Anthropic's Project Glasswing sounds necessary to me

April 7, 2026
aisecurityprivacylaw
A monochrome photograph of a hand opening a hotel room door with a luggage handle.
Photo by Chris F on Pexels

It has been reported that Anthropic did not release its newest model, Claude Mythos, to the public today. Instead, the company has allegedly made it available only to a very restricted set of preview partners under a program called Project Glasswing — a defensive, partner-focused rollout aimed at giving the software industry time to prepare. Is the caution a PR stunt? Maybe. But given the details being reported, it’s hard to shrug this off.

What Anthropic says — and what researchers are finding

It has been reported that Mythos Preview has already found thousands of high-severity vulnerabilities, allegedly including flaws in every major operating system and web browser. Anthropic and participating researchers say the model can chain together multiple, otherwise minor bugs into powerful exploits. Nicholas Carlini, appearing in Anthropic footage, reportedly described finding more bugs in weeks than in the rest of his life combined — and said the team used the model to scan core internet infrastructure code, turning up long-lived issues. OpenBSD’s 7.8 errata page, for example, lists a fix: TCP packets with invalid SACK options could crash the kernel — a tangible patch tied to this wave of research.

Why this matters now

Security professionals have noticed a shift: what used to be laughable “AI slop” has become competent, repeatable vulnerability research. It has been reported that many open source projects are now receiving a steady stream of AI-generated, but high-quality, security reports — a flood of useful, actionable findings rather than noise. Thomas Ptacek and other voices in the field have been ringing alarm bells; researchers say they’re spending hours a day triaging these results. That emotional beat — the move from novelty to real-world risk — is where the story lands. It feels immediate. It feels urgent.

If Anthropic’s move is more than theater, Project Glasswing could be a pragmatic pause: give vendors time to patch, reduce the window of exposure, and study how powerful models behave when tasked with offensive work. Or it could be the start of a new arms race between defenders and those who will use the same tools for harm. Either way, expect disclosure workflows, patch cycles, and policy debates to heat up fast.

Sources: simonwillison.net, Hacker News