Anthropic just told the world that its most powerful AI model can hack better than nearly every human on the planet. And then it announced a plan to make sure that capability does not destroy everything it touches. On Monday, the company formally launched Project Glasswing, an industry consortium built around a deceptively simple idea: if your AI can find and exploit software vulnerabilities better than virtually any human attacker, maybe the smartest move is to put it to work finding those holes before the bad actors do.
The model at the center of this is Claude Mythos Preview, an unreleased frontier system that Anthropic describes as a general-purpose model with coding capabilities that “surpass all but the most skilled humans at finding and exploiting software vulnerabilities.” That is not marketing language. The model has already discovered thousands of high-severity flaws, including vulnerabilities in every major operating system and every major web browser. Let that sink in. Every one.
The Selective Proliferation Strategy
Anthropic’s approach to Mythos Preview is something the company calls “selective proliferation,” and it represents a genuinely new framework for deploying dangerous AI capabilities. The logic works like this: if a model can find zero-day vulnerabilities at superhuman speed, locking it in a vault does not make the world safer. It just means the defenders never get access while the offensive actors, state-sponsored hackers, ransomware gangs, and organized cybercrime operations, continue to find the same bugs through brute force and human ingenuity.
Instead of restricting Mythos entirely, Anthropic is channeling it through a controlled consortium of partners that includes Amazon, Apple, Google, Microsoft, and NVIDIA. These are not small players. They are the companies whose software runs on essentially every computer, phone, and server on earth. By giving them early, structured access to Mythos Preview’s vulnerability-finding capabilities, Anthropic is betting that the best defense against AI-powered hacking is AI-powered patching.
The company is backing the bet with real money: up to $100 million in usage credits for Mythos Preview across consortium members and $4 million in direct donations to open-source security organizations. That $100 million figure is significant. At Anthropic’s API pricing tiers, it buys an enormous amount of compute time, enough to run continuous vulnerability scanning across millions of lines of code.
Why This Matters Beyond Cybersecurity
Project Glasswing is not just a cybersecurity initiative. It is a proof of concept for how frontier AI capabilities might be deployed across every domain where the technology is simultaneously powerful and dangerous. The template Anthropic is building, identify a dual-use capability, restrict general access, create a vetted consortium of partners, and channel the capability toward defensive applications, could become the default governance model for AI systems that are too capable to release broadly but too valuable to lock away.
Think about what this looks like applied to other domains. An AI model that can design novel chemical compounds could be restricted to pharmaceutical companies through a similar consortium. A model that can generate sophisticated disinformation could be deployed exclusively for detection and attribution. The pattern is the same: controlled access, defensive purpose, consortium governance.
Whether this model actually works at scale is an open question. Consortium governance has a mixed track record in technology. Standards bodies move slowly. Corporate partners have competing interests. And the moment one consortium member uses the technology for something beyond its intended scope, the entire trust framework collapses.
The $350 Billion Company In The Room
Project Glasswing also arrives at a moment when Anthropic’s corporate trajectory is impossible to ignore. The company completed an employee tender offer this month at a $350 billion valuation, cementing its position as the most valuable private company in the world. It has surpassed $30 billion in annualized run-rate revenue. It raised $10 billion in its latest funding round, led by Coatue and Singapore’s GIC.
Those numbers put Anthropic in a very small club. At $350 billion, it is worth more than Intel, AMD, and Qualcomm combined. It is approaching the market capitalization of companies like Netflix and Salesforce. And it is still private, which means the valuation is based on projected growth, not public market scrutiny.
The Glasswing launch is partly a product announcement and partly a narrative play. Anthropic has built its brand on being the “safety-first” AI company, the responsible counterweight to OpenAI’s move-fast-and-ship ethos and Meta’s open-source-everything philosophy. Project Glasswing reinforces that brand by turning Anthropic’s most dangerous model into a defensive weapon. It says: we built something terrifying, and our first instinct was to use it to protect people.
The Cybersecurity Industry Fallout
UBS analysts have already flagged Glasswing as a potential catalyst for cybersecurity spending. If AI can find vulnerabilities faster and more comprehensively than human security researchers, the entire penetration testing and vulnerability management industry is about to be disrupted. Companies like CrowdStrike, Palo Alto Networks, and Fortinet have spent years building human-in-the-loop security operations. An AI model that can scan an entire codebase in hours and surface critical vulnerabilities that human teams might miss in months changes the economics of the entire sector.
The current geopolitical environment makes this even more urgent. State-sponsored cyber operations have escalated alongside the Iran conflict, with multiple reports of infrastructure-targeted attacks across the Middle East and allied nations. The demand for AI-powered defensive capabilities is not theoretical. It is immediate.
But disruption cuts both ways. If Anthropic’s model can find zero-days at superhuman speed, so can competing models from Chinese, Russian, or independent labs that do not share Anthropic’s commitment to defensive use. The cybersecurity arms race is already being fought with AI tools on both sides. Glasswing just raised the stakes considerably.
The Question Nobody Wants To Ask
Here is the uncomfortable truth at the center of Project Glasswing: Anthropic built a model that can break into virtually any software system on earth, and the company’s primary mitigation strategy is a voluntary industry consortium governed by a handful of tech giants. There is no regulatory mandate behind Glasswing. There is no government oversight body reviewing which vulnerabilities get patched and which get disclosed. There is no legal framework that prevents a consortium member from using Mythos Preview’s findings for competitive advantage rather than collective defense.
Anthropic is asking the world to trust that the most capable hacking tool ever built will only be used for good. That is a lot of trust to place in any institution, even one with Anthropic’s track record. And it raises a question that will define the next decade of AI governance: when a private company builds something this powerful, who gets to decide how it is used?
For now, the answer is Anthropic and its partners. Whether that answer is good enough depends entirely on whether you believe the people in the room are the right ones to be making that call. Given that the room includes the five companies that collectively control most of the world’s computing infrastructure, reasonable people can disagree.
What is not debatable is that the capability exists. The genie is out of the bottle. Project Glasswing is Anthropic’s attempt to make sure it grants wishes instead of curses. The next few years will tell us whether that bet pays off, or whether the world’s most valuable private company just showed every adversary on the planet exactly how powerful AI-driven hacking has become.
