Anthropic Launches $100M Glasswing Initiative — Restricted Claude Mythos Model Already Found Two Decade-Old Zero-Days
Anthropic announced Project Glasswing — a $100M AI cybersecurity initiative deploying its restricted Claude Mythos model to find zero-day vulnerabilities. Mythos has already discovered a 27-year-old OpenBSD TCP bug and a 16-year-old FreeBSD RCE flaw. A follow-up paper from UC Berkeley's AISLE lab found that eight smaller open-source models independently reproduced the same findings for $0.11/million tokens.
Original sourceAnthropic has launched Project Glasswing, a $100M initiative using a new restricted AI model called Claude Mythos to proactively find zero-day vulnerabilities across major operating systems and browsers. The initiative has already produced two landmark discoveries: a 27-year-old TCP SACK handling bug in OpenBSD and a 16-year-old remote code execution vulnerability in FreeBSD's packet processing stack. Neither was previously known.
Partners in the Glasswing program include AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan, Microsoft, and NVIDIA. Unlike Anthropic's commercial Claude models, Mythos is not publicly available — the company is treating it as a restricted-access research tool, citing dual-use concerns. Bug reports discovered by Mythos are being responsibly disclosed to vendors before public announcement.
The story took a sharp turn hours after the announcement when UC Berkeley's AI Safety and Liability Engineering (AISLE) lab published a counter-paper. Researchers there ran 8 different models — including a 3.6B parameter model costing $0.11 per million tokens — against the same vulnerability classes Mythos identified, and independently replicated all of the flagship findings. Their conclusion: "The moat is the system, not the model. Glasswing's discoveries are a function of autonomous evaluation harnesses and CVE datasets, not Claude Mythos specifically."
The Hacker News thread generated 430 points and became the day's top story. The debate split sharply: some commenters argued Anthropic is building a competitive moat by restricting a capability that smaller open-source systems can already reproduce; others defended the cautious approach, noting that even if discoveries can be replicated, having a well-resourced team with responsible disclosure pipelines is genuinely valuable. A third camp focused on the AISLE finding itself: if 8B-class models can find decade-old zero-days autonomously, the security industry's vulnerability discovery economics are about to fundamentally change.
The Glasswing announcement also reignited the debate about whether frontier AI labs should be building offensive cybersecurity capabilities at all. Anthropic's position — that proactive vulnerability discovery serves a defensive purpose — is likely to face scrutiny from regulators watching the space closely in 2026.
Panel Takes
The Builder
Developer Perspective
“The AISLE finding is the more important story here. If a 3.6B model can autonomously find 27-year-old zero-days for $0.11/million tokens, every security team on the planet needs to start running these harnesses yesterday. The Mythos restriction debate is a sideshow.”
The Skeptic
Reality Check
“Responsible disclosure only works if you have the organizational reach to actually reach every affected vendor before going public. A $100M initiative with Apple, Cisco, and Microsoft as partners is the minimum viable structure for this. 'Anyone can do it' doesn't mean 'anyone should'.”
The Futurist
Big Picture
“We are entering the era where AI routinely finds vulnerabilities faster than humans can patch them. Glasswing is the first institutionalized attempt to make this a defensive asset rather than an offensive liability. The industry has maybe 18 months before adversarial actors are running the same harnesses.”