Anthropic’s Security Push

Software flaws usually get found after someone trips over them. Anthropic is betting a frontier artificial intelligence model can find them first, and it has wrapped that bet into a new program called Project Glasswing announced on April 8, 2026. (anthropic.com) The basic job here is vulnerability research, which means reading huge codebases the way an auditor reads a ledger and spotting one bad line that can unlock a whole system. Anthropic says its new Claude Mythos Preview model is being used to scan software and help defenders patch weaknesses before attackers exploit them. (anthropic.com) Anthropic is not releasing this model to the public. Its April 7, 2026 system card says Claude Mythos Preview is its “most capable frontier model to date,” and the company is pairing that launch with extra safety evaluations and restricted access. (anthropic.com) Project Glasswing starts with a small club of launch partners that includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic also says it has extended access to more than 40 additional organizations that build or maintain critical software infrastructure. (anthropic.com) That partner list shows what Anthropic is aiming at. The Linux Foundation helps steward open-source software used across the internet, Amazon Web Services and Microsoft run giant cloud platforms, and JPMorganChase sits on financial infrastructure that moves real money every day. (anthropic.com) Anthropic’s own security team says the model is strong enough to change how bug hunting works. In a technical write-up published on April 7, 2026, Anthropic researchers said they tested Mythos Preview on real open-source codebases and focused on its ability to find and exploit zero-day vulnerabilities, which are flaws unknown to the vendor at the time of discovery. (red.anthropic.com) A zero-day vulnerability is like a building door with a hidden broken lock that nobody has noticed yet. If a model can reliably find those hidden locks at machine speed, the same capability can help defenders fix systems faster or help attackers break in faster. (red.anthropic.com) That is why Anthropic is treating Mythos Preview differently from a normal model launch. NBC News reported on April 9, 2026 that the company limited release of the model to a small group of tech and security organizations because of the potential damage a wider public rollout could cause. (nbcnews.com) This did not come out of nowhere. In November 2025, Anthropic said artificial intelligence had reached an “inflection point” in cybersecurity and urged security teams to experiment with uses like threat detection, vulnerability assessment, and incident response after disrupting what it described as the first reported artificial-intelligence-orchestrated cyber espionage campaign. (anthropic.com) Anthropic has also been tightening its broader safety machinery as model capability rises. In June 2025, it said it had activated Artificial Intelligence Safety Level 3 protections for Claude Opus 4, adding stronger security controls around model theft and targeted deployment limits for high-risk misuse. (anthropic.com) The argument for Glasswing is simple: if models are getting good enough to find serious bugs, the first people holding them should be the ones defending browsers, cloud systems, and core open-source code. The argument against it is also simple: when a company gives a powerful model to selected partners and not to everyone else, access itself becomes part of the power struggle. (anthropic.com)