Key Points
- Anthropic’s Claude Mythos Preview found vulnerabilities in every major operating system and browser
- Company commits up to ₹850 crore in credits and ₹34 crore in donations for security work
- Model discovered a 27-year-old flaw in OpenBSD that could remotely crash any machine
Anthropic has restricted access to its newest artificial intelligence model after it discovered thousands of critical security flaws in software used by billions of people worldwide, including every major operating system and web browser.
The San Francisco-based AI company announced Project Glasswing on Thursday, a cybersecurity initiative that limits its Claude Mythos Preview model to 11 launch partners. These include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks.
EVENT
Infosec Reimagined
Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.
EVENT
CIO Prism
CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.
The restrictions matter for Indian users because the affected software runs on devices across the country, from government servers to personal smartphones. Any security flaws in operating systems like Windows, Linux, macOS, Android or iOS, or browsers like Chrome and Safari, directly affect the estimated 759 million internet users in India.
AI finds what humans missed for decades
In its statement, Anthropic said the model had already identified thousands of high-severity vulnerabilities. A vulnerability is a weakness in software that attackers can exploit to gain unauthorised access or cause damage.
“AI models have reached a level of coding capability beyond most skilled humans at finding and exploiting software vulnerabilities,” Anthropic stated. “Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser.”
The company warned that such capabilities could soon spread to malicious actors. “Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely,” the statement read. “The fallout, for economies, public safety and national security, could be severe.”
Over the past few weeks, Anthropic used Mythos Preview to identify thousands of zero-day vulnerabilities. A zero-day is a flaw previously unknown to the software’s developers, meaning no fix exists when attackers discover it. Many of the flaws Anthropic found were rated critical.
Decades-old flaws exposed in critical systems
Among the most significant discoveries, Mythos Preview uncovered a 27-year-old vulnerability in OpenBSD. This operating system is widely regarded as one of the most security-hardened platforms available and is commonly used to run firewalls and other critical infrastructure. The flaw allowed an attacker to remotely crash any machine running the operating system simply by connecting to it, according to Anthropic.
Advertisement
The model also discovered a 16-year-old vulnerability in FFmpeg, a software library used by countless applications to encode and decode video. Automated testing tools had examined the affected line of code five million times without detecting the problem, Anthropic stated.
In another finding, Mythos Preview autonomously identified and chained together several vulnerabilities in the Linux kernel. The Linux kernel is the core software that runs most of the world’s servers, including those powering major Indian digital services. The vulnerabilities allowed an attacker to escalate from ordinary user access to complete control of a machine.
Funding and access for security organisations
Anthropic said it would commit up to $100 million, approximately ₹850 crore, in usage credits for Mythos Preview across defensive security efforts. The company will also donate $4 million, approximately ₹34 crore, directly to open-source security organisations.
Launch partners will use Mythos Preview as part of their defensive security work. Anthropic added that it would share findings with the broader industry and extend access to over 40 additional organisations. These organisations build or maintain critical software infrastructure and will be able to scan and secure both proprietary and open-source systems.
“Project Glasswing is a starting point,” Anthropic stated. “No one organisation can solve these cybersecurity problems alone. Frontier AI developers, other software companies, security researchers, open-source maintainers and governments across the world all have essential roles to play.”
The restricted access model means Mythos Preview will not be available to the general public or to most businesses in the near term. Anthropic has not announced a timeline for broader access or indicated whether technology companies outside the initial partner list will receive early access to the security-focused model.
Your Questions, Answered
What is Anthropic’s Project Glasswing?
Project Glasswing is a cybersecurity initiative that restricts Anthropic’s Claude Mythos Preview model to select partners including Apple, Google, Microsoft and others. These partners will use the model for defensive security work to find and fix software vulnerabilities.
What did Claude Mythos Preview discover?
The AI model found thousands of high-severity vulnerabilities in every major operating system and web browser. This includes a 27-year-old flaw in OpenBSD and a 16-year-old vulnerability in FFmpeg that automated tools missed despite five million tests.
How much is Anthropic investing in cybersecurity through this initiative?
Anthropic commits up to $100 million, approximately ₹850 crore, in usage credits for Mythos Preview. The company will also donate $4 million, approximately ₹34 crore, directly to open-source security organisations.
Will Claude Mythos Preview be available to the public?
No, the model is currently restricted to 11 launch partners and over 40 additional organisations that build or maintain critical software infrastructure. Anthropic has not announced when or whether broader public access will be granted.