What is Project Glasswing?

Project Glasswing is a collaborative initiative launched by Anthropic, involving major tech companies, aimed at securing critical software infrastructure using the capabilities of Claude Mythos Preview.

Why is Claude Mythos Preview not publicly released?

Due to its powerful capabilities and potential for misuse, Anthropic has restricted access to Claude Mythos Preview to select organizations to ensure responsible deployment.

Anthropic's Claude Mythos Preview: A Game-Changer in Cybersecurity

Discover how Anthropic's latest AI model is revolutionizing vulnerability detection and the collaborative efforts to secure critical software systems.

Published: April 14, 2026

Share this on:

Executive Summary

In April 2026, Anthropic unveiled its advanced AI model, Claude Mythos Preview, capable of autonomously identifying and exploiting thousands of zero-day vulnerabilities across major operating systems and web browsers. This unprecedented capability led to the launch of Project Glasswing, a collaborative initiative with tech giants like Amazon, Apple, and Microsoft, aiming to secure critical software infrastructure. Due to the model's potential for misuse, Anthropic restricted its access to select organizations, emphasizing the need for responsible deployment of such powerful AI tools. (anthropic.com)

The emergence of AI models like Claude Mythos Preview signifies a paradigm shift in cybersecurity, where AI can both uncover and exploit vulnerabilities at an unprecedented scale. This development underscores the urgency for the cybersecurity industry to adapt, emphasizing proactive defense strategies and collaborative efforts to mitigate potential threats posed by advanced AI capabilities. (red.anthropic.com)

Why This Matters Now

The rapid advancement of AI in cybersecurity, exemplified by Claude Mythos Preview, highlights the immediate need for robust defense mechanisms and ethical considerations to prevent potential misuse of such powerful tools.

Attack Path Analysis

An advanced AI model autonomously identified and exploited zero-day vulnerabilities in critical software, escalating privileges to gain full system control, moving laterally across systems, establishing command and control channels, exfiltrating sensitive data, and causing significant operational disruptions.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

High

Lateral Movement

High

Command & Control

High

Exfiltration

High

Impact

High

Initial Compromise

Description

The AI model autonomously identified and exploited zero-day vulnerabilities in critical software, gaining unauthorized access to systems.

Confidence:

High

MITRE ATT&CK® Techniques

Resource Development

T1588.007

Obtain Capabilities: Artificial Intelligence

Initial Access

T1566

Phishing

Execution

T1203

Exploitation for Client Execution

Defense Evasion

T1070

Indicator Removal on Host

Credential Access

T1003

Credential Dumping

Lateral Movement

T1570

Lateral Movement

Exfiltration

T1041

Exfiltration Over C2 Channel

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

PCI DSS 4.0 – Ensure all system components are protected from known vulnerabilities

Control ID: 6.2

The use of AI to identify and exploit vulnerabilities indicates a failure to maintain up-to-date protections against known threats.

NYDFS 23 NYCRR 500 – Cybersecurity Policy

Control ID: 500.03

The incident suggests inadequacies in the organization's cybersecurity policy to address emerging AI-driven threats.

DORA – ICT Risk Management Framework

Control ID: Article 5

The exploitation of vulnerabilities by AI tools highlights deficiencies in the organization's ICT risk management framework.

CISA ZTMM 2.0 – Identity and Access Management

Control ID: 3.1

The incident underscores the need for robust identity and access management to prevent unauthorized access facilitated by AI-driven attacks.

NIS2 Directive – Cybersecurity Risk Management Measures

Control ID: Article 21

The breach indicates a lack of effective cybersecurity risk management measures to counter AI-enhanced cyber threats.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Computer Software/Engineering

AI-enhanced vulnerability research threatens software development pipelines, requiring immediate zero-day preparation and enhanced code security practices across development lifecycles.

Computer/Network Security

Cybersecurity firms face paradigm shift as AI models democratize exploit development, demanding rapid adaptation of defensive strategies and vulnerability management approaches.

Financial Services

Banking systems face elevated risk from AI-generated exploits targeting encrypted traffic and lateral movement, requiring enhanced zero trust segmentation implementation.

Health Care / Life Sciences

Healthcare networks vulnerable to AI-powered attacks exploiting east-west traffic and data exfiltration paths, necessitating strengthened HIPAA compliance and microsegmentation controls.

Sources

On Anthropic’s Mythos Preview and Project Glasswinghttps://www.schneier.com/blog/archives/2026/04/on-anthropics-mythos-preview-and-project-glasswing.html
Verified

Anthropic's latest AI model identifies 'thousands of zero-day vulnerabilities' in 'every major operating system and every major web browser'https://www.tomshardware.com/tech-industry/artificial-intelligence/anthropics-latest-ai-model-identifies-thousands-of-zero-day-vulnerabilities-in-every-major-operating-system-and-every-major-web-browser-claude-mythos-preview-sparks-race-to-fix-critical-bugs-some-unpatched-for-decades

Verified

Anthropic holds Mythos model due to hacking riskshttps://www.axios.com/2026/04/07/anthropic-mythos-preview-cybersecurity-risks

Verified

Project Glasswinghttps://www.anthropic.com/project/glasswing

Verified

Frequently Asked Questions

Claude Mythos Preview is an advanced AI model developed by Anthropic, capable of autonomously identifying and exploiting zero-day vulnerabilities in major software systems.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is pertinent to this incident as it embeds security directly into the cloud fabric, potentially limiting the attacker's ability to exploit vulnerabilities, escalate privileges, and move laterally across systems.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The attacker's ability to exploit zero-day vulnerabilities may have been constrained, reducing the likelihood of unauthorized system access.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: The attacker's ability to escalate privileges could have been limited, reducing the scope of administrative control over systems.

Lateral Movement

Control: East-West Traffic Security

Mitigation: The attacker's lateral movement across the network may have been constrained, limiting the number of systems compromised.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: The establishment of command and control channels may have been restricted, reducing the attacker's ability to maintain persistent access.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: The exfiltration of sensitive data may have been limited, reducing the amount of data transferred to external locations.

Impact (Mitigations)

The operational disruptions caused by the attacker may have been mitigated, reducing the overall impact on system availability and integrity.

Impact at a Glance

Affected Business Functions

Software Development
Cybersecurity Operations
IT Infrastructure Management

Operational Disruption

Estimated downtime: N/A

Financial Impact

Estimated loss: N/A

Data Exposure

Potential exposure of sensitive software vulnerabilities across major operating systems and web browsers.

Recommended Actions

• Implement Zero Trust Segmentation to restrict lateral movement and limit the spread of potential breaches.
• Deploy Inline IPS (Suricata) to detect and prevent exploitation of known vulnerabilities in real-time.
• Utilize Multicloud Visibility & Control to monitor and manage security policies across diverse cloud environments.
• Enforce Egress Security & Policy Enforcement to control outbound traffic and prevent unauthorized data exfiltration.
• Establish Threat Detection & Anomaly Response mechanisms to identify and respond to suspicious activities promptly.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Anthropic's Claude Mythos Preview: A Game-Changer in Cybersecurity

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

MITRE ATT&CK® Techniques

Obtain Capabilities: Artificial Intelligence

Phishing

Exploitation for Client Execution

Indicator Removal on Host

Credential Dumping

Lateral Movement

Exfiltration Over C2 Channel

Potential Compliance Exposure

PCI DSS 4.0 – Ensure all system components are protected from known vulnerabilities

NYDFS 23 NYCRR 500 – Cybersecurity Policy

DORA – ICT Risk Management Framework

CISA ZTMM 2.0 – Identity and Access Management

NIS2 Directive – Cybersecurity Risk Management Measures

Sector Implications

Computer Software/Engineering

Computer/Network Security

Financial Services

Health Care / Life Sciences

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads