-level interaction tasks | 79.6% | 72.7% | +6.9 pts |
Source: Anthropic Project Glasswing announcement, April 2026. All scores represent Mythos Preview at maximum effort with adaptive thinking.
The CyberGym gap (+16.5 points) is the one that matters most for security practitioners. It measures a model’s ability to reproduce known cybersecurity vulnerabilities from documentation — a proxy for how effectively it can understand, replicate, and potentially construct exploit paths. Mythos at 83.1% isn’t just better than Opus 4.6. It’s operating in a different category.
All benchmarks were run internally by Anthropic. No independent replication exists yet, which is a genuine caveat. But the real-world findings — decades-old zero-days in production codebases — function as an external validation that words in a benchmark table can’t fully capture.
Project Glasswing: The Coalition Holding the Keys
Anthropic’s response to having built something it judges too dangerous for public release isn’t to shelve it. It’s to run a structured, gated access program that uses Mythos’ capabilities defensively — finding and patching vulnerabilities in critical infrastructure before adversaries discover them independently.
That program is Project Glasswing. The initial partner coalition includes some of the most significant institutions in global technology and finance:
“We’ve been testing Claude Mythos Preview in our own security operations, applying it to critical codebases, where it’s already helping us strengthen our code. We’re bringing deep security expertise to our partnership with Anthropic and are helping to harden Claude Mythos Preview so even more organizations can advance their most ambitious work with security that sets the standard.”
— Amy Herzog, VP & CISO, Amazon Web Services · Anthropic Glasswing blogBeyond model access, Anthropic is committing up to $100M in usage credits to Glasswing partners, plus $4M in direct donations — $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation, $1.5M to the Apache Software Foundation — to fund open-source security infrastructure. These donations aren’t symbolic. They fund the maintainer capacity needed to process and patch AI-generated vulnerability reports.
The financial angle matters too. On April 10, 2026 — three days after the Glasswing announcement — CoreWeave and Anthropic announced a multi-year GPU infrastructure agreement to support Claude’s production deployment at scale. CoreWeave reported $5.13B in 2025 revenue with guidance for over $12B in 2026 and a contracted backlog exceeding $66B. Mythos-class workloads don’t run on commodity hardware, and the infrastructure commitments signal that Anthropic is building for sustained operation at frontier scale — not a one-off research demo.
Risk Matrix: What Mythos-Class AI Means for Your Threat Model
If Mythos-class capabilities reach adversaries — whether through model weight leakage, independent development by well-funded state actors, or gradual proliferation as the capability ceiling rises across the industry — the following risks move from theoretical to near-certain. Here’s how to prioritize them.
Models that scan codebases autonomously compress discovery timelines from months to hours. Every major OS and browser is exposed. Patch cycles become the primary survival variable.
Mythos didn’t just find individual bugs — it chained multiple Linux kernel vulnerabilities into a privilege escalation path. AI-driven lateral movement becomes real-time.
The FFmpeg and OpenBSD findings demonstrate that widely deployed OSS carries latent risk that conventional tooling misses. Every downstream dependency is a potential vector.
If your team can’t patch faster than AI can find and report issues, you’re accumulating disclosed liability. AI discovery without AI-assisted triage creates a new failure mode.
Gated access programs can leak via insider misuse, prompt extraction, or model weight exfiltration. Current public docs don’t detail Glasswing’s mitigations for this.
Anthropic proactively briefed governments on Mythos’ risks. Central banks and financial regulators are already evaluating systemic cyber-risk implications for large institutions.
The CISO Playbook: 30/90/365-Day Action Framework
You don’t need Mythos access to start hardening for a Mythos-class threat environment. Here’s a sequenced response.
Defensive Framework: AI Zero-Day Era
0–30 Days: Assess & Triage
Inventory your critical software, open-source dependencies, and highest-exposure services. Map your current vulnerability discovery pipeline — SAST, DAST, fuzzing, manual review — and identify where semantic understanding gaps exist. These are where Mythos-class systems will find what your tools missed. Check your patch SLA against realistic AI-accelerated exploitation timelines.
30–90 Days: Upgrade Detection & Response
Deploy AI-augmented code scanning in your CI/CD pipeline — tools that can reason semantically about code behavior, not just match known patterns. Evaluate whether you qualify for Glasswing-adjacent programs as they expand. Conduct tabletop exercises assuming AI-assisted adversaries. Tune your EDR and XDR stack for novel, AI-generated exploit signatures you’ve never seen in the wild before.
90–365 Days: Structural Hardening
Build AI-assisted red team capacity internally or through trusted partners. Implement rigorous SBOM tracking and dependency governance — supply chain exposure was central to Mythos’ most dramatic findings. Establish a board-level reporting cadence for AI cyber risk alongside traditional threat briefings. Push regulators for clarity on AI-generated vuln disclosure obligations before they mandate it.
Ongoing: Monitor & Participate
Track Glasswing disclosures and CVE publications linked to AI-discovered vulnerabilities as leading indicators. Participate in ISACs and AI-security working groups. Watch for Anthropic’s planned expansion of Mythos-class access as safeguards mature — the organizations that participated in early access programs historically built the deepest defensive expertise.
“AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back. Our foundational work with these models has shown we can identify and fix security vulnerabilities across hardware and software at a pace and scale previously impossible. That is a profound shift, and a clear signal that the old ways of hardening systems are no longer sufficient.”
— Anthony Grieco, SVP & Chief Security & Trust Officer, Cisco · Anthropic Glasswing blogThe Contrarian View: Is This Defense or Theater?
Glasswing’s defenders-first framing has attracted real skepticism, and it deserves engagement rather than dismissal.
The first concern is structural. Concentrating Mythos access in a coalition of Big Tech companies and large financial institutions doesn’t just protect critical infrastructure — it entrenches it. Smaller enterprises, non-US organizations, academic researchers, and open-source communities without Fortune 500 relationships don’t get early access. The Mythos capability gap between Glasswing partners and everyone else may persist for years. Jim Zemlin of the Linux Foundation acknowledged this tension directly, framing Glasswing as a chance to give even resource-constrained maintainers an “AI-powered sidekick.” But early access remains concentrated at the top.
The second concern is practical: disclosure without patch capacity creates liability, not security. Mythos can find vulnerabilities faster than human teams can validate, triage, and fix them. If the AI-generated discovery backlog overwhelms the humans responsible for remediation, the net effect could be a larger disclosed attack surface — not a smaller one.
The third concern cuts to the core of the “defense-first” thesis itself. CrowdStrike’s Zaitsev and Palo Alto’s Lee Klarich both argue that adversaries will develop equivalent capabilities regardless, so the right move is to accelerate defenders. That logic is defensible but not closed. Capable state actors may already have models approaching Mythos-class performance, or they may be years away. The timeline assumption embedded in “move faster together” carries enormous strategic weight — and Anthropic hasn’t published it.
“Perhaps even more important: everyone needs to prepare for AI-assisted attackers.”— Lee Klarich, Chief Product & Technology Officer, Palo Alto Networks
None of this makes Project Glasswing a bad idea. It makes it an incomplete answer to a problem that will outlast any single initiative. The organizations that treat Glasswing as a complete solution will be wrong. Those who treat it as the opening move in a longer defensive buildout are closer to right.
Frequently Asked Questions
What Comes Next
Project Glasswing and Claude Mythos Preview together represent something genuinely new: a frontier AI capability that a lab judged too dangerous to release, channeled through a structured coalition into a defensive mission. It’s not a perfect solution. The access concentration, patch capacity limits, and opacity around adversary timelines are real problems without clean answers.
But the deeper pattern here matters more than any individual model or program. Mythos demonstrates that the asymmetry between AI-powered offense and conventional defense has already moved beyond theoretical concern. The bugs it found weren’t edge cases — they were in software your infrastructure depends on today, and they’d been there for decades while the security industry ran its best tools past them millions of times. That changes the security calculus for every organization regardless of whether they ever touch Mythos.
Watch for three developments in the next 12–18 months: the pace at which CVEs tied to Glasswing disclosures appear in the public record (a proxy for how actively Mythos is being deployed); regulatory movement from financial supervisors treating AI-accelerated cyber risk as a systemic concern rather than an IT problem; and the emergence of competing initiatives from other frontier labs that will determine whether gated access models or open defensive deployments become the industry norm. The organizations building AI-augmented security operations now — before those norms solidify — will set the terms of what comes next.
Stay ahead of what’s building
NeuralWired covers the frontier AI stories that change decisions — for technologists, operators, and the people who fund them. Every week.
Disclaimer: This article is produced for informational and editorial purposes. NeuralWired has no commercial relationship with Anthropic, CoreWeave, or any Project Glasswing partner named herein. Benchmark data is sourced from Anthropic’s April 2026 Project Glasswing announcement and has not been independently replicated at time of publication. This article does not constitute cybersecurity, investment, or legal advice. Readers should consult qualified professionals before making organizational security decisions based on this or any other publication.