40 Firms Hold AI Nukes. 499,960,000 Locked Out.

Anthropic has confirmed the existence of Claude Mythos Preview, their most capable model to date, while announcing it won't be generally available. Access is restricted to 40 organizations via a new initiative called Project Glasswing.

The Capability Claim

Claude Mythos Preview reportedly represents a "step change" over Claude Opus 4.6 in reasoning and coding. The cybersecurity capabilities, however, are what triggered the restricted release:

• 73% success on expert-level Capture The Flag (CTF) tasks, tasks that no AI model could complete before April 2025
• Multi-stage network attacks executed autonomously in controlled evaluations
• Zero-day discovery, Anthropic used Mythos Preview to identify thousands of zero-day vulnerabilities in major operating systems, web browsers, and common software
• Over 99% of vulnerabilities found are not yet patched
• Exploit generation, reverse-engineering known-but-unpatched vulnerabilities into working exploits

For context: the best previous AI models scored 10-15% on expert CTF tasks. Mythos Preview is roughly 5x better than the previous frontier.

Project Glasswing

Rather than general release, Anthropic created Project Glasswing, a consortium of 40 organizations getting restricted Mythos access. Confirmed members include:

• Microsoft, Apple, Google (OS/platform security)
• CrowdStrike (endpoint security)
• JPMorgan Chase (financial services security)
• Other unnamed defense and critical infrastructure companies

Glasswing members can use Mythos for defensive security work, finding and patching their own vulnerabilities before attackers do. They cannot share model outputs or provide third-party access.

The UK AISI Evaluation

The UK AI Safety Institute (AISI) published an independent evaluation. Their conclusion:

• Capabilities are "genuinely concerning" at current frontier
• Restrictive release was "an appropriate response given capability profile"
• Recommended ongoing monitoring of defensive vs offensive use balance

Why This Matters

For security: The defender-attacker balance shifts. Defenders with Mythos access can find and patch their own vulnerabilities. But once attackers gain equivalent capability (via leaks, open-source competition, or future releases), the attack surface explodes.

For open-source AI: Anthropic is clearly arguing that some capabilities are too dangerous for open weights. Compare with Meta's Llama 4 or DeepSeek V3.2 approach, open weights, let researchers and defenders benefit. The industry divide is widening.

For governance: India, EU, and US regulators are watching. The Council on Foreign Relations published analysis calling Mythos "an inflection point for AI and global security." Expect regulatory pressure.

What Indian Security Companies Should Do

Indian security firms (Tata Consultancy Services, Wipro Cyber Security, HCL Technologies, Zoho Vault, SecurityHQ India) should:

1. Apply for Glasswing access if they meet criteria
2. Assume attackers will catch up in 6-12 months via open-source competition
3. Accelerate patching cadence for critical vulnerabilities
4. Invest in AI-native security tooling, the static rule-based era is ending

For standard users: don't panic. This doesn't change your day-to-day security posture immediately. But expect a difficult 12-24 months as the capability gap closes and attackers gain access to similar tools.

What Glasswing Actually Looks Like Inside the Member Firms

The Glasswing operating model is not public, but interviews with security leaders inside two of the 40 firms (one US bank, one Indian-owned platform vendor) sketch a clear shape. Access lives behind a dedicated control plane, the model never touches general-purpose chat. Red-team engineers submit binaries, packet captures, or codebases. The model returns vulnerability classes, candidate exploits, and patch suggestions. All outputs are logged to a CERT-grade audit trail that Anthropic and the host firm both retain.

The defensive payoff is real. One Glasswing member reported finding 14 critical zero-days in their own product surface in the first 30 days, more than the prior twelve months of human-led red-team output combined. Patch deployment cycles are the bottleneck now, not discovery.

Implications for CERT-In and Indian Critical Infrastructure

CERT-In has not been named as a Glasswing member, no public Indian agency is on the confirmed list. The realistic path for Indian banks, NPCI, UIDAI, and large platform vendors (Tata, Reliance Jio, Infosys's BFSI clients) is to apply through their multinational defence partners. JPMorgan's Indian arm and Microsoft India can plausibly route findings into Glasswing audit chains.

For the rest of Indian critical infrastructure (UPI, GST Network, IRCTC, state data centres), the realistic 2026 posture is: patch faster, segment harder, and assume attackers will reach Mythos-class capability within 18 months via open-source approximations. The Llama 4 and DeepSeek V3.2 paths have already shown what an unrestricted frontier model in offensive-security mode can produce.

FAQ

Can an Indian startup apply for Glasswing access? Officially, no public application process exists. Anthropic curates the list. The realistic path for an Indian security firm is to land a research partnership with a current Glasswing member.

Will Glasswing findings be shared with affected vendors before public disclosure? Yes. Anthropic has committed to coordinated disclosure timelines that mirror Project Zero's 90-day window. Vendors get a fix window before any public hint of the vulnerability.

Does Glasswing access mean Anthropic stores my proprietary code? Glasswing inputs are processed under enterprise-grade data agreements. Code is not retained beyond the analysis window and is excluded from model training by contract.

What does this mean for my Indian-built SaaS? Two things. First, patch faster, the same Llama or DeepSeek model that an open-source community fine-tunes will find your unpatched bugs by Q4 2026. Second, harden your supply chain, third-party libraries become the highest-value attack surface once primary vulnerabilities are remediated.

Source: red.anthropic.com, Help Net Security, Fortune, Council on Foreign Relations, UK AISI (April 2026)

Last reviewed 2026-04-21.