Anthropic’s most powerful model ever can find security holes in software that survived decades of human review — and most of the world, including Australia, can’t access it yet.
Anthropic, the San Francisco-based AI safety company behind the popular Claude assistant, has done something almost unheard of in Silicon Valley: it built its most powerful AI model to date and decided not to sell it to the public.
The model is called Claude Mythos Preview, and the reason for the unusual restraint is significant. During testing, Mythos demonstrated an ability to find and exploit so-called “zero-day” vulnerabilities — previously undiscovered security holes — at a scale and speed that stunned even its own creators.
What Is Claude Mythos Preview?
Mythos Preview is a general-purpose language model, similar in architecture to Claude or OpenAI’s ChatGPT. But during testing it showed a remarkable ability to find and exploit zero-day vulnerabilities — previously undiscovered holes in software systems. Anthropic says the model “could reshape cybersecurity” because it identified thousands of high-severity vulnerabilities across every major operating system and web browser.
The scale of what Mythos found is striking. The vulnerabilities it spotted had in some cases survived decades of human review and millions of automated security tests, and the exploits it develops are increasingly sophisticated.
The UK’s AI Security Institute evaluated the model and found it represents a meaningful step up over previous frontier models. In controlled evaluations where Mythos was explicitly directed and given network access, it could execute multi-stage attacks on vulnerable networks and discover and exploit vulnerabilities autonomously — tasks that would take human security professionals days of work.
Why It Isn’t Being Released Publicly
The decision not to release Mythos publicly is deliberate and, by Anthropic’s account, a principled one. By releasing the model initially to a limited group of critical industry partners and open source developers, Anthropic aims to enable defenders to begin securing the most important systems before models with similar capabilities become more broadly available.
In response to the improvements in cyber capabilities, Anthropic elected to restrict access to the model, prioritising industry and open-source partners who will use Mythos Preview to help secure their systems.
Claude Mythos Preview was announced on 7 April 2026. Project Glasswing is an ongoing initiative. No timeline for broader or regional access has been announced.
Project Glasswing: Defence First
The vehicle for this restricted rollout is Project Glasswing — named after the glasswing butterfly, whose transparent wings allow it to hide in plain sight. The initiative brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks as launch partners, with access extended to over 40 additional organisations that build or maintain critical software infrastructure.
As part of Project Glasswing, Anthropic will give over 50 tech organisations access to Mythos Preview with over $100 million in usage credits, specifically to find and fix vulnerabilities in their foundational systems — systems that represent a very large portion of the world’s shared cyberattack surface.
The philosophy is explicitly defensive. The same AI that can help attackers discover weaknesses faster can also help defenders validate exposure sooner, investigate suspicious activity with more context, and reduce risk before it spreads.
What This Means for Australia
Access to Mythos Preview is currently restricted to Project Glasswing partners — all of which are large US-headquartered technology and infrastructure companies. The model does not support cross-region access, and eligibility requires targeted approval from either Anthropic or its cloud provider partners. There is currently no public pathway for Australian businesses or government agencies to apply.
This creates a meaningful, if temporary, asymmetry. The software that Australian businesses, hospitals, banks, and government agencies run every day — Windows, Linux, major web browsers, cloud platforms — is being quietly audited and patched using a tool that those same Australian organisations cannot themselves access.
That is not necessarily cause for alarm. The patching work being done through Project Glasswing will ultimately benefit everyone who uses that software, regardless of geography. But it does highlight a broader question for Australian organisations: are your cybersecurity stacks ready for a world where AI-assisted attacks become more common, even as the most advanced defensive tools remain out of reach?
The Bigger Picture
The risks from AI-augmented cyberattacks are serious, but there is reason for optimism — the same capabilities that make AI models dangerous in the wrong hands make them invaluable for finding and fixing flaws in important software, and for producing new software with far fewer security bugs.
Whether you view Anthropic’s approach as genuine caution or very clever marketing, the outcome is the same: a handful of major tech and cybersecurity companies now have exclusive access to something that can locate software vulnerabilities faster than any human or team.
For Australian businesses, the practical takeaway is simple: the pace of cybersecurity is accelerating. The window between a vulnerability existing and being exploited is shrinking. Regardless of who has access to Mythos, now is the time to ensure your software is patched, your security posture is current, and your team is prepared for a faster-moving threat landscape.
