Claude Mythos Found Thousands of Zero-Days in Major OS and Browsers
Anthropic unveiled Project Glasswing. The cybersecurity-focused Claude Mythos automatically discovered thousands of zero-day vulnerabilities in major operating systems and browsers. Access is currently limited to select security researchers, setting a new standard for AI-powered vulnerability detection.
April 2026 · AI News
Anthropic declared it would use AI to find zero-days — security vulnerabilities unknown even to developers. The project is called Glasswing. The model used is Claude Mythos Preview, the most powerful model Anthropic has ever built.
The results are staggering. Thousands of zero-day vulnerabilities were found across every major operating system and every major browser. A 17-year-old FreeBSD remote code execution vulnerability was discovered and exploited fully autonomously — no human involvement at all.
This model will not be released to the public. The reason: it's too dangerous. It is provided only to 11 partner organizations including Amazon, Apple, Google, and Microsoft. This is the moment AI security changed.
Quick Summary
• Anthropic announced Project Glasswing — an AI-powered vulnerability discovery project
• Claude Mythos Preview found thousands of zero-days across all major OS and browsers
• A 17-year-old FreeBSD RCE (CVE-2026-4747) was autonomously discovered and exploited
• Partners: Amazon, Apple, Google, Microsoft, Nvidia, and 6 more organizations
• No public release — Anthropic committing $100M in credits + $4M in donations
- What Is Project Glasswing
- Claude Mythos Preview — Anthropic's Most Powerful Model
- Zero-Days Found — Including a 17-Year-Old Bug
- 11 Partner Organizations — Big Tech All In
- Why It Won't Be Released — The Glasswing Paradox
- $100M in Credits and Open Source Security
- Compared to Existing AI Security Tools
- Impact on the Security Industry
- FAQ
- Takeaway
1. What Is Project Glasswing
Glasswing is an AI security project Anthropic announced on April 7, 2026. The goal is to use AI models to find software security vulnerabilities and defend against them before patches exist.
The tagline is "securing critical software for the AI era." This isn't simple scanning. The AI reads code, identifies vulnerabilities, and builds working exploits to prove the severity. Bugs that humans missed for decades were found by AI in weeks.
Eleven organizations are participating: Amazon, Apple, Google, Microsoft, Nvidia, Broadcom, Cisco, CrowdStrike, Palo Alto Networks, JPMorgan Chase, and the Linux Foundation. Nearly every major player in security is on board.
2. Claude Mythos Preview — Anthropic's Most Powerful Model
The core of Glasswing is Claude Mythos Preview. Anthropic introduced it as "by far the most powerful AI model we have ever developed." It's an entirely new model class sitting above the existing Opus 4.6.
Mythos is a fine-tuned model specialized in vulnerability analysis and exploit comprehension. It handles security queries in a research context that general Claude would refuse. In Anthropic's words, it "can surpass all but the most skilled humans at finding and exploiting software vulnerabilities."
A security vulnerability unknown even to the software's developers. "Zero-day" means the developer has had zero days to fix it since becoming aware. It's the most dangerous type because attackers can exploit it before any patch exists.
The model will not be publicly released. It's available only as a Gated Research Preview on Amazon Bedrock, restricted to partners and about 40 approved organizations. Anthropic's position: "too powerful to release publicly."
3. Zero-Days Found — Including a 17-Year-Old Bug
The results are remarkable. Thousands of zero-day vulnerabilities were found across every major operating system (Windows, macOS, Linux, FreeBSD, OpenBSD) and every major browser. Many are rated critical.
The most striking example is CVE-2026-4747. A 17-year-old remote code execution vulnerability in FreeBSD's NFS service. Anyone on the internet could gain full control of the server without authentication. Mythos found it and built a working exploit — fully autonomously. Zero human involvement.
Other notable findings include a 27-year-old bug in OpenBSD, a 16-year-old flaw in FFmpeg, and a memory corruption vulnerability in a memory-safe virtual machine monitor. Bugs that survived decades of human code review were caught by AI in weeks.
• CVE-2026-4747 — FreeBSD NFS, 17-year-old RCE, autonomous discovery + exploit
• OpenBSD — 27-year-old vulnerability
• FFmpeg — 16-year-old flaw
• Memory-safe VM monitor — memory corruption vulnerability
• + thousands more across all major OS and browsers
4. 11 Partner Organizations — Big Tech All In
| Organization | Role |
|---|---|
| Amazon (AWS) | Hosts Mythos Preview on Bedrock |
| Apple | macOS and iOS vulnerability analysis |
| Chrome and Android security research | |
| Microsoft | Windows and Edge vulnerability analysis |
| Nvidia | GPU driver and CUDA security |
| Broadcom / Cisco | Network equipment and firmware |
| CrowdStrike / Palo Alto | Security solution integration |
| JPMorgan Chase | Financial infrastructure security |
| Linux Foundation | Open source software security |
Partners use Mythos exclusively to find vulnerabilities in their own software or open-source projects they maintain. All findings go through coordinated disclosure. Anthropic retains oversight of how the model is deployed.
5. Why It Won't Be Released — The Glasswing Paradox
"The thing that can break everything is also the thing that fixes everything" — Picus Security called this the Glasswing Paradox. Used for defense, this model strengthens security. Used for attack, it's catastrophic.
Anthropic chose restricted release. No model weights, no public API. Only partners and approved organizations get access. VentureBeat described it as "a model deemed too dangerous to release publicly."
The counterargument is that attackers could develop similar AI capabilities. Anthropic's logic: "defenders using it first is the least-bad option." There is no perfect answer. But doing nothing is worse.
6. $100M in Credits and Open Source Security
Anthropic is committing up to $100 million in usage credits to Glasswing. This means Anthropic covers the cost of partners using Mythos.
An additional $4 million in direct donations goes to open-source security organizations. The funds will be used to strengthen security of critical open-source projects like the Linux kernel, Apache, and OpenSSL.
Open source is the foundation of internet infrastructure. Over 90% of servers run on the Linux kernel. A zero-day here affects a massive blast radius. That's why Glasswing prioritizes open-source security.
7. Compared to Existing AI Security Tools
| Project | Organization | Key Difference |
|---|---|---|
| Project Glasswing | Anthropic | Dedicated model for autonomous zero-day discovery + exploit |
| Project Zero | Human-led research, AI-assisted | |
| Security Copilot | Microsoft | SOC analyst support tool, detection and response focused |
The difference is autonomy. Google Project Zero has human researchers driving the work with AI assisting. Microsoft Security Copilot helps SOC analysts. Glasswing's Mythos autonomously finds vulnerabilities and builds exploits. The level of AI autonomy is fundamentally different.
8. Impact on the Security Industry
AI finding zero-days is no longer experimental — it's real. Thousands have been found, and patches are in progress. The speed of security research has fundamentally changed.
For software companies, patch cycles must accelerate. If AI finds zero-days at this speed, attackers' AI will too. The cost of delaying patches just got much higher.
For security researchers, the toolset has shifted. The transition from manual code review to AI-assisted analysis is accelerating. Even without Mythos-level access, similar approaches using open-source models will follow.
9. FAQ
Q. Can anyone use Claude Mythos Preview?
No. Anthropic provides it only to partners and about 40 approved organizations. It's available as a Gated Research Preview on Amazon Bedrock. There are no public release plans.
Q. Have the discovered zero-days already been exploited?
Anthropic privately reported findings to affected vendors immediately. No public disclosure was made before patches were issued. All findings follow coordinated disclosure.
Q. Isn't it dangerous for AI to find zero-days?
Attackers can use the same level of AI — that's the dilemma. Anthropic started the project on the logic that defenders need to know first. There is no perfect answer. Defenders using it first is the least-bad option.
Q. Which organizations are part of Project Glasswing?
Amazon, Apple, Google, Microsoft, Nvidia, Broadcom, Cisco, CrowdStrike, Palo Alto Networks, JPMorgan Chase, and the Linux Foundation. Nearly every major player in security.
Q. How is Mythos different from Claude Opus 4.6?
Mythos is a fine-tuned model specialized in vulnerability analysis and exploit comprehension. It handles security queries in a research context that general Claude would refuse. It's a new model class above Opus.
10. Takeaway
AI finding zero-days is no longer experimental. Thousands have been discovered, and patching is underway. The speed of security research has fundamentally changed.
The bigger question is next. Whose hands will Glasswing-level technology end up in? Defenders using it first versus attackers using it first — that gap determines the future security landscape. Delaying patches is now far more dangerous than it used to be.
• Anthropic — Project Glasswing
• The Hacker News — Claude Mythos Finds Thousands of Zero-Day Flaws
• VentureBeat — Anthropic's Most Powerful AI Cyber Model
• CyberScoop — Project Glasswing Coverage
GoCodeLab Blog
AI news and developer automation stories every week
Figures and details in this article are based on Anthropic's official announcement. Post-announcement updates may not be reflected.
Last updated: April 2026