Anthropic Locks Claude Mythos Into Cybersecurity With Glasswing

Anthropic Restricts Claude Mythos to Defensive Cybersecurity

Anthropic has quietly tightened access to Claude Mythos, the frontier model it has been testing internally as a "step change in capabilities," and is steering its initial deployment toward defensive cybersecurity rather than a broad public release. The decision reflects growing concern inside the company about the dual-use risks of highly capable AI systems that can read, reason about, and patch complex codebases.

Rather than ship Mythos into the general Claude product line, Anthropic is funneling access through a new coalition called Project Glasswing, which includes Amazon, Apple, Google, Microsoft, and Nvidia. Partners in the program are using Mythos to hunt for high-severity vulnerabilities across operating systems, browsers, and widely deployed enterprise software.

"We would rather Mythos find the next zero day before someone else weaponizes it. That means starting with defense, not demos." — Anthropic spokesperson

Why Glasswing, and Why Now

The Glasswing coalition is designed to give Anthropic control over how its most capable model is exposed to the world. By restricting access to vetted security teams at five of the largest platform companies, Anthropic can observe how Mythos performs on sensitive codebases without exposing the model to abuse by ransomware operators or state-sponsored groups. Several of the partners have reportedly committed engineers to triage Mythos-discovered bugs within 72 hours of disclosure.

The move comes as U.S. and EU regulators intensify scrutiny of frontier AI labs over offensive cyber capabilities. Anthropic's own Responsible Scaling Policy classifies autonomous vulnerability discovery as a capability that requires heightened controls, and Mythos appears to have crossed that threshold in internal evaluations.

The Frontier Race Context

Mythos lands as rival labs push their own agentic coding and security tools. OpenAI's latest reasoning models have been pitched for code review, while Google DeepMind's Gemini security agents have been tested inside Project Zero. By constraining Mythos to defense-first deployments, Anthropic is trying to differentiate on safety posture rather than raw capability — a positioning that has helped it win enterprise contracts over the past year.

For the Glasswing partners, the payoff is access to a model that internal testers describe as the most capable bug-hunter Anthropic has built. Microsoft, which previously used Claude to find 22 vulnerabilities in Firefox, is reportedly planning to run Mythos against Windows kernel code and Azure's identity stack.

What This Means for Engineers

For security engineers, Mythos and Glasswing preview a near future where AI-assisted vulnerability discovery becomes part of every major platform's SDLC. Teams that understand how to triage AI-generated bug reports, reproduce findings, and integrate autonomous scanners into CI pipelines will be in high demand. For job seekers, expect a sharp rise in postings for "AI security engineer," "red team automation," and "secure code reasoning" roles across hyperscalers and AI labs.