Anthropic's Project Glasswing Expands: Claude Mythos AI Model Uncovers 10,000+ Critical Vulnerabilities

The rationale is straightforward. Anthropic has estimated that a successful cyberattack on one of these critical infrastructure groups could trigger substantial systemic risk. By placing its most powerful security tool directly in the hands of the organizations that run essential services, the company is betting that proactive defense at scale can outpace malicious actors .

Specific names from the new wave illustrate the global reach and strategic depth of the program. BeyondTrust, a leader in privilege-centric identity security, joined on June 8, 2026. Its codebase is deeply embedded within governments and essential services, and access to Mythos Preview will be used to accelerate vulnerability discovery and remediation across its entire product portfolio .

A few days earlier, on June 5, Hitachi announced its participation. The Japanese industrial giant will apply Mythos Preview to its social infrastructure software, the digital foundation underpinning energy grids, transportation networks, and urban infrastructure systems .

These partners join an existing roster that includes Amazon Web Services, Apple, CrowdStrike, Google, Microsoft, NVIDIA, and U.S. government agencies, creating a cross-industry defense coalition with few historical precedents .

A model that breaks the rules of cybersecurity

The strategic urgency behind Project Glasswing is a direct response to the startling capabilities of Claude Mythos Preview, an unreleased frontier model that Anthropic’s own documentation describes as “strikingly capable at computer security tasks” . The model is not merely an assistant. It operates as an autonomous vulnerability researcher and exploit developer.

During internal testing, Anthropic confirmed that Mythos Preview could identify and then autonomously construct working exploits for zero-day vulnerabilities in every major operating system and every major web browser when directed by a user . The scale of its output dwarfs previous benchmarks. In a comparative test against Firefox 147, Mythos Preview generated 181 working JavaScript shell exploits. By contrast, the previous leading model, Claude Opus 4.6, produced two .

By late May 2026, Project Glasswing partners had used the model to identify more than 10,000 high- or critical-severity security flaws . A single early run at Cloudflare surfaced roughly 400 critical-severity bugs, while Mozilla used findings to patch 271 vulnerabilities in Firefox 150 . Across more than 1,000 open-source projects, the model flagged 23,019 issues, with professional security contractors verifying the severity rating for 89% of a manually reviewed sample .

Unearthing decades-old