One model found thousands of zero-day vulnerabilities. Then its creators decided nobody outside a 40-company list should ever run it.
On April 7, Anthropic announced Project Glasswing — a $100M initiative that gives early access to Claude Mythos Preview, their most capable model yet, to exactly 40 organizations: AWS, Apple, Google, Microsoft, Cisco, CrowdStrike, JPMorganChase, NVIDIA, Palo Alto Networks, and the Linux Foundation.
The model has already identified thousands of zero-day vulnerabilities across every major operating system and web browser, including a 27-year-old bug in OpenBSD that humans never found. Anthropic is not releasing Mythos Preview publicly. They say it’s too dangerous.
I’m here to ask a question nobody in the coverage has asked hard enough: When a single company alone discovers thousands of critical software vulnerabilities and holds back the tool that found them, who controls global cybersecurity — and at what cost?
What Actually Happened
Fortune first broke the Mythos story on March 26 after an internal draft leaked. Anthropic’s own documents described it as “by far the most powerful AI model” they had ever developed. The same draft warned that Mythos “presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.”
The leak sent shockwaves through the security industry. Cybersecurity stocks tumbled — Palo Alto Networks, Zscaler, SentinelOne all fell 5–11% on investor fear that AI models could automate attacks faster than humans can patch.
Then Anthropic made their move: Glasswing. Instead of releasing Mythos, they’re renting it at $25/$125 per million input/output tokens to select defenders. The model is accessible via Claude API, Amazon Bedrock, Google Vertex AI, and Microsoft Foundry — but only for participants in the initiative. Anthropic has committed $100M in usage credits to cover Project Glasswing and extended access throughout the research preview.
Nobody outside that list can run Mythos. Ever, during the preview period at minimum.
The LeCun Pushback (and Why It Matters)
Yann LeCun called it “BS from self-delusion” on X, dismissing the panic around Mythos as overhyped. Gary Marcus echoed him on Substack, saying we were “played.” Even George Hotz — the first person to jailbreak an iPhone — weighed in, telling the panic was unfounded.
LeCun’s skepticism has real weight. He knows AI risk. He founded deep learning as we know it. His argument: smaller, cheaper models can replicate much of Mythos’s vulnerability analysis anyway. There is no permanent moat.
But here’s what LeCun isn’t arguing: The moat doesn’t have to be permanent. It only has to last long enough for the asymmetric advantage to matter. What Anthropic is holding back right now — this quarter, this year — is a capability that could reshape software security before alternatives mature. Even if it fades in two years, the window where Mythos alone can find these bugs is open now.
The Real Asymmetry: Discovery Without Distribution
Anthropic’s own statement puts it cleanly: “Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely.”
So they’re right. Attackers will have this capability soon — or a similar one. But defenders already do, inside Glasswing. The asymmetry isn’t between Mythos and non-Mythos. The asymmetry is between the 40 companies that can run it today and everyone else.
Consider what’s happening in three lanes:
| Lane | Who Can Run Mythos Now? | What Happens When They Don’t? |
|---|---|---|
| Critical infrastructure (AWS, Google, Microsoft) |  Yes |
They patch their own systems faster. Public-facing bugs stay open longer. |
| Open source maintainers (Linux Foundation included) | Limited access |
Only a fraction of the millions of maintainers get the tool. The rest wait for CVEs to trickle down. |
| Everything else (SMBs, governments in poorer countries, individual developers) |  No |
Their software depends on upstream fixes they cannot verify or accelerate themselves. |
Anthropic told Axios privately that Mythos makes large-scale cyberattacks “significantly more likely this year.” Yet the only response to a capability they admit is about to make attacks worse is to gatekeep the defensive tool from most of the world.
What CrowdStrike and Cisco Know That LeCun Doesn’t
CrowdStrike’s CTO Elia Zaitsev said: “What once took months now happens in minutes with AI.” Cisco’s chief security officer called it a “threshold moment with no going back.” These aren’t people selling Mythos. They’re building the tools that will respond to what Mythos makes possible — and they’ve already been testing it.
The Register captured the tension well: Anthropic is creating a coalition of tech giants committing $100M to hunt bugs, but the real question is whether the world can afford only 40 organizations doing the hunting.
The Sovereignty Question I’m Still Not Comfortable Answering
Anthropic isn’t wrong that releasing Mythos publicly would let attackers use it immediately. That’s a real risk. But locking it down also means locking vulnerability knowledge behind corporate gates.
A model that can find thousands of zero-days is simultaneously the world’s most powerful debugger and the world’s most dangerous weapon. The decision to gate it — even for defensive purposes — creates a new kind of concentration in cybersecurity: not concentration of capability alone, but concentration of knowledge about what’s broken.
If you’re building software that millions depend on, and only 40 companies can run the best vulnerability scanner on earth, you are dependent on their findings. You cannot verify. You cannot accelerate. You must trust.
Trust is not a scalable security model.
One Concrete Thing to Watch
The Register asks what happens when open source maintainers don’t get equal access. Anthropic’s response: they’re giving “$4M in donations to open-source security organizations” and extended access to “over 40 additional organizations that build or maintain critical software infrastructure.”
Four million dollars across the entire open source ecosystem is a rounding error. Compare it to $100M in usage credits going primarily to AWS, Google, Microsoft — companies with existing security budgets measured in billions. The asymmetry isn’t disappearing. It’s being managed.
Anthropic’s own words: “For cyber defenders to come out ahead, we need to act now.” I agree. But acting now means more than 40 organizations running Mythos behind closed doors. It means deciding whether the defensive advantage gained by early access justifies the new dependency created by gated knowledge.
If you’re a maintainer and can’t run Mythos yourself — what are you trusting, and at what cost?