Anthropic won’t ship its most capable coding model. It gave the keys to 12 infrastructure giants instead.
Anthropic announced Project Glasswing today, a 12-company consortium to arm maintainers of critical open-source software with a frontier Claude model capable of autonomously finding and patching zero-day vulnerabilities. The model driving it, Claude Mythos Preview, is not being released to the public. The coalition reads like a who’s-who of infrastructure providers that would normally be competing: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks all signed on.
The triggering event, per Anthropic, is that Mythos Preview has gotten too good at offense. On CyberGym, it scored 83.1%, up from Opus 4.6’s 66.6%. In internal evaluations the model autonomously uncovered a 27-year-old vulnerability in OpenBSD and a 16-year-old flaw in FFmpeg that automated fuzzers had hit roughly five million times without catching. It also chained kernel-level bugs in Linux into a working privilege-escalation exploit, with no human steering.
Project Glasswing grants access to Mythos Preview to the 12 consortium partners plus 40+ organizations maintaining critical open-source infrastructure. Anthropic is contributing $100 million in model-usage credits and $4 million in cash donations to open-source security groups. Partners deploy it on their own codebases and the open-source components they depend on.
“By giving the maintainers of these critical open source codebases access to a new generation of AI models that can proactively identify and fix vulnerabilities at scale, Project Glasswing offers a credible path to changing that equation.”
– Jim Zemlin, CEO, Linux Foundation
The defensive mandate is specific: Mythos Preview points at the software supply chain, the libraries, protocols, and operating-system components that power everything else. The research-preview price is $25 per million input tokens, $125 per million output tokens after free credits, roughly 3× Opus 4.6’s rate. That price is Anthropic’s way of saying this is not a general-availability product even for the partners that have it.
Why We’re Watching
Anthropic is publicly declaring that a model it has built is too dangerous to ship without mitigations, and is still making it useful by gating access to vetted defenders. Until now, frontier labs have chosen between releasing broadly with guardrails (GPT-4, Claude Opus 4.6) or keeping a capability internal indefinitely. Glasswing is a third option: selective deployment to a named coalition under a charter. The pattern will repeat, biosecurity, financial-market manipulation, any domain where a capable agent tips an offense-defense balance. Whether you agree Mythos Preview sits on the wrong side of that tip is a separate question, what’s new is that the company is saying so publicly and building a deployment model around it. For the African security ecosystem, which already runs disproportionately on volunteer-maintained open source and rarely has enterprise security budgets, defenders getting frontier access early actually helps, provided the coalition extends past the current Western-enterprise roster. It hasn’t yet.
The competitor race is now about whether OpenAI, Google DeepMind, or Meta have something comparable internally that they’re choosing not to release. If yes, expect an equivalent announcement within two quarters. If no, this is the moment Anthropic pulled decisively ahead on agentic coding and everyone else has to explain why.
Watch the first six months for measurable wins: fixes merged into the Linux kernel, OpenBSD, FFmpeg, or the other named targets. If the coalition produces only announcements, Glasswing becomes a cautionary tale about hype cycles. Watch the guardrail design on the general-release Opus successor, Anthropic has said offensive capability will be throttled, how and whether those guardrails survive jailbreaks is the real technical disclosure. And watch who else signs on, CNCF, Apache, European CERTs, Chinese and Indian OSS foundations. The current 12 are Western enterprise. A coalition that stays Western enterprise is a marketing posture. A coalition that goes global is a norm.