Claude Mythos Autonomously Finds 27-Year-Old Bugs: Inside Anthropic's Project Glasswing

Anthropic launched Project Glasswing in early May, giving a select group of partners access to Claude Mythos Preview, an unreleased frontier model the company describes as its most capable to date on cybersecurity tasks. The goal: find and patch the world’s most critical software vulnerabilities before models with similar capabilities reach the open market.

The results were alarming.

What Claude Mythos Preview Found

Over a few weeks, Claude Mythos Preview autonomously swept through every major operating system and browser, surfacing thousands of high-severity vulnerabilities. The most striking examples:

A 27-year-old remotely exploitable flaw buried in OpenBSD’s SACK implementation, undetected by any automated tooling. A 16-year-old H.264 decoder bug in FFmpeg that survived extensive fuzzing campaigns. And CVE-2026-4747, a remote code execution vulnerability in FreeBSD’s NFS server that allows unauthenticated users to gain root access.

The model didn’t stop at identification. In multiple cases it wrote working exploits, including a four-vulnerability browser attack chain and a complete kernel privilege escalation sequence. On the CyberGym benchmark for vulnerability reproduction, Mythos Preview scored 83.1%, compared to Opus 4.6’s 66.6%.

Who Has Access

Project Glasswing launched with 12 founding partners: Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. More than 40 additional organizations, focused primarily on critical open-source infrastructure maintenance, have since received access.

Anthropic committed $100 million in model usage credits to support Glasswing, with an additional $2.5 million to Alpha-Omega and the Open Source Security Foundation, and $1.5 million to the Apache Software Foundation.

Mythos Preview will not be publicly released. Anthropic’s position on this has been consistent since day one.

The Day-One Unauthorized Access

On April 7, the day Project Glasswing launched, a private Discord group accessed Claude Mythos Preview without authorization through a third-party vendor environment.

According to Bloomberg, the group combined credentials from a contractor who evaluates Anthropic models with account information leaked in a data breach at Mercor, an AI recruiting startup. They then used knowledge of Anthropic’s URL patterns to locate the endpoint.

No sophisticated attack was required. As one security researcher put it: “it just required a contractor, a URL pattern, and a day-one guess.” Anthropic confirmed it was investigating and found no evidence of activity beyond the vendor environment.

What This Actually Means

The security research community is divided on Project Glasswing. Some view it as one of the most significant defensive moves in the AI era, racing to close vulnerabilities before offensive capability becomes widely available. Others note that Anthropic simultaneously accelerated that timeline by building the capability in the first place and then publicizing how dangerous it is.

A 27-year-old vulnerability survived multiple generations of automated testing. A model found it in weeks. That speed differential deserves more sustained attention than any funding announcement.

If this was useful, subscribe to the newsletter for weekly AI PM insights and GenAI case studies.

---

Further Reading

• Anthropic Official: Project Glasswing
• TechTimes: Claude Mythos Unauthorized Access Incident
• Anthropic’s $900B Valuation: Inside the Fastest AI Fundraise Ever