On April 7, Anthropic announced Project Glasswing — a collaborative cybersecurity initiative built around Claude Mythos Preview, an unreleased frontier model that has autonomously discovered thousands of high-severity zero-day vulnerabilities across every major operating system and web browser. The partner list reads like a who's who of enterprise technology: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic is committing $100 million in model usage credits and $4 million in open-source security donations.
The instinct is to celebrate this as a defensive breakthrough. And in one sense, it is. But the more important story — the one that should be on every CISO's desk this week — is what happens when AI discovers vulnerabilities at a pace that overwhelms every remediation process enterprise security teams have built.
We have spent two decades building vulnerability management programs around a core assumption: discovery is hard. That assumption just broke.
What Mythos Preview Actually Does
Claude Mythos Preview is not a purpose-built security tool. It is a frontier reasoning model whose coding and agentic capabilities happen to make it extraordinarily effective at finding software flaws. On CyberGym's cybersecurity vulnerability reproduction benchmark, Mythos scores 83.1 percent — a 16-point lead over Claude Opus 4.6's 66.6 percent. On SWE-bench Pro, the standard measure of real-world software engineering capability, it hits 77.8 percent versus 53.4 percent for Opus 4.6.
The raw numbers undersell the qualitative shift. Mythos found a 27-year-old vulnerability in OpenBSD — a security-focused operating system maintained by some of the most paranoid developers on the planet — that allows remote system crashes. It found a 16-year-old flaw in FFmpeg that automated security tools had missed across five million test runs. It chained together multiple Linux kernel vulnerabilities to achieve full privilege escalation from standard user access.
For the technical audience, the most significant capability is vulnerability chaining. Previous automated tools could identify individual flaws but lacked the reasoning capacity to connect them. Mythos can find two or three vulnerabilities that are individually low-severity and construct an exploit path that chains them into a high-impact attack. Logan Graham of Anthropic's Frontier Red Team described it plainly: "We basically need to start preparing for a world where there is zero lag between discovery and exploitation."
For the business audience, the simplified version is this: an AI model just found critical security flaws that the best human researchers and the best automated tools missed for decades. And it did so largely without human guidance.
The 1 Percent Problem
Here is the number that should alarm you more than any benchmark score: less than 1 percent of the vulnerabilities Mythos has discovered have been fully patched by maintainers.
This is not a failure of will. It is a structural mismatch between discovery velocity and remediation capacity. Enterprise security teams have built workflows, approval processes, change management procedures, and testing pipelines calibrated to a world where a few dozen critical vulnerabilities emerge per quarter. Mythos produces thousands.
The bottleneck was never finding the vulnerabilities. It was always fixing them. And now the finding side just got multiplied by orders of magnitude while the fixing side remained exactly where it was.
Adrian Sanabria, a security industry analyst, put his finger on the real constraint: "The problem isn't generating more patches. It's getting them deployed to infrastructure that we're not allowed to touch or take offline." Anyone who has managed vulnerability remediation in a Fortune 500 environment knows this intimately. The critical system running on a legacy codebase that cannot be patched without a three-week change window. The production database that has not been updated in two years because the vendor no longer supports the operating system it runs on. The embedded device in the manufacturing floor that predates the concept of software updates.
AI-driven discovery does not change any of those constraints. It just makes the gap between what you know is broken and what you can actually fix visible in a way that is no longer ignorable.
The Economics of Exploitation Just Changed
For the past decade, discovering a deeply buried zero-day and developing a reliable exploit required weeks of work from researchers who command six-figure salaries and are in short supply globally. The economic barrier to offensive operations was real. State actors and well-funded criminal organizations could afford it. Most attackers could not.
Mythos Preview can perform end-to-end exploit development — from vulnerability discovery to working exploit — for under $50 in compute costs in some cases. The model is not publicly available. Anthropic has restricted access to approximately 50 organizations. But the capability gap between Mythos and publicly available models is 16 points on a benchmark that the industry watches closely. That gap is, as one analyst noted, "meaningful today and compressible over the next two release cycles."
This is the part that matters for enterprise risk planning: even if Mythos itself never leaks, the capability it demonstrates will be replicated. Other frontier model developers are training on similar code corpora using comparable agentic reasoning frameworks. The offensive capability that Glasswing is trying to deploy defensively will become available to adversaries — not in the same controlled, partnered format, but in some form — within six to twelve months.
The CrowdStrike assessment is blunt: "The window between vulnerability discovery and exploitation has collapsed." Project Glasswing is an attempt to ensure defenders get there first. But the window of exclusive defensive advantage is narrow.
What This Means for Enterprise Security Teams
The implications break down differently depending on your role and your organization's security maturity.
If you run vulnerability management, your current MTTR baselines are obsolete. The volume of actionable findings that AI-driven scanning will produce — whether from Glasswing participants, competitors, or adversaries using similar capabilities — will overwhelm triage processes designed for human-scale discovery rates. The organizations that survive this shift will be those that invest in automated remediation pipelines now, before the flood arrives.
If you are a CISO, the budget conversation just changed. AI vulnerability scanning at production scale is coming whether you adopt it or not — because your adversaries will. Mythos pricing is set at $25 per million input tokens and $125 per million output tokens post-research phase. That makes enterprise-scale scanning economically viable for the first time. It also means the cost of not scanning is no longer "we might miss something." It is "our adversaries will find things we chose not to look for."
If you run application security, the intersection with AI-generated code creates a compounding problem. Seventy-eight percent of CIOs cite governance and data security as top barriers to AI adoption in software development. But the code is being written anyway — by Copilot, by Claude Code, by Cursor, by a dozen other tools. The question is whether your AppSec tooling can keep pace with AI-generated code. Traditional downstream scanning cannot. AI-native application security operating at the code generation layer is no longer optional.
If you are an engineering leader, the pressure extends beyond security. Every development organization now operates in an environment where the code they ship today could be autonomously audited tomorrow by a model capable of finding flaws that survived decades of human review. The standard of care has shifted. "We followed our normal security review process" will not be an adequate answer when a breach traces back to a vulnerability class that AI tools could have caught.
The Glasswing Coalition: Collaboration and Tension
The partner list deserves scrutiny beyond the obvious prestige. AWS, Google, Microsoft, Cisco, Palo Alto Networks, and CrowdStrike are simultaneously collaborators in this initiative and direct competitors in the enterprise security market. Anthropic has positioned itself as an infrastructure-layer provider — the neutral capability engine that powers defensive operations across competing platforms.
This is a strategically brilliant move. It locks in twelve of the most important technology companies as dependent on Anthropic's most advanced model for a critical security function. It creates switching costs that go far beyond API pricing. And it positions Anthropic as essential infrastructure at a moment when the company is simultaneously fighting a legal battle with the Department of Defense over military access to its models.
That legal battle provides important context. The DoD designated Anthropic a "supply chain risk" in February 2026 after the company refused to grant unrestricted military access to Claude models. The Pentagon wanted "lawful purposes" access without company-imposed restrictions on surveillance and lethal autonomous weapons. Anthropic refused. A federal judge granted a preliminary injunction blocking the supply chain designation, ruling it constituted First Amendment retaliation. The case remains unresolved.
The juxtaposition is striking: the U.S. government's primary AI safety-focused lab is simultaneously powering defensive cybersecurity for a dozen of the world's largest companies and locked in a legal dispute with the Department of Defense over the boundaries of AI deployment. For enterprise buyers evaluating Anthropic as a vendor, this is not a footnote. The resolution of this dispute will shape the regulatory and procurement environment for AI security tools for years.
What Glasswing Does Not Solve
Project Glasswing is not a solution. It is a capability demonstration that reveals a problem.
The problem is that vulnerability management, as an enterprise discipline, was designed for a world where finding critical flaws was expensive and slow. In that world, the constraint was detection. Organizations could reasonably manage the flow of new vulnerabilities because the flow was manageable.
Glasswing announces the arrival of a world where detection is cheap and fast and essentially unlimited. In that world, the constraint shifts entirely to remediation — and remediation is bottlenecked by organizational complexity, legacy infrastructure, change management processes, vendor dependencies, and resource limitations that no AI model can bypass.
The organizations that will navigate this transition successfully are not necessarily those with the largest security budgets. They are those that can compress their remediation cycles, automate patch deployment where possible, and make architectural decisions that reduce their exposure to vulnerability classes that require manual intervention to fix.
For open-source maintainers, Glasswing provides genuine relief. The $100 million in usage credits and $4 million in direct funding addresses a real and long-standing resource gap. The Linux Foundation's CEO, Jim Zemlin, called it "how AI-augmented security can become a trusted sidekick for every maintainer, not just those who can afford expensive security teams." This is meaningful. Open-source infrastructure underpins virtually every enterprise application stack, and the maintainers who steward it have been chronically under-resourced.
But enterprise security teams cannot wait for open-source patches to flow downstream. They need to build the internal capacity to receive, triage, and deploy fixes at a pace that matches AI-driven discovery. And they need to start now.
The Uncomfortable Strategic Question
Anthropic has committed to publishing a transparency report within 90 days detailing the vulnerabilities found, the remediation rates, and the lessons learned. This will be the first real test of whether Glasswing delivers operational results or remains an impressive proof of concept.
But the larger strategic question is not about Glasswing specifically. It is about what happens when the asymmetry between offense and defense — which has favored attackers for the entire history of cybersecurity — gets amplified by AI on both sides.
If defenders get Mythos-class capabilities first, the temporary advantage is real. Vulnerabilities get found and fixed before attackers can exploit them. But "first" means months, not years. The offensive applications of this same technology are coming. And when they arrive, the organizations that invested in remediation infrastructure will be the ones that survive, while those that only invested in detection will have longer lists of problems they cannot fix fast enough.
Project Glasswing is a starting gun, not a finish line. The race it starts is between the speed at which AI can find what is broken and the speed at which organizations can fix it. Right now, fixing is losing badly.
The enterprise security teams that understand this — and start building for it today — will define the next era of cybersecurity. The ones that treat Glasswing as someone else's problem will find out, inevitably, that it was always theirs.
Rajesh Beri is Head of AI Engineering at Zscaler, where he leads AI solutions across enterprise security, sales, and customer operations. The views expressed are his own.
Want to calculate your own AI ROI? Try our AI ROI Calculator — takes 60 seconds and shows projected savings, payback period, and 3-year ROI.
Continue Reading
- [Anthropic Kills Seat Fees: Pay $0.004/1K Tokens vs OpenAI $20/Month](/article/anthropic-usage-based-pricing-2026)
- OpenAI Guarantees 17.5% Returns to PE Firms in $10B AI Deal
- Private Equity Becomes the AI Deployment Channel: $11.5B Bet
