Anthropic dropped its first official update on Project Glasswing, y’know, the restricted elite cybersecurity program it launched back in April, whose ultimate mission was to use advanced AI to hunt down and stop AI-powered cyberattacks.
We know, it’s giving major "set a thief to catch a thief" energy.
But the secret weapon doing the heavy lifting is an unreleased, locked-away frontier model called Claude Mythos Preview. And oh my word, the receipts are already stacking up. In just its first month of deployment, Mythos helped a small circle of tech giants discover more than 10,000 high- or critical-severity vulnerabilities across the world's most systemically important software.
Okay lets rewind a bit. Anthropic is currently keeping Claude Mythos Preview locked tightly in a digital vault, but they let their high-profile partners play with it for defensive security. The results are frankly terrifying when you realize how much broken code we rely on every single day.
Just look at how the early data shakes out from its first month in the wild:
Cloudflare found 2,000 bugs right out of the gate, with 400 of them rated high or critical severity.
Mozilla used Mythos to find and patch 271 Firefox vulnerabilities. That is ten times more than they caught when they tested with their older Claude models.
Microsoft: Remember their recent wave of unusually massive monthly patch releases? Yep; those were directly linked to Mythos sniffing out flaws in their ecosystem.
Anthropic even turned the model loose on 1,000 open-source projects and flagged a jaw-dropping 6,202 high-severity vulnerabilities out of 23,019 total candidates. One notable find was a critical flaw in the wolfSSL cryptography library; Mythos didn't just find it, it actually engineered a functional exploit that could let an attacker forge security certificates invisibly.
We’re talking about an unbelievable amount of digital landmines quietly buried in software humanity uses daily. According to Anthropic, progress on software security is no longer limited by how fast we can find bugs; it is limited by how fast human engineers can physically verify and patch them.
Here’s where the gossip gets genuinely juicy. According to a fascinating report by Testing Catalog, references to a model explicitly named "claude-mythos-1-preview" have been spotted hiding inside Anthropic's own web source code and its internal Claude Security interface.
The digital breadcrumbs don't stop there. Traces of the model have apparently surfaced on Google Cloud and AWS, and a few eagle-eyed users reportedly caught a brief, glitchy glimpse of "Mythos 1" selectable inside the standard Claude UI.
But wait, there is more. The same report leaks that Anthropic is actively building a revamped, enterprise-grade Claude Security dashboard. The mockups show features that display discovered vulnerabilities, seven-day and thirty-day historical charts, and deep triage breakdowns.
Let's be real: that is not the kind of heavy infrastructure you build for an AI model you plan to keep locked in a basement forever.
So why is Mythos still technically gated?
Anthropic has been incredibly transparent about the danger. No company; including itself; has successfully built safeguards strong enough to stop a model with this level of autonomous hacking capability from being horribly misused by bad actors.
However, they have confirmed they fully plan to release Mythos-class models to the public the exact second those safety guardrails exist. And with its name actively leaking into cloud infrastructure and user dashboards? That fateful day might be arriving a lot sooner than anyone in Silicon Valley officially admits.
The current star-studded roster of Project Glasswing partners includes Amazon Web Services, Apple, CrowdStrike, Google, JPMorganChase, NVIDIA, and Palo Alto Networks, alongside a growing mix of US and international government intelligence agencies.
Oh, and One More Thing: While saving the literal internet from destruction, Anthropic is also casually preparing to print money. The company is officially on track to post its first-ever profitable quarter in history.
For the quarter ending in June, internal investor leaks project a staggering $10.9 billion in revenue with an operating profit of $559 million. To put that in perspective, that more than doubles their revenue from the first three months of the year. Talk about a massive, high-margin glow-up!
So the question is: Would you trust an unreleased, hyper-powerful AI model to autonomously scan your personal or company code, or does the thought of a model that knows how to build its own exploits give you the absolute creeps?
We’ll be diving deeper into this on our YouTube channel later today, so don't miss it!
