Skip to main content
CybersecurityHacking

Anthropic Unveils Vulnerability Testbed Amid AI Cyberattack Fears

Dimly lit lab with cracked glass window reflects cityscape, laptop screen displays eerie neural network visualization.

What do you do when the same artificial intelligence that can help find and fix software bugs may also make it easier to create cyberattacks? That is the dilemma at the center of the cybersecurity debate over Anthropic’s latest model.

What Anthropic has announced

Anthropic has introduced a new model called Claude Mythos Preview and, according to the company, is not releasing it to the general public "because of its cyberattack capabilities." The company has also launched Project Glasswing to run the model against a wide range of software — both public-domain and proprietary — with the stated aim of finding and patching vulnerabilities before attackers gain access to the model and exploit them.

What the industry is focusing on

The cybersecurity industry, the source reports, is obsessing over Claude Mythos Preview and its potential effects on security. That attention stems from two linked facts Anthropic itself has emphasized: the model can be used in ways that raise cyber risk, and the company is actively using the model as a defensive tool to hunt for vulnerabilities across a broad swath of code.

Why the approach is consequential

  • Defensive use at scale: Project Glasswing represents an attempt to flip a capability perceived as dangerous into a defensive asset by proactively scanning and remediating vulnerabilities in both public-domain and proprietary software.
  • Timing and control: Anthropic’s decision not to make Mythos Preview broadly available is predicated on preventing attackers from obtaining the model and using it to craft exploits — an explicit acknowledgement that withholding access is part of the risk-mitigation strategy.
  • Industry reaction: Intense attention from cybersecurity professionals suggests a balancing act between rapid beneficial deployment and the risks that wider distribution could enable misuse.

Multiple perspectives on the same fact pattern

Technologists are likely to see Project Glasswing as an aggressive, proactive scanning program that could accelerate discovery and patching of vulnerabilities — a straightforward defensive gain. From a policy perspective, Anthropic’s posture raises questions about how to manage access to powerful models: withholding a capability may reduce immediate misuse but places pressure on the company to act as a gatekeeper and a large-scale defender.

For users and software owners, the program could mean faster fixes for latent bugs if Project Glasswing successfully identifies them. For adversaries, the company’s own language frames a clear incentive: obtain the model and exploit the very vulnerabilities the company is racing to fix.

What to watch next

Anthropic’s stated approach — not releasing Mythos Preview widely while using it to attack and harden software through Project Glasswing — sets up a practical experiment in whether concentrated defensive use can outpace the spread of misuse. The industry’s intense focus suggests this experiment will be closely observed for signs that defensive scanning reduces vulnerability windows or, conversely, that secrecy simply delays inevitable exploitation by malign actors.

If a tool can both find and weaponize software flaws, will keeping it under wraps and using it defensively be sufficient — or will it merely change the terms of a race between defenders and attackers?

https://www.schneier.com/blog/archives/2026/04/on-anthropics-mythos-preview-and-project-glasswing.html