You Can't Patch a Hole You Don't Know Is There

Anthropic just released a model it openly admits is too dangerous for the public. Claude Mythos Preview found vulnerabilities in every major operating system and web browser, chained them into novel exploits, and uncovered a flaw in OpenBSD that had gone undetected for 27 years. Rather than shelve it, the company launched Project Glasswing, a coalition of over 40 tech companies tasked with using Mythos to patch critical infrastructure before someone less careful builds the same thing first.

It is either the most responsible move in AI history or a deeply uncomfortable precedent. Probably both.

What Claude Mythos Actually Does

Most AI security tools find bugs. Mythos reasons about them. Earlier models could flag a vulnerability in isolation. Mythos identifies five separate weaknesses in the same codebase and understands how to chain them into an attack that none of them could enable alone.

That is not a incremental improvement. That is a different category of threat.

The early results back it up. Mythos has already surfaced thousands of high-severity vulnerabilities across major operating systems and browsers, found a flaw in the video encoder FFmpeg that survived five million automated tests, and identified several Linux kernel vulnerabilities capable of giving an attacker complete control over a target machine.

Why Project Glasswing Exists

Anthropic is not running Glasswing out of goodwill alone. The company knows the clock is running.

Alex Stamos, former head of security at Facebook and Yahoo, estimates open-weight models will reach similar capability levels within about six months. After that, the same toolkit Mythos uses becomes accessible to ransomware groups, nation-state hackers, and anyone else willing to run a server. The goal of Glasswing is to find and patch as much as possible before that window closes.

The coalition includes Apple, Google, Microsoft, Cisco, and Broadcom. Anthropic is backing it with $100 million in usage credits and $4 million in donations to open-source security efforts. Each partner is responsible for scanning their own systems and contributing to the broader effort on the open-source infrastructure the entire internet depends on.

The Uncomfortable Math Behind This Approach

Project Glasswing is built on a premise worth stating plainly: the only way to defend against a dangerous AI capability is to build it first and deploy it responsibly before someone else deploys it irresponsibly.

That logic is sound. It is also the kind of logic that can justify almost anything if the wrong people are holding it.

Right now a private company holds a working map of critical vulnerabilities across the software stack that modern civilization runs on. The incentives to steal Anthropic's model weights just increased significantly. And this is all happening in a regulatory environment that has largely declined to build any serious oversight structure around AI systems this powerful.

The US government's response so far has been to attempt to designate Anthropic a supply chain risk after the company refused to modify a Pentagon contract to permit mass domestic surveillance and fully autonomous weapons. A judge blocked that designation. So the organization doing the most visible work to handle dangerous AI capabilities responsibly is being treated as a threat by the government that should be its closest partner.

What Comes After Glasswing

The six-month runway is the number that should be dominating this conversation. Whether a private coalition can find and patch enough critical vulnerabilities in that window to meaningfully reduce risk is genuinely unknown. The open-source infrastructure involved is maintained by underfunded, often volunteer-driven communities that have historically struggled to absorb and deploy patches quickly even under normal conditions.

Anthropic is doing what it can do. The harder problem is that the structures around it were not built for a moment like this and show no signs of catching up.

The defensive paradox at the center of this story is real. You cannot protect against a dangerous capability without understanding it. You cannot understand it without building it. And once you build it, you have introduced exactly the risk you were trying to prevent, with the hope that your intentions and your coalition are enough to stay ahead of everyone racing to catch up.