Anthropic has released a preview of its most powerful AI model to date, Claude Mythos, to a vetted group of technology companies. The initiative is called Project Glasswing.
Figure 1: Anthropic’s Claude AI interface as Mythos expands into cybersecurity applications [Courtesy: CNET]
The Claude Mythos cybersecurity impact has already prompted a serious response from enterprise security teams worldwide. IBM has described the development as a generational shift in what artificial intelligence can do inside critical software infrastructure.
IBM Executives Speak Directly to What Claude Mythos Changes
Dave McGinnis, Vice President of Global Managed Security Services at IBM, told IBM Think that the Claude Mythos cybersecurity impact represents something different from prior AI advances.
Figure 2: AI-powered cybersecurity systems detecting and analysing digital threats in real time [Courtesy: MVTech Group]
“This is a step change,” McGinnis said. “It is not like they created the bugs. The people who wrote that code did not know those things were there.”
Transparency Concerns Are Growing Alongside Capability Concerns
Kush Varshney, an IBM Fellow leading human-centred trustworthy AI research at the Thomas J. Watson Research Center, also weighed in. Varshney noted that Anthropic has not published a technical paper describing how Claude Mythos was built.
He said the industry-wide move away from transparency makes it harder to assess risk. However, Varshney also noted that Mythos has not yet crossed into territory that existing evaluation frameworks cannot handle.
Defenders Must Now Operate at Machine Speed
McGinnis argued that human-only defences are no longer sufficient at the pace at which AI-assisted attacks can move.
Other frontier AI laboratories, he said, are likely months away from comparable capability. The only meaningful question, in his view, is whether defenders can build fast enough to stay ahead. McGinnis acknowledged the logic behind the Anthropic Project Glasswing partners programme, even while warning that the window for defenders is narrow.
What Claude Mythos Has Already Found Across Global Systems
Anthropic’s own assessment found that Claude Mythos Preview had already identified thousands of zero-day vulnerabilities across every major operating system and web browser.
These are flaws that were previously unknown to software developers themselves, having survived decades of human review and automated security testing.
A 27-Year-Old Flaw in One of the World’s Most Secure Systems
Among the findings, AI zero day detection through Claude Mythos uncovered a 27-year-old vulnerability in OpenBSD, widely regarded as one of the most security-hardened operating systems available.
The flaw would have allowed an attacker to remotely crash any machine simply by connecting to it. In a separate case, the model autonomously chained together several Linux kernel vulnerabilities, allowing a simulated attacker to escalate from ordinary user access to full machine control.
Binary Code Analysis Opens Up Decades of Legacy Risk
Claude Mythos can analyse compiled binary code without access to original source code. This means legacy systems running on decades-old equipment, with source code long since lost, are no longer beyond the reach of an AI-assisted attacker.
McGinnis put it plainly. He described systems sitting in corners of organisations that nobody wants to touch because they are still working, with no source code and no clear path to patching any vulnerability that an AI model might find or exploit.
Anthropic Project Glasswing Partners and How the Programme Works
Anthropic launched Project Glasswing on 7 Apr 2026, providing Claude Mythos Preview access to 12 partner organisations for defensive security work.
The Anthropic Project Glasswing partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. A further 40 organisations responsible for critical software infrastructure have also been granted access.
Anthropic has committed up to US$100 million in usage credits for Claude Mythos Preview across the programme. The Company has separately committed US$2.5 million to the Open Source Security Foundation and an additional US$1.5 million to the Apache Software Foundation.
Figure 3: Anthropic CEO Dario Amodei speaking on AI development and cybersecurity risks [Courtesy: Bloomberg]
Anthropic CEO Dario Amodei wrote at the time of launch: “The dangers of getting this wrong are obvious, but if we get it right, there is a real opportunity to create a fundamentally more secure internet and world than we had before the advent of AI-powered cyber capabilities.”
The Open-Source Dimension IBM Says Cannot Be Ignored
Rob Thomas, Senior Vice President of Software and Chief Commercial Officer at IBM, argued that the Claude Mythos cybersecurity impact reveals something structural about the industry.
Thomas wrote on LinkedIn that once AI becomes critical infrastructure, closed development becomes harder to defend. He argued that security improves more reliably through scrutiny than through concealment, and that the open-source model is the clearest precedent for managing that.
Open-source projects are typically maintained by small teams with limited security resources. The AI zero day detection capabilities demonstrated by Mythos have placed the scale of that exposure in sharper relief.
Industry Outlook
The global cybersecurity sector is entering a phase where AI-assisted attack and defence capabilities are developing faster than regulatory frameworks can respond.
A 2026 Global Threat Report from CrowdStrike found an 89% increase year-on-year in attacks by adversaries using AI. The EU AI Act’s next compliance phase, taking effect 2 Aug 2026, introduces mandatory cybersecurity requirements for AI systems classified as high-risk, with penalties of up to 3% of global revenue.
Future Direction and Impact on Enterprise Security Teams
The Claude Mythos cybersecurity impact is unlikely to remain contained to the Anthropic Project Glasswing partners for long. Other frontier AI laboratories are reportedly months away from comparable capabilities.
Anthropic has indicated it does not plan to make Claude Mythos Preview generally available at this stage. The Company’s stated goal is to develop new cybersecurity safeguards with an upcoming Claude Opus model before enabling broader Mythos-class deployments.
For IBM and the broader enterprise security community, the AI zero day detection capabilities already demonstrated mean that the calculus around legacy systems, open-source exposure, and human-only security operations has changed materially and immediately.
Frequently Asked Questions
Q1. What is Claude Mythos and why is it not publicly available?
Ans. Claude Mythos is Anthropic’s most capable AI model to date. It has demonstrated powerful AI zero day detection capabilities, and Anthropic has restricted its release due to the risk of misuse.
Q2. Who are the Anthropic Project Glasswing partners?
Ans. The 12 founding partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks.
Q3. What did IBM say about the Claude Mythos cybersecurity impact?
Ans. IBM’s Dave McGinnis called it a step change, warning that defences must now operate at machine speed. IBM Fellow Kush Varshney separately flagged the lack of transparency around how the model was built.
Q4. What is vulnerability chaining and why does Mythos make it more dangerous?
Ans. Vulnerability chaining connects smaller software flaws into a larger attack path. Claude Mythos can identify and execute this process autonomously, including across compiled code without original source files.
Q5. What is AI zero day detection?
Ans. It refers to AI identifying software vulnerabilities previously unknown to developers. Claude Mythos has already found thousands of such flaws, including a 27-year-old vulnerability in OpenBSD.
ALSO READ: Resolution Minerals Unveils Significant Scale Potential at Antimony Ridge with Advanced 3D Modelling
Disclaimer
This article is intended for informational purposes only and does not constitute financial or investment advice. All content is based on reporting published by IBM Think, Fortune, TechCrunch, CNBC, VentureBeat, and Anthropic’s official blog between 7 Apr 2026 and 10 Apr 2026. Colitco does not hold any position in the companies or organisations mentioned.
Sources
https://www.anthropic.com/glasswing
https://fortune.com/2026/04/07/anthropic-claude-mythos-model-project-glasswing-cybersecurity/
https://techcrunch.com/2026/04/07/anthropic-mythos-ai-model-preview-security/
https://www.cnbc.com/2026/04/07/anthropic-claude-mythos-ai-hackers-cyberattacks.html
