Anthropic Finds 27-Year-Old Flaw in OpenBSD with New AI

Anthropic announced on Tuesday, April 7, 2026, the Claude Mythos Preview, a new AI model focused on cybersecurity. Rather than opening it to the public, the company launched Project Glasswing, granting access only to a select group of partners.

The model identified thousands of zero-day vulnerabilities across all major operating systems, browsers, and critical software. One of the most remarkable discoveries was a 27-year-old flaw in OpenBSD, one of the world's most secure systems used in firewalls and essential infrastructure. Practically, a remote connection could take down any machine running the system.

According to Anthropic's official blog, the Claude Mythos Preview also found a 16-year-old bug in FFmpeg, a video library used almost everywhere. Automated tools had executed that line of code five million times without noticing the problem. It even chained multiple flaws in the Linux kernel to gain full control of a machine from a regular user.

The decision not to release the model openly is due to the double-edged risk. It's exceptionally good at coding and agentic reasoning, making it powerful for both defense and attack. Therefore, Anthropic chose to act quickly and form a coalition.

Initial partners in Project Glasswing include AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, Nvidia, and Palo Alto Networks, along with about 40 organizations responsible for open-source software and critical infrastructure. They will use the model to scan and fix vulnerabilities in their own systems and open-source code.

Anthropic is committing up to $100 million in usage credits for the project, plus $4 million in direct donations for open-source security initiatives. The goal is to patch the gaps before adversaries can exploit them.

The company has also started discussions with U.S. government authorities about the offensive and defensive capabilities of the Claude Mythos Preview.