Anthropic says frontier AI has crossed a cyber threshold, and it is trying to get defenders there first

Anthropic’s Project Glasswing announcement is one of the most consequential AI-security stories in the last day because it is not merely another benchmark claim. It is a statement that frontier models have become genuinely dangerous and strategically important in cybersecurity, to the point that a major model developer is standing up a large defensive coalition before these capabilities spread more widely.

On April 16, Anthropic announced Project Glasswing, a new initiative that brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and dozens of additional organizations that maintain critical software infrastructure. The goal is straightforward: use a powerful unreleased model called Claude Mythos Preview to identify and fix vulnerabilities before attackers can exploit the same class of capability.

The most striking part of the announcement is the bluntness of Anthropic’s claim. The company says AI coding capability has advanced to the point where top models can outperform nearly everyone except the best human experts at finding and exploiting software flaws.

“AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.”

That is a serious statement, and Anthropic backs it with unusually concrete examples.

What Anthropic says Mythos already found

According to the announcement, Claude Mythos Preview has already discovered “thousands of high-severity vulnerabilities, including some in every major operating system and web browser.” Anthropic also says the model has found zero-day flaws that had survived years or even decades of human review and automated testing.

The company gives three especially vivid examples:

• OpenBSD: Mythos found a 27-year-old vulnerability in an operating system famous for being security-hardened.
• FFmpeg: it discovered a 16-year-old flaw in code that automated testing had exercised millions of times without catching the bug.
• Linux kernel: the model reportedly chained together multiple vulnerabilities to escalate from ordinary user access to full machine control.

Anthropic says these issues were reported and patched, and that more details on some vulnerabilities will be disclosed after fixes are in place. It also says Mythos could identify nearly all of the highlighted vulnerabilities and produce many related exploits “entirely autonomously, without any human steering.” If accurate, that is one of the clearest public signals yet that top-tier models are becoming first-class actors in offensive and defensive security work.

The coalition is the story too

Project Glasswing is notable not just for the model claims but for the roster around it. Anthropic is not treating this as an internal product launch. It is trying to create a preemptive defense network around a capability that it expects to proliferate.

The company says it is committing up to $100 million in usage credits for Mythos Preview and $4 million in direct donations to open-source security organizations. More than 40 additional organizations that build or maintain critical software infrastructure are also getting access to scan both first-party and open-source systems.

The framing is explicitly urgent:

“Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes.”

That urgency comes from Anthropic’s view that these capabilities will not remain concentrated for long. Once multiple frontier labs, states, contractors, and criminal groups can automate vulnerability discovery and exploit generation at scale, the economics of cyber offense could shift very quickly.

Anthropic is describing a compressed future

The company’s broader argument is that software has always contained dangerous bugs, but finding and exploiting them used to require scarce human expertise. Frontier models change that. Anthropic writes that “the cost, effort, and level of expertise required to find and exploit software vulnerabilities have all dropped dramatically.” That is the core strategic concern: not just that AI can find bugs, but that it can do so cheaply, continuously, and at machine scale.

Anthropic also puts a hard edge on the geopolitical implications. It warns that AI-augmented cyberattacks could become “much more frequent and destructive” and could empower adversaries of the United States and its allies. That framing places Glasswing closer to national security infrastructure than a conventional model launch.

Supporting evidence from partners

One reason the announcement has weight is that Anthropic includes corroborating statements from major industry partners already testing Mythos Preview. Cisco, AWS, Microsoft, and others all describe the model as evidence that cyber defense is entering a new phase.

Cisco’s Jeetu Patel put it starkly:

“AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back.”

Microsoft’s follow-on writeup reinforces the same point. In a separate post, the Microsoft Security Response Center said it had evaluated an early snapshot of Claude Mythos Preview on its CTI-REALM benchmark and saw “substantial improvements relative to prior models.” Microsoft also said AI can now discover “more issues, more quickly, across a broader surface area than previous methods,” and that modern systems are approaching experienced human security researchers in vulnerability discovery.

That kind of cross-vendor validation matters. It does not prove every number in Anthropic’s post, but it makes the overall trajectory much harder to dismiss as marketing hype.

The benchmark number is eye-catching, but the autonomy is more important

Anthropic cites a Cybersecurity Vulnerability Reproduction benchmark where Mythos Preview scores 83.1%, versus 66.6% for Claude Opus 4.6. That is a meaningful jump, but the more consequential claim is qualitative: that the model can identify vulnerabilities and develop exploits with little or no human steering.

Autonomy changes operational reality. A model that needs expert prompting is powerful. A model that can independently inspect codebases, form hypotheses, test exploit paths, and produce credible findings at scale is something else entirely. That is why Anthropic’s announcement reads more like a preparedness move than a normal product story.

Why open source is in the blast radius

Another important aspect of the announcement is its focus on open-source infrastructure. Many of the world’s most critical systems depend on software maintained by relatively small teams with limited security capacity. If frontier models can discover deep flaws in ubiquitous components faster than maintainers can patch them, open source becomes a major asymmetry point.

Anthropic’s $4 million donation figure is modest relative to the scale of the problem, but it acknowledges the real issue: if AI dramatically raises the rate of vulnerability discovery, defensive capacity has to scale too, especially in the parts of the software ecosystem with the least slack.

The paradox at the center of the story

The Glasswing announcement captures the core paradox of frontier AI in cyber. The same capabilities that make a model dangerous are the ones defenders most need. Anthropic says there is “reason for optimism” because the tools that enable attacks can also help produce more secure software and find flaws earlier.

That is true, but it is not guaranteed that defense wins by default. Attackers often need one workable exploit. Defenders need broad coverage, fast remediation, and coordination across vendors, maintainers, infrastructure operators, and governments. Project Glasswing is effectively an admission that winning that race will require organized collaboration, not just better models.

Bottom line

Anthropic’s announcement matters because it moves the conversation about AI and cybersecurity from abstract warnings to operational claims. A major model lab is saying, in public, that its unreleased frontier system can find serious vulnerabilities at a level near elite human expertise, that it has already done so across major software targets, and that the safest response is to mobilize an industry-wide defensive coalition immediately.

If those claims hold up, Project Glasswing could be remembered as one of the first serious attempts to build a defensive moat around frontier cyber capability before the offensive side becomes cheaper, faster, and much harder to contain.