Anthropic Built an AI Superhacker. Only Fifty Companies Hold the Keys.

What does an AI find when you point it at every operating system, every major browser, and every piece of software holding the modern economy together?

Anthropic found out. Fifty companies know the answer, while the rest of us do not.

A couple of weeks ago, Anthropic quietly handed a short list of the world's largest technology and financial companies a cybersecurity advantage every Australian business outside that room is now working without. Apple, Microsoft, Google, JPMorgan Chase, along with roughly fifty others, now have early access to findings from an AI system capable of uncovering software vulnerabilities that had eluded detection for decades.

Everyone else is outside the room.

Anthropic, the AI lab behind Claude, calls the model Mythos. It's already surfaced flaws across what Anthropic describes as "every major operating system and every major web browser," the infrastructure modern life runs on. And in a move with no real precedent in commercial AI, they chose not to release it. They believed it was too dangerous.

Instead of public release, Anthropic announced Project Glasswing, a tightly controlled initiative giving early access to a private coalition of companies whose software underpins large parts of the global economy. The goal: find and patch vulnerabilities before the same capability shows up in hostile hands.

Which raises a question most of us haven't been invited to ask: what's actually happening inside that room, and what does it mean for everyone locked out of it?

Mythos Is Extraordinary Technology.

Credit where it's due.

Take OpenBSD, one of the most security-hardened operating systems in the world. Mythos found a flaw that had survived 27 years and more than five million automated tests. In FFmpeg, which handles a significant share of the internet's audio and video, it surfaced a flaw that had been present for 16 years. These are among the hardest targets in the industry, but Mythos found issues experts had missed for decades.

Open-source projects maintained by small volunteer teams are now receiving security attention at a scale those teams could never achieve alone. Anthropic is putting $4 million into open-source security foundations, and coalition members are sharing findings rather than holding them back.

If you use Chrome, Firefox, Windows, macOS, or Linux, you're already benefiting from this work.

Anthropic Did The Right Thing.

The coalition reads as a Who's Who of critical infrastructure. Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks were in the first wave. More than 40 additional critical infrastructure organisations were added in the weeks that followed.

On 16 April, Anthropic went further. Alongside the release of Claude Opus 4.7, a less capable model, they confirmed they'd keep Mythos Preview restricted and test new cyber safeguards on less capable systems first. They also stated that during training they deliberately reduced certain cyber capabilities.

This was the right decision. According to the Council on Foreign Relations, Mythos Preview is the first AI model restricted from users because of its destructive cybersecurity potential. A commercial lab deliberately limiting its own product and stating so publicly isn't a one-off. It's a pattern of restraint, and the systems billions rely on are safer for it.

And It Still Created A Two-Tier Security Economy.

None of this is a criticism, it's the reality. And that reality has three consequences worth naming.

It Will Be Weaponised.

The capability now exists, which means someone else will build it too.

The Council on Foreign Relations reports that OpenAI is roughly six months behind Anthropic on a model with comparable offensive capability. Other well-funded labs are in a similar position. Nation states and criminal groups are watching closely. History suggests labs don't sit on capability forever. Competitive pressure tends to win, and Mythos is the first example of this class of tool, not the last. The same capability that identifies vulnerabilities for defenders will do the same for attackers once it's in different hands.

It's already happening at the edges. Autonomous pen-testing firm XBOW reported that Opus 4.7 unlocked use cases that weren't viable on the previous generation, with its visual-acuity benchmark jumping from 54% to 98%. That's Opus 4.7, with Mythos Preview explicitly withheld. The offensive curve doesn't pause for Anthropic's restraint.

And the question isn't only who holds the capability. It's what an autonomous threat does once it's inside a network it wasn't built for. Capability that can replicate itself doesn't just spread between organisations. It spreads inside them.

Some practitioners argue Mythos isn't even the real shift. The bigger story is autonomous, agentic AI, which turns AI from a query-and-response tool into something that runs continuously with limited supervision and broad access to the systems it touches.

The Gap Just Widened.

And the technical gap has a commercial twin.

Large enterprises have always had an advantage. Project Glasswing took that gap and blew it wide open.

Fifty-odd companies now have access to a tool that accelerates vulnerability discovery. If you're reading this, you probably don't. When speed decides the outcome, that difference matters.

Call it what it is: a class system for security. If a competitor is in the council of 40 and you're not, they're getting vulnerability intelligence you won't see for months. In markets where security posture matters to customers and regulators, that's a commercial advantage, not just a technical one.

Even in the Opus 4.7 announcement, Anthropic’s public restraint comes with a wink: We have a better model, you just can't use it yet.

The commercial dimension goes further. Initial free access is time-limited. Once those credits run out, continued access becomes pay-to-play. Australian businesses trying to join later may find little free capacity left by the time they arrive. The question for you isn't whether this matters. It's whether you're positioned to be in the room when the pricing conversations start.

There's also a governance question. Self-regulation by major technology and financial firms doesn't have a strong track record, and a private coalition deciding which vulnerabilities get early patching has no independent oversight. Anthropic is acting in good faith, but that doesn't mean the structure it creates is accountable.

We'll Never Patch Fast Enough.

Defence is still measured in weeks. Offence is now measured in hours.

Mythos identifies vulnerabilities in hours. For most Australian businesses, patching takes days or weeks, and vendor update cycles stretch into months. The gap isn't closing.

Project Glasswing makes the gap visible. The time between discovery and remediation is shrinking, but not fast enough to match the speed of discovery. A Mythos-level capability in adversarial hands doesn't wait for scheduled updates. It exploits the gap.

If attackers move at machine speed and you don't, how do you stay resilient?

The Fundamentals Aren't Dead. They Matter More Than Ever.

If patching can't keep pace, success has to be measured differently. Not by how quickly a vulnerability is closed, but by whether a compromised system can reach anything else.

Recently, an unmanaged device on an Australian school network scanned 673 IP addresses using reconnaissance tools. It connected to nothing. Segmentation blocked every attempt, an analyst flagged the activity, and the school was contacted in under 20 minutes. The controls were already in place, and the same fundamentals would contain a far more sophisticated, AI-assisted attack.

Readiness means mapping your controls back to the three risks this article has named.

If threats replicate and move at machine speed, contain the blast radius.

• Segment aggressively, host-to-host where you can manage it.

• Least-privilege access for every user, device, and application. When something's compromised, the damage stops at what it could reach.

If the patch gap is measured in weeks, close it where it matters most first.

• Patch internet-facing assets on a different clock. Monthly cycles aren't fast enough for externally exposed systems.

• Ring-fence what you can't patch. Isolate unsupported legacy systems, monitor them closely, and treat every connection as suspect.

• Harden the endpoint and the server. Ask why a server needs a browser or anything beyond what the workload requires. Fewer applications mean fewer vulnerabilities.

If attackers move at machine speed, your detection and response has to as well.

• A SOC that can act, not just escalate. Raising a ticket at 2am isn't containment.

• Modern endpoint detection. Reputable EDR is now the floor, not the ceiling.

• Don't compromise on logging. Gaps in logs are gaps in defence.

• Test the SOC regularly with purple team exercises, so blind spots surface before a real adversary finds them.

• Tighten what leaves your network, not just what enters.

Underneath all of it: know what you're protecting. Data classification and governance comes before any tool choice. The discipline matters more than the product.

Here's What We're Doing About It.

Project Glasswing tilts the balance between attackers and defenders. The organisations that perform well in this environment will be the ones that invested early in foundational controls and continuous monitoring. That's what we've been building with you in mind.

Lumara SecOps Cloud delivers sovereign 24/7 cybersecurity: continuous monitoring, threat detection, and endpoint response, managed entirely by our Australian-based SOC. It works with the security tools you already have, and it gives you the visibility and response capability that used to be reserved for organisations with ten times your budget.

Access to tools like Mythos would be welcome. Any defender would say the same. But while that access isn't on the table for you, what you can control is whether your environment is segmented, your access is locked down, your patches are current, and someone's watching. That's what Lumara was built to deliver.

If you'd like to talk to us about what that looks like for your organisation, get in touch.