Claude Mythos Preview: Frontier Model for Finding Zero-Day Vulnerabilities in Project Glasswing
Anthropic has launched Project Glasswing — a closed project focused on defensive security. Participants, including AWS, Apple, Google, Microsoft, NVIDIA, Cisco, CrowdStrike, JPMorgan Chase, and Linux Foundation, have gained access to Claude Mythos Preview. This frontier model is not planned for public release. In just weeks of operation, it has uncovered thousands of zero-day vulnerabilities in key systems.
Vulnerability Scanning Results
The model discovered bugs in major OSes, browsers, Linux kernel, OpenBSD, and FFmpeg. Among the fixed examples:
- A 27-year-old vulnerability in OpenBSD.
- A 16-year-old hole in FFmpeg.
- A chain of bugs in Linux kernel for privilege escalation.
These findings demonstrate the model's ability to perform at the level of leading security researchers. Anthropic has invested up to $100 million in usage credits and $4 million in open-source security projects: Linux Foundation, OpenSSF, Alpha-Omega, Apache Software Foundation.
Benchmarks and Performance
Claude Mythos Preview significantly outperforms Claude Opus on key metrics in security and development tasks. Here's the comparison:
| Benchmark | Mythos Preview | Opus |
|-----------------------|----------------|----------|
| SWE-bench Verified | 93.9% | 80.8% |
| CyberGym | 83.1% | 66.6% |
| Terminal-Bench 2.0 | 82.0% | 65.4% |
The gap highlights the model's potential in automated code analysis and exploit discovery. This is especially relevant for mid/senior developers working with legacy code and kernel-level systems.
Anthropic's Strategy for Defensive AI
The project focuses on using AI for defense, not attack. Models are already capable of finding and exploiting vulnerabilities with high efficiency. No public release of Mythos Preview is planned: protective mechanisms will be refined first. Capabilities will be integrated into future versions of Claude Opus.
Participation of tech giants ensures scale: shared access to models accelerates patching of critical bugs. For developers, this means new tools for proactive security in CI/CD pipelines.
Key Takeaways
- Claude Mythos Preview found thousands of zero-days, including historical vulnerabilities in OpenBSD and FFmpeg.
- Benchmarks show leadership: +13–16% over Opus in SWE-bench, CyberGym, Terminal-Bench.
- $104 million in investments targeted at defensive security and open source.
- No public release: focus on safe integration into future models.
- Project Glasswing unites AWS, Google, Microsoft, and others for collective defense.
Implications for Developers
Senior specialists can expect evolution of tools like GitHub Copilot or similar, but with a focus on vulnerability scanning. Integrating such models into workflows will automate auditing of kernel modules and media libraries. Current benchmark leaders (SWE-bench >90%) point to a shift from assistive AI to autonomous security agents.
— Editorial Team
No comments yet.