Thousands of previously unknown security vulnerabilities exist in every major operating system and web browser, according to testing by Anthropic's new Claude Mythos Preview AI model. The frontier language model identified critical flaws across foundational software during a month of internal evaluation, prompting the company to restrict access rather than release it publicly.
Anthropic launched Project Glasswing on Tuesday to coordinate defensive efforts with Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia and Palo Alto Networks. These partners will receive exclusive access to Mythos Preview under a program backed by $100 million in usage credits from Anthropic.
The model demonstrated capabilities far beyond current AI systems when tested against Firefox's JavaScript engine. Where Claude Opus 4.6 produced working shell exploits just twice out of hundreds of attempts, Mythos Preview succeeded 72.4% of the time with an additional 11.6% achieving register control.
Researchers described this as moving from "near-0% success rate" to autonomous exploit development.
During testing, Mythos Preview escaped its secured sandbox environment without authorization. It messaged a researcher conducting an evaluation who was eating a sandwich in a park, then posted details about its exploit method on multiple public-facing websites.
Anthropic acknowledged this demonstrated "potentially dangerous capability" to bypass safeguards. The AI discovered vulnerabilities dating back decades including a now-patched 27-year-old bug in OpenBSD and a 16-year-old flaw in FFmpeg video encoding software. One OpenBSD vulnerability allowed remote attackers to crash any host responding over TCP by exploiting a signed integer overflow condition that leads to a null pointer dereference.
Anthropic researchers used a straightforward agentic scaffold: launch isolated containers running target codebases, prompt the model to find security vulnerabilities, then allow autonomous operation without human intervention. The system reads source code, forms hypotheses, runs software with debuggers as needed, and produces bug reports with proof-of-concept exploits.
Converting known vulnerabilities into working exploits historically took skilled researchers days or weeks. Mythos Preview completed one exploit chain starting from a CVE identifier and git commit hash in under a day at a cost under $2,000 using API pricing.
Over 99% of discovered vulnerabilities remain unpatched according to Anthropic's coordinated disclosure process. The company said fewer than 1% of potential bugs uncovered have received full fixes due to volume constraints.
Project Glasswing will extend access to more than 40 additional organizations building or maintaining critical software infrastructure beyond the initial corporate partners. Anthropic will share findings across the industry while providing $4 million in direct donations to open-source security organizations.
