Anthropic has withheld Claude Mythos from public release and instead deployed it through Project Glasswing with the Linux Foundation and nearly 40 partners to identify and remediate critical open-source vulnerabilities before attackers can weaponise similar AI capabilities.
Anthropic has moved to secure critical open-source infrastructure by withholding public access to its latest AI model, Claude Mythos, and instead placing it in the hands of cybersecurity specialists, open-source engineers, and Linux Foundation participants through Project Glasswing.
The initiative, launched with partners including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, Microsoft, NVIDIA, Palo Alto Networks, and the Linux Foundation, brings together around 40 organisations to harden common software dependencies and critical digital infrastructure against emerging AI-driven cyber threats.
At the core of the move is Mythos’s ability to uncover software flaws at unprecedented scale. The model has already exposed thousands of previously unknown vulnerabilities across common applications, operating systems, browsers, and critical open-source software layers, including weaknesses that had reportedly remained hidden for as long as 27 years.
Anthropic said the controlled-access approach is intended to “arm” defenders ahead of malicious actors, reflecting growing concerns that advanced coding models can now both identify and exploit vulnerabilities faster than conventional security workflows can respond.
The open-source maintenance angle is particularly striking. In one cited case, Mythos identified a subtle flaw in video software that had been tested more than five million times without detection, highlighting how AI is beginning to outpace human-led software assurance processes.
Anthropic is committing about $100m in compute resources to the Glasswing effort, underscoring the scale of its AI-driven remediation push. The company has also discussed Mythos with the US government, adding a secondary layer of frontier model governance, cyber policy, and critical infrastructure regulation to the story.
