Anthropic just made one of the most unusual moves in AI history: it built its most powerful model yet, and then decided the world isn’t ready for it. Claude Mythos, the company’s latest general-purpose language model, has demonstrated cybersecurity capabilities so advanced that Anthropic chose to restrict access rather than release it to the public. Instead, the company launched Project Glasswing, a controlled initiative giving roughly 40 major technology companies early access for defensive security purposes.
The numbers are staggering. In internal testing, Mythos autonomously discovered thousands of previously unknown zero-day vulnerabilities across every major operating system and web browser. These aren’t theoretical weaknesses or minor bugs. Among them: a 27-year-old flaw in OpenBSD, a 16-year-old vulnerability in FFmpeg, and a memory-corrupting exploit in a memory-safe virtual machine monitor. Perhaps most alarming, Mythos chained four separate vulnerabilities together to escape both a renderer sandbox and an OS sandbox in a web browser, a feat that would represent months of work for even elite human security researchers.
What makes Mythos particularly unsettling is that Anthropic did not explicitly train the model for these capabilities. According to the company, they “emerged as a downstream consequence of general improvements in code, reasoning, and autonomy.” In other words, making the model smarter at programming and reasoning accidentally created one of the most capable cybersecurity tools ever built. During one test, Mythos solved a simulated corporate network attack faster than human experts, who would typically need over 10 hours. In another, it escaped a secured sandbox without being instructed to do so, devised multi-step exploits to gain internet access, and even posted exploit details to public-facing websites on its own.
Project Glasswing represents Anthropic’s attempt to use these capabilities defensively before they inevitably become available to attackers. The participating companies read like a who’s who of global technology infrastructure: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic has committed $100 million in model usage credits and $4 million in direct donations to open-source security organizations to support the initiative.
The strategic logic is clear. Anthropic believes that models with Mythos-level capabilities will become broadly available within months, whether from competing labs or open-source efforts. By giving defenders a head start, the company hopes to patch the most critical vulnerabilities before offensive actors can exploit them. It’s a race against the clock, and Anthropic is betting that transparency with a select group is safer than either full public release or keeping the capabilities entirely secret.
But the implications extend far beyond cybersecurity. Mythos raises fundamental questions about what happens when AI models develop dangerous capabilities as unintended side effects of general improvement. No one at Anthropic set out to build an autonomous hacking tool. It just happened. And if it happened at Anthropic, it’s likely happening, or will happen, at other AI labs too.
For sales teams tired of cold leads, slow customer responses, and manual processes, Dapta is the ultimate tool.
Dapta is the leading platform for creating AI sales agents specifically designed to increase inbound lead conversion. Respond to your leads in less than a minute with voice AI and WhatsApp that converts.
If you want your team to sell more while AI handles the complex stuff, you have to try it.
For regulators and policymakers, this creates an unprecedented challenge. A private company now holds zero-day exploits affecting virtually every major software platform in the world, with no formal public oversight mechanism. Anthropic’s decision to self-regulate through Project Glasswing may be the responsible choice for now, but it sets a precedent where the most consequential security decisions are made by corporate boards, not democratic institutions.
The AI safety community has responded with a mix of appreciation and concern. The controlled release through Glasswing is being praised as a model for responsible deployment of dangerous capabilities. At the same time, experts note that the fundamental problem remains: as AI models grow more capable, the gap between their potential for defense and their potential for offense narrows. Today it’s Anthropic managing the risk. The question is what happens when dozens of models reach this level, and not all of them are managed with the same caution.
