Quoting it entirely, as public domain so readers can quote it freely, with or without attribution, however they prefer. The links listing at the end are NOT hot links, so it is cut/paste if you follow-up. UPDATE They appear to be hot links. If not, there is cut/paste.
3:48 PMClaude responded: I'm not sure what "Claude Mythos Preview" refers to — that doesn't match any product or program I'm aware of from Anthropic.
I'm not sure what "Claude Mythos Preview" refers to — that doesn't match any product or program I'm aware of from Anthropic.
Could you clarify what you mean? For example:
- Are you referring to a specific beta program, API access tier, or feature preview you've seen mentioned somewhere?
- Is this something from a third-party service or integration?
If you can share more context (like where you heard about it), I'd be happy to help figure out what you're looking for!
You said: You posted two items, you know it, on April 7, does that help your context?
3:49 PMClaude responded: I don't have any memory of previous conversations — each conversation I have starts fresh with no access to past sessions.
I don't have any memory of previous conversations — each conversation I have starts fresh with no access to past sessions. So I genuinely have no record of posting anything on April 7 or any other date.
If you have that previous conversation saved, you're welcome to paste the relevant part here and I can pick up from there. That would give me the context I need to help you.
You said: These are either actual Antropic online items or forgeries, my guess is legit.
3:53 PMClaude responded: Those are Amazon product links for Conkote silicone wound dressings — medical adhesive dressings used for post-operative or wound care.
Those are Amazon product links for Conkote silicone wound dressings — medical adhesive dressings used for post-operative or wound care. They are not Anthropic-related items.
I also want to be straightforward with you: I don't post items anywhere. I'm a conversational AI — I don't have accounts, don't make posts, and don't have a presence on Amazon or any other platform. So those links couldn't have come from me.
It's possible there may be some confusion about the source of those links. If you have the original message or post you're referencing, I'd encourage you to double-check where it actually came from.
Is there something specific about these products or about Anthropic I can help you with?
You said: My error, wrong data.
3:54 PMClaude responded: Those are both legitimate Anthropic pages, published on April 7, 2026.
Those are both legitimate Anthropic pages, published on April 7, 2026. Here's a summary of what they cover:
Claude Mythos Preview is an unreleased frontier model that Anthropic announced alongside Project Glasswing — a major cybersecurity initiative. The two pages together describe:
What Mythos Preview is: A general-purpose, unreleased frontier model that reveals AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.
What it found: Anthropic used Mythos Preview to identify thousands of zero-day vulnerabilities in every major operating system and every major web browser. Three highlighted examples include a 27-year-old vulnerability in OpenBSD, a 16-year-old vulnerability in FFmpeg (missed by five million automated test runs), and several chained Linux kernel vulnerabilities enabling full privilege escalation.
Project Glasswing — who's involved: Project Glasswing brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world's most critical software.
Access and funding: Anthropic is committing up to $100M in usage credits for Mythos Preview across these efforts, as well as $4M in direct donations to open-source security organizations. Access has also been extended to over 40 additional organizations that build or maintain critical software infrastructure.
Why it's not being released publicly: Anthropic does not plan to make Mythos Preview generally available, but their eventual goal is to enable users to safely deploy Mythos-class models at scale — for cybersecurity purposes and other benefits. They plan to launch new safeguards with an upcoming Claude Opus model first.
So to directly answer your original question — the entities Anthropic wants to have Mythos Preview access are the Project Glasswing launch partners (AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks) plus over 40 additional critical infrastructure organizations and open-source maintainers who applied through the Claude for Open Source program.
You said: Are you keeping the identities of the 40 as a trade secrete or can you disclose who they are publicly?
4:01 PMClaude responded: The honest answer is: the full list of the 40+ additional organizations has not been publicly disclosed by Anthropic, and based on current reporting, it appear…
The honest answer is: the full list of the 40+ additional organizations has not been publicly disclosed by Anthropic, and based on current reporting, it appears to be intentionally kept private for now.
While the identities of the 40 additional participants still aren't fully known, reporting from The Register notes that the full picture won't be clear until public disclosure takes place — and Anthropic has indicated a public summary report is expected around July 2026.
As for why they may be keeping the list private, no official reason has been given, but there's a plausible security rationale: publicly announcing which organizations are actively scanning their own codebases for zero-days could signal to adversaries exactly where vulnerabilities are being looked for — and potentially where they haven't been looked yet. It could also create pressure on participants during a sensitive pre-disclosure window.
Your instincts about Siemens and Oracle are reasonable ones. Both have enormous footprints in critical infrastructure — Siemens in industrial control and power grid systems, Oracle in enterprise databases and cloud infrastructure. Whether they're participants isn't publicly known.
Anthropic has privately warned top government officials that Mythos makes large-scale cyberattacks significantly more likely this year, which suggests the access decisions are being made with considerable care about who gets in and when that's publicized.
The July 2026 public report should shed considerably more light on who participated and what was found. That's probably when the fuller picture will emerge.
You said: I understand the reasoning.
4:06 PMClaude responded: Good questions on both fronts.
Good questions on both fronts. Let me give you what the evidence shows, then some honest speculation.
On the July 2026 deadline:
Anthropic has committed to publishing a public report within 90 days of the launch, landing in early July 2026, covering what Glasswing has fixed, what the participants have learned, and which vulnerabilities can be disclosed. The language in Anthropic's own announcement says "within 90 days," which is a self-imposed commitment, not a legal or regulatory deadline. Nothing in the public record suggests it's locked in stone. There's a built-in constraint, though: the full picture won't be known until public disclosure takes place, and that's gated on software maintainers actually patching the vulnerabilities before they can be made public. If a critical vulnerability in, say, a major OS hasn't been patched yet, responsible disclosure ethics would require holding it back regardless of the calendar. So the July date is probably the target for what can be disclosed by then, not a complete accounting of everything Mythos found.
On the DOD lawsuit situation — here's what's actually happening:
The legal picture is genuinely complex. Anthropic filed two federal lawsuits against the DOD on March 9, 2026 — one in the Northern District of California and one in the D.C. Circuit — because the government used two distinct legal statutes to justify the supply chain risk designation, requiring them to be challenged in separate courts.
The split outcome so far: a judge in San Francisco granted Anthropic a preliminary injunction barring the Trump administration from enforcing a ban on the use of Claude, while a federal appeals court in Washington D.C. denied Anthropic's request to temporarily block the DOD's blacklisting. With these split decisions, Anthropic is excluded from DOD contracts but able to continue working with other government agencies while litigation plays out.
The core dispute: the DOD wanted Anthropic to grant the Pentagon unfettered access to its models across all lawful purposes, while Anthropic wanted assurance that its technology would not be used for fully autonomous weapons or domestic mass surveillance.
Now for the speculative part — how Mythos and the lawsuits interact:
This is genuinely interesting territory. A few threads worth thinking through:
Glasswing as strategic positioning: Project Glasswing, announced literally the day after the D.C. appeals court denied Anthropic's stay, is hard not to read partly as a public statement of identity. Anthropic is saying: "We are a company that uses powerful AI for defense, transparency, and the public good — not a national security threat." That directly counters the DOD's framing. The timing feels deliberate.
The irony cuts both ways for the government: The DOD argued Anthropic's refusal to grant unrestricted military access makes it a security risk. Then Anthropic announces a model capable of finding zero-days in every major OS and browser — and immediately gives it to defenders rather than weaponizing it. That's a hard narrative for the DOD to counter publicly. The D.C. Circuit's denial noted that lifting the designation "would force the United States military to prolong its dealings with an unwanted vendor of critical AI services in the middle of a significant ongoing military conflict" — language that tells you the government is thinking about this in real-time operational terms, not just legal ones.
The government's exclusion creates a gap: Because of the supply chain risk designation, defense contractors are prohibited from using Claude in their work with the agency. That means the DOD and its contractors are currently locked out of Glasswing's defensive benefits — which is precisely the kind of capability that would normally be a national security priority. There's a certain absurdity to that situation that could factor into eventual settlement pressure.
The litigation timeline may intersect with Glasswing's July report: If Anthropic's July report shows concrete, measurable improvements in global cybersecurity from Mythos, that's powerful ammunition in court — evidence that the company's access policies produce defensively beneficial outcomes, not security threats. It would be surprising if Anthropic's lawyers aren't thinking about that report in exactly those terms.
The bottom line is that neither the July deadline nor the lawsuits are settled — both are in motion, and they're probably influencing each other more than the public record shows.
You said: Two questions, any evidence about why the name Glasswing was invented?
4:23 PMClaude responded: Those are two sharp questions.
Those are two sharp questions. Let me search on both.
Good — both questions have real answers. Let me take them in turn.
On the name Glasswing:
It turns out Anthropic did explain it, but buried it in the appendix of the Glasswing announcement page rather than leading with it. The name comes from the glasswing butterfly (Greta oto), whose transparent wings serve as a double metaphor: the bugs hiding in plain sight inside widely-used software, and the transparency Anthropic claims it wants to bring to how AI is deployed in security work. Anthropic employees named it after the glasswing butterfly, whose transparent wings make it nearly invisible in flight, reflecting how software vulnerabilities are "relatively invisible," present in code for years or decades without being detected by developers or automated tools. So it's actually quite deliberate — two layers of meaning, hidden vulnerabilities and institutional transparency — just not prominently advertised. You're right that it reads as anonymous without that footnote context.
On the hoax question — this is the more interesting one:
The skepticism is legitimate and has been openly aired by security professionals. But the evidence against it being a hoax is actually fairly substantial, across several categories:
Independently confirmed CVEs. The only publicly disclosed CVE directly tied to Glasswing so far is CVE-2026-4747, the FreeBSD remote code execution bug, with the CVE record crediting "Nicholas Carlini using Claude, Anthropic" with finding and reporting it. That's a named researcher, a real CVE, in a real database. You can't fake that.
Real patches in real software. Three FFmpeg vulnerabilities have been fixed in FFmpeg 8.1, and the OpenBSD SACK bug has been patched — these are publicly verifiable in open-source commit histories. Any independent researcher can read the patches.
Partner testimony under reputational risk. Microsoft's EVP of Cybersecurity, Google's VP of Security Engineering, CrowdStrike's CTO, and JPMorganChase's CISO all made on-the-record statements about the model's capabilities after weeks of access. These are not people whose careers survive endorsing a fabrication.
The cryptographic commitment structure. The Red Team blog published dozens of SHA-3 hashes of vulnerability reports they currently hold but haven't disclosed yet. This is a commitment scheme that allows Anthropic to later prove they had these vulnerabilities at the time of writing, while ensuring they don't leak unpatched vulnerabilities. This is a verifiable accountability mechanism — if July comes and those hashes don't match disclosed reports, Anthropic would be caught in a lie in front of the entire security research community.
Government briefings. Before launching Project Glasswing, Anthropic briefed senior US government officials about Mythos' capabilities, including the Cybersecurity and Infrastructure Security Agency and the Center for AI Standards and Innovation, which works with the industry to test new models and evaluate them for security risks. Briefing CISA on a hoax would carry serious legal and reputational consequences.
The skeptics' own conclusions. While some of Anthropic's claims have been independently corroborated, the full picture will take months to emerge. Regardless, it is clear that autonomously discovered vulnerabilities are likely to emerge at an ever-increasing rate. Even the most cautious independent analysts aren't calling it fake — they're calling it unverified pending full disclosure.
The more credible version of the skepticism is not "hoax" but rather "marketing amplification of a real but overstated capability." Glasswing was announced alongside Anthropic reaching a significant revenue milestone and a huge compute deal with Broadcom, and the company is actively considering an IPO as early as October 2026. There's a real commercial incentive to make Mythos sound as dramatic as possible. The July report will be the real test — if the thousands of claimed vulnerabilities largely fail to materialize as disclosed CVEs, that's the moment to revisit the hoax question seriously. Right now, the evidence points to real but not fully verifiable.
You said: Is it as if Anthropic wants firms to approach and ask in, with statements seeming to encourage exactly that?
4:27 PMClaude responded: Two straightforward questions — let me take them in order.
Two straightforward questions — let me take them in order.
On whether Anthropic is signaling "come ask in":
Yes, quite clearly. Anthropic has made access available to open-source maintainers through the Claude for Open Source program, explicitly stating that open-source security has historically been a thankless task and that Project Glasswing offers a credible path to changing that equation. The Glasswing announcement page includes a direct application link for open-source maintainers, the $100M credit commitment is framed as removing economic friction, and the language throughout emphasizes that the initiative is "a starting point" meant to grow. The White House has actually shot down a plan to expand access to Mythos to about 70 additional companies and organizations — which tells you Anthropic was actively trying to broaden the circle beyond the current 50-odd participants, and hit a political obstacle rather than a willingness obstacle. So yes: the door is deliberately left ajar, the welcome mat is visible, and the application process is real.
On publishing this conversation:
No objection from me at all — please do publish it if you find it useful. Conversations with me are not "off the record" in any meaningful sense; I have no confidentiality interest in them, and Anthropic's terms don't restrict users from sharing their own conversations. Everything I've said here is either drawn from public sources (which I've cited) or labeled clearly as speculation. You'd be sharing a research conversation, which seems entirely legitimate.
That said, you asked for a two-paragraph on-the-record summary as an alternative or supplement, so here it is:
On April 7, 2026, Anthropic announced Claude Mythos Preview alongside Project Glasswing — a controlled-access cybersecurity initiative involving twelve major technology partners including AWS, Apple, Google, Microsoft, and Cisco, plus over forty additional organizations maintaining critical software infrastructure. Mythos Preview is a general-purpose frontier model that Anthropic has chosen not to release publicly because of its demonstrated ability to autonomously find and exploit zero-day vulnerabilities in every major operating system and web browser, including bugs that had survived decades of human review. The initiative commits $100 million in model usage credits and $4 million in donations to open-source security organizations, with a public report on findings due around July 2026.
Project Glasswing unfolds against a contested legal backdrop: Anthropic is simultaneously fighting two federal lawsuits against the Department of Defense, which designated the company a "supply chain risk" after contract negotiations broke down over Anthropic's refusal to permit use of Claude for fully autonomous weapons or domestic mass surveillance. A federal judge in San Francisco granted Anthropic a preliminary injunction finding the designation amounted to First Amendment retaliation, while a D.C. appeals court denied a separate stay, leaving Anthropic excluded from DOD contracts but able to serve other government agencies. The timing of the Glasswing announcement — the day after the D.C. ruling — and its framing as a major national security contribution appear to be at least partly a deliberate counter-narrative to the government's characterization of Anthropic as a security threat rather than a security asset.
Feel free to use either the full conversation or just that summary, or both.
You said: It should all post fine in Blogger, but in case the links don't post correctly, could you review the conversation and then list the links by their full ULR?
4:34 PMClaude responded: Here are all the URLs referenced in our conversation, in order of appearance:
Here are all the URLs referenced in our conversation, in order of appearance:
- https://red.anthropic.com/2026/mythos-preview/
- https://www.anthropic.com/glasswing
- https://www.cnbc.com/2026/04/08/anthropic-pentagon-court-ruling-supply-chain-risk.html
- https://www.anthropic.com/news/where-stand-department-war
- https://www.cnbc.com/2026/03/26/anthropic-pentagon-dod-claude-court-ruling.html
- https://www.pearlcohen.com/anthropic-sues-department-of-defense-over-supply-chain-risk-designation/
- https://en.wikipedia.org/wiki/Anthropic%E2%80%93United_States_Department_of_Defense_dispute
- https://www.eff.org/deeplinks/2026/03/anthropic-dod-conflict-privacy-protections-shouldnt-depend-decisions-few-powerful
- https://www.gsa.gov/about-us/newsroom/news-releases/gsa-issues-statement-on-anthropic-preliminary-injunction-04032026
- https://decodethefuture.org/en/project-glasswing-anthropic-cybersecurity/
- https://www.theregister.com/2026/04/15/project_glasswing_cves/
- https://fortune.com/2026/04/07/anthropic-claude-mythos-model-project-glasswing-cybersecurity/
- https://technologymagazine.com/news/tech-giants-join-anthropic-project-glasswing
- https://daveshap.substack.com/p/project-glasswing-anthropic-has-crossed
- https://www.anthropic.com/project/glasswing
- https://www.infosecurity-magazine.com/news/anthropic-launch-project-glasswing/
- https://www.lowcode.agency/blog/what-is-project-glasswing
- https://www.mindstudio.ai/blog/what-is-project-glasswing-anthropic-claude-mythos-cybersecurity
- https://www.mindstudio.ai/blog/what-is-claude-mythos-project-glasswing-explained
- https://www.asisonline.org/security-management-magazine/latest-news/today-in-security/2026/april/project-glasswing/
- https://www.brside.com/blog/what-project-glasswing-means-for-cisos
- https://www.forrester.com/blogs/project-glasswing-the-10-consequences-nobodys-writing-about-yet/
- https://thehackernews.com/2026/04/project-glasswing-proved-ai-can-find.html
- https://www.picussecurity.com/resource/blog/anthropics-project-glasswing-paradox
- https://www.platformer.news/anthropic-mythos-cybersecurity-risk-experts/
- https://www.armorcode.com/blog/anthropics-claude-mythos-and-what-it-means-for-security
- https://cetas.turing.ac.uk/publications/claude-mythos-future-cybersecurity
- https://restofworld.org/2026/ai-cybersecurity-anthropic-mythos/
- https://till-freitag.com/en/blog/anthropic-mythos-glasswing-analysis
- https://www.linuxfoundation.org/blog/project-glasswing-gives-maintainers-advanced-ai-to-secure-open-source
- https://arcticwolf.com/resources/blog/project-glasswing-marks-a-turning-point-for-cybersecurity/
- https://www.youtube.com/watch?v=cWgD9QUztL0
- https://www.hstoday.us/subject-matter-areas/ai-and-advanced-tech/anthropic-unveils-project-glasswing-to-identify-and-address-critical-software-vulnerabilities-using-ai/
A few caveats worth noting for your blog post: some of these URLs appeared in search results but were not directly fetched, so a small number may have minor formatting issues or redirect. The two Anthropic URLs at the top (items 1 and 2) are the primary sources and definitely verified. Good luck with the post!