On April 7, 2026, Anthropic quietly announced the most powerful AI model it has ever built. They called it Claude Mythos Preview. They gave access to 11 companies. They told the rest of the world to wait.
Claude Mythos is not a chatbot upgrade. It is not a smarter assistant for writing emails. It is a system capable of finding thousands of previously unknown security vulnerabilities in real, production-grade software. In one early evaluation, it discovered zero-days inside OpenBSD, FFmpeg, and the Linux kernel itself. Software that billions of people and critical infrastructure systems depend on every day.
What Is Project Glasswing?
Anthropic is not releasing Claude Mythos to the public. Instead, it has launched a controlled program called Project Glasswing, through which it will give over 50 technology organizations access to Mythos Preview along with more than $100 million in usage credits. The stated goal is defensive: let these organizations use Mythos to find and patch vulnerabilities before malicious actors exploit them.
The logic is sound on the surface. If an AI this powerful exists, better to use it to fix holes than to let it sit until someone weaponizes a less controlled version. But there is a more uncomfortable read of this situation.
Anthropic is choosing who gets to use the most capable cybersecurity AI on the planet. Not governments. Not the open-source community. Not independent researchers. Fifty organizations, selected by a private company funded by Amazon and Google, with $100 million in compute credits as the price of entry.
Why This Changes the Power Map of the Internet
We are already living through a period where AI is reshaping who holds power in the economy. 80,000 tech jobs have already been erased in 90 days, and the companies doing it are the same ones building these models. Now the same dynamic is moving into security infrastructure.
The organizations inside Project Glasswing will have a capability that nobody else has: the ability to find and close vulnerabilities at machine speed across their entire codebase. Everyone outside the program is operating with slower tools against a threat landscape that now includes AI-assisted attackers. That asymmetry is not neutral. It is structural advantage.
Anthropic says its eventual goal is to enable users to safely deploy Mythos-class models at scale. That is a carefully worded sentence. It does not say when. It does not say how. It says eventually.
The Capability Is Already Here. The Question Is Who Controls It.
This is a pattern worth paying attention to. We have been debating whether AI will ever be truly capable for years. That debate is over. The race to build more powerful models was never really about capability — it was always about who gets there first and what they do with it when they arrive.
Mythos finding zero-days in Linux is the first public proof that AI has crossed a meaningful threshold in the security domain. Not benchmark scores. Not demos. An actual system, finding actual vulnerabilities, in actual software. That is a different category of event.
The question is not whether this technology is real. It clearly is. The question is whether handing the keys to 50 pre-selected organizations is how we want this capability to enter the world.
What Comes After Mythos Preview
Anthropic is a company that talks about safety more than any of its competitors. It has constitutional AI. It has an alignment research team. It genuinely believes, or at least says it believes, that it is being careful. And maybe it is. But the structure of Project Glasswing is still a private company making a unilateral decision about who gets access to a system capable of reshaping global cybersecurity.
OpenAI’s valuation crossed $852 billion earlier this year. Nobody could explain why without laughing. But if you are sitting on the most powerful vulnerability-finding AI in existence and you are controlling who uses it, the valuation math starts to look less absurd and more menacing.
Claude Mythos Preview is real. The zero-days it found in Linux are real. The 50 organizations who now have access to it are operating in a different world than the rest of us.
Anthropic has not said when the rest of the world gets in. They have said eventually. In technology, eventually usually means when the advantage has already been fully extracted.