Claude Mythos: The AI That Saw Everything

-

 

Claude Mythos: The AI That Saw Everything

Inside Project Glasswing — how Anthropic's Claude Mythos was turned loose on the world's most critical codebases, and what happened when the bug list started scrolling

#ClaudeMythos #ProjectGlasswing #Security



This is a Tech-Reader AI Digest Special Edition.

The opening scene is a composite drawn from public accounts of Project Glasswing sessions.

The room goes quiet before anyone says a word. It is a conference room somewhere inside a major technology company — a company whose name you would recognize instantly. The engineers and their managers have been granted something extraordinary: controlled access to Claude Mythos, Anthropic's most powerful AI model, a system so capable that Anthropic refused to release it publicly. The team has fed Mythos a portion of their codebase. Now the results are coming back on screen.

Nobody is ready for what they are seeing.

The list scrolls. And scrolls. Vulnerabilities — not theoretical, not edge cases — real, exploitable weaknesses hiding in production code that a generation of engineers, security auditors, and automated scanners had walked past without noticing. A flaw introduced in one decade, quietly compounding in the next. An interaction between two components that no human reviewer had ever thought to examine simultaneously. The list keeps scrolling.

One manager asks someone to stop it. Just stop it for a moment so they can absorb what they are reading. Nobody moves to stop it. They keep watching.

That scene, or something very much like it, played out at twelve of the most powerful technology organizations on earth this spring. Welcome to Project Glasswing.

What Project Glasswing is, and where the name came from

On April 7, 2026, Anthropic did something almost no leading AI laboratory had done before: it built its most capable model and then refused to ship it to the public. The model was Claude Mythos Preview. In its first weeks of internal testing, Mythos had autonomously discovered thousands of zero-day vulnerabilities — previously unknown security flaws — across every major operating system and web browser in widespread use today.

Among them: a 27-year-old denial-of-service flaw buried in OpenBSD's TCP/IP stack. A 17-year-old remote code execution vulnerability in FreeBSD's NFS server, designated CVE-2026-4747, that allowed an unauthenticated attacker anywhere on the internet to gain root access to affected machines. These were not obscure research targets. These were foundational systems running critical infrastructure worldwide, audited repeatedly by some of the best security minds in the industry. Nobody had found these flaws. Mythos found them in passing.

The name Anthropic chose for what came next is intentional. The glasswing butterfly has wings that are nearly transparent — beautiful, present, and almost impossible to see clearly. Anthropic's engineers chose it as a metaphor for software vulnerabilities: present in the code for years or decades, right there in plain sight, and somehow invisible to every tool and every human who looked.

Project Glasswing was Anthropic's answer to a question nobody had faced before at this scale: what do you do when your AI finds more vulnerabilities than the entire industry can patch?

The twelve partners and the structure of access

Rather than release Mythos publicly or lock it away entirely, Anthropic chose a third path. They assembled a coalition — twelve organizations that would receive controlled, vetted, legally bounded access to Mythos Preview for defensive security work only.

AWS · Apple · Broadcom · Cisco · CrowdStrike · Google · JPMorgan Chase · Linux Foundation · Microsoft · NVIDIA · Palo Alto Networks · Anthropic

One analyst described this coalition not as a product launch but as a treaty. That framing is apt. These are not simply vendors and customers. These are the organizations whose code underlies the global digital economy — the cloud infrastructure, the financial systems, the operating systems, the network security layer. If Mythos was going to be pointed at critical software, these were the right hands to hold it first.

Access came with significant conditions. Partners signed legal agreements prohibiting use of Mythos for offensive operations against third parties or any activity outside documented defensive use cases. Anthropic retained audit rights. Access was tiered, ranging from general security research support up through full-scope adversary simulation reserved for organizations with the most rigorous oversight structures. To back the initiative financially, Anthropic committed $100 million in usage credits to Glasswing participants and $4 million in direct donations to open-source security organizations.

What a Glasswing session actually looks like

This is where the picture becomes more concrete, and more interesting, than most coverage has conveyed.

Mythos does not travel. The model lives at Anthropic, accessed remotely via API. There is no visit to a facility, no Anthropic engineer at the keyboard guiding the session. The partner's own security engineers — on their own machines, in their own offices — submit their codebase or portions of it through the API and receive Mythos's analysis back.

Cloudflare published the most detailed public account of this process. Their team pointed Mythos at more than fifty of their own code repositories. What Cloudflare observed, and chose to share publicly, is instructive: Mythos did not simply scan for known vulnerability patterns the way traditional security tools do. It reasoned across the codebase, following chains of logic from one component to another, identifying how a weakness in one part of the system could be combined with a weakness in another to produce an exploit that neither weakness could produce alone. It thought about the code the way an elite attacker would think about it.

AWS applied Mythos across a technology stack that handles more than 400 trillion network flows daily. Cisco reported being able to identify and address vulnerabilities at a pace and scale they described as previously impossible. Microsoft stated the model was already helping strengthen code in critical systems.

These are not testimonials from a product brochure. These are production security teams describing what happened when they let the model loose on real infrastructure.

The shock of the list

Here is the number that reframes everything else in this story.

Fewer than 1% of vulnerabilities found by Mythos across Glasswing have been patched as of this writing.

Read that again. Mythos found thousands of vulnerabilities across the codebases of twelve of the most sophisticated technology organizations on earth. Fewer than one in a hundred have been fixed.

This is not a failure of the Glasswing partners. It is an exposure of a structural mismatch that Mythos has made impossible to ignore. Security teams work at human speed — triaging, assigning, developing fixes, testing, deploying, verifying. Mythos finds vulnerabilities at machine speed. The gap between those two rates is not a small one. One cybersecurity analyst described it plainly: defenders must work at calendar speed while attacks happen at machine speed.

The engineers in that quiet conference room, watching the list scroll, understood something in that moment that no briefing document could have conveyed. The problem was not that their code was unusually bad. The problem was that for the first time, they could see all of it at once.

The transparency paradox

Here is a detail about Project Glasswing that most coverage has missed, and it is a telling one.

The confidentiality around Glasswing findings was not imposed by Anthropic. The partners asked for it. The twelve organizations that signed up for Glasswing — companies with entire legal and communications departments, companies accustomed to navigating public disclosure — requested confidentiality protections before they would agree to share sensitive findings, even within the program. They were concerned about becoming targets.

Think about that for a moment. A project named after a butterfly whose defining characteristic is transparency launched with the partners themselves pulling the curtains closed.

As one analyst observed: for a project named Glasswing, keeping your vulnerability findings trapped in a locked vault was a surprisingly opaque strategy.

Anthropic has since revised those arrangements. As of this week, Glasswing partners are now permitted — and encouraged — to share findings with security teams at other companies, regulators, government agencies, open-source maintainers, the media, and the public, subject to responsible disclosure standards. The glasswing butterfly is, at last, becoming visible.

What Glasswing is not — yet

Project Glasswing, in its current form, is a vulnerability discovery program. Mythos finds. Humans fix. That boundary is deliberate and, for now, appropriate. The legal, operational, and safety questions around an AI autonomously rewriting production code at this scale are real, and the industry is not ready to navigate them yet.

But the sub-one-percent patch rate makes the limitations of that model visible. The list is growing faster than human teams can address it. The question of what comes next — whether Mythos can move from finding to fixing, and under what conditions, with what accountability — is already being asked in the rooms where these decisions are made.

That question deserves its own treatment. It will get one.

Coming — Part Two: From Finding to Fixing: The Case for Client-in-the-Loop

Fewer than one percent of what Mythos found has been patched. The vulnerability list is not a report — it is a race. Part Two examines what it would look like for Mythos to move beyond discovery, and why the liability question has a cleaner answer than anyone is currently admitting.

Aaron Rose is a software engineer and technology writer at tech-reader.blog

Catch up on the latest explainer videos, podcasts, and industry discussions below.


Popular posts from this blog

Insight: The Great Minimal OS Showdown—DietPi vs Raspberry Pi OS Lite

-
Image
Insight: The Great Minimal OS Showdown—DietPi vs Raspberry Pi OS Lite When you're building a headless server, IoT device, or lightweight project box, the last thing you want is bloatware eating your precious resources. Enter the world of minimal operating systems—where every megabyte matters and efficiency reigns supreme. Two contenders dominate this space: DietPi and Raspberry Pi OS Lite. Both promise lean, mean computing machines that boot straight to the command line. But scratch beneath the surface, and you'll find they take fundamentally different approaches to the "less is more" philosophy. The Minimalist's Dilemma Picture this: You've got a Raspberry Pi 3B+ sitting on your desk, destined to become a home media server. Do you go with the familiar comfort of Raspberry Pi OS Lite, or venture into DietPi's optimized territory? The choice isn't just about personal preference—it's about understanding what "minimal" means to each operatin...
Read more

Running AI Models on Raspberry Pi 5 (8GB RAM): What Works and What Doesn't

-
Image
  Running AI Models on Raspberry Pi 5 (8GB RAM): What Works and What Doesn't The Raspberry Pi 5, with its upgraded processing power and 8GB RAM option, brings new possibilities for running AI models at the edge. While it remains a low-power alternative to high-end GPUs, the improvements over previous models make it an intriguing choice for machine learning projects. However, not all AI models run smoothly on the Pi 5, and understanding its strengths and limitations is key to making the right deployment decisions. The Raspberry Pi 5 as an AI Workhorse? At first glance, the Raspberry Pi 5's quad-core Cortex-A76 processor, clocked at 2.4 GHz, seems like a step toward AI workloads. Paired with 8GB of LPDDR4X RAM, it offers a substantial improvement in memory bandwidth and processing efficiency compared to its predecessors. But raw specs only tell part of the story. AI models demand specialized hardware acceleration, and while the Pi 5 can handle some tasks, complex deep learning mo...
Read more

Raspberry Pi Connect vs. RealVNC: A Comprehensive Comparison

-
Image
Raspberry Pi Connect vs. RealVNC:  A  Comprehensive Comparison The Raspberry Pi has revolutionized the way we interact with computers, providing a low-cost, highly adaptable platform for countless applications. One critical aspect of using a Raspberry Pi, especially for remote management and control, is the ability to access it from another device. Historically, RealVNC has been the go-to solution for this purpose. However, the recent introduction of Raspberry Pi Connect offers an integrated alternative. This article will compare Raspberry Pi Connect and RealVNC, exploring their features, requirements, and practical applications. Introduction to Raspberry Pi Connect Raspberry Pi Connect is a new VNC service directly integrated into Raspberry Pi OS 12. Designed for simplicity and ease of use, Connect aims to provide a seamless remote desktop experience for Raspberry Pi users. Currently in beta, Raspberry Pi Connect is free to use and requires a Raspberry Pi 4, 400, or 5 running...
Read more