Tech Giants Race to Secure Software Against AI Superhacker
Finn's Take· TL;DR- Anthropic's Claude Mythos AI discovers thousands of critical zero-day vulnerabilities across operating systems and browsers, finding flaws undetected for decades and successfully creating exploits 83% of the time.
- Tech giants including Amazon, Apple, Google, and Microsoft join Project Glasswing to access and patch vulnerabilities before exploitation, shifting cybersecurity from discovery to remediation and interpretation.
- Trump administration blacklists Anthropic over military use restrictions while some intelligence agencies test Mythos, creating tension between national security interests and concerns about autonomous weapons development.
AI Model Sparks Unprecedented Security Crisis
Anthropic CEO Dario Amodei visited the White House on Friday for a high-stakes meeting with Chief of Staff Susie Wiles, while his AI company battles the Trump administration in court for blacklisting its Claude AI model. The meeting took place as the US government is trying to balance its hardline approach to Anthropic with the national security implications of turning its back on the company's breakthrough technology – including its Mythos tool that can identify cybersecurity threats but also present a roadmap for hackers to attack companies or the government.
Over the past few weeks, Anthropic has used Claude Mythos Preview to identify thousands of zero-day vulnerabilities (that is, flaws that were previously unknown to the software's developers), many of them critical, in every major operating system and every major web browser. In one remarkable example, the model found a flaw in OpenBSD, a security-focused operating system used in firewalls and routers, which had gone undetected for 27 years.
When directed to develop working exploits, it succeeded on the first attempt in more than 83% of cases. It is the first AI model to complete a 32-step corporate network attack simulation from start to finish. The model's capabilities have sent shockwaves through Washington and Silicon Valley, forcing a fundamental rethink of cybersecurity strategy.
Project Glasswing Unites Tech Giants
Instead of releasing Mythos publicly, Anthropic created Project Glasswing, a controlled access programme that provides the model to roughly 40 vetted organisations, including Amazon Web Services, Apple, Google, Microsoft, Nvidia, Cisco, CrowdStrike, JPMorgan Chase, and Palo Alto Networks, to find and fix vulnerabilities in critical software before they can be exploited. Anthropic is committing up to $100M in usage credits for Mythos Preview across these efforts, as well as $4M in direct donations to open-source security organizations.
When it announced Mythos, Anthropic said it was also forming an initiative called Project Glasswing, bringing together tech giants such as Amazon, Apple, Google and Microsoft, along with other companies like JPMorgan Chase, in hopes of securing the world's critical software from "severe" fallout that the new model could pose to public safety, national security and the economy. The initiative takes its name from the glasswing butterfly, which uses transparent wings to hide in plain sight—a metaphor for bugs that have remained invisible in complex code for decades.
Mythos Preview surfaced thousands of comparable vulnerabilities autonomously in weeks, without billable hours. Finding bugs is no longer the differentiator; interpretation, prioritization, remediation guidance, and legal defensibility are. This shift threatens to upend the entire cybersecurity industry, where vulnerability discovery has traditionally commanded premium pricing.
Pentagon Standoff Complicates Response
President Donald Trump recently announced the administration would sever ties with the company after Anthropic refused to back down on terms that would allow the military to use Claude for "all lawful purposes," including autonomous weapons and mass surveillance. After a breakdown in talks over Claude's use, the Pentagon went on to declare Anthropic a "supply chain risk," a label only used in the past for companies associated with foreign adversaries.
"It would be grossly irresponsible for the U.S. government to deprive itself of the technological leaps that the new model presents," a source close to negotiations told us. "It would be a gift to China." Some parts of the U.S. intelligence community, plus the Cybersecurity and Infrastructure Security Agency (CISA, part of Homeland Security), are testing Mythos.
The White House said the meeting was "introductory," calling it "productive and constructive." "We discussed opportunities for collaboration, as well as shared approaches and protocols to address the challenges associated with scaling this technology," the White House said in a statement. The diplomatic language masks the urgency of a situation where the most powerful cybersecurity tool ever created exists within a company the government has effectively blacklisted.
The Future of Digital Security
The implications reach well beyond tech companies. Much of that underlying, invisible software supports many of the services people rely on every day, from electricity and water to airlines, banking, retail and hospitals. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout—for economies, public safety, and national security—could be severe.
The race is now on between defenders using AI to find and fix vulnerabilities, and potential attackers who may soon have access to similar capabilities. While Project Glasswing represents an unprecedented collaboration between rival tech companies, it also highlights how quickly the cybersecurity landscape is evolving. The question is no longer whether AI will transform digital security—it's whether the good guys can stay ahead of the bad ones.