How to prepare for Project Glasswing 2026 Disclosure

In our latest blog post for technology, security and risk leaders at SaaS and financial services businesses, James Hooker, our Chief Information Security Office, is taking a deep-dive into Project Glasswing: how to best prepare and what comes after.

Anthropic's Claude Mythos is the first frontier model the company has decided is too dangerous to ship. Independent testing showed it could autonomously identify and chain exploits across every major operating system and browser, including a 27 year old vulnerability in OpenBSD and a 17 year old remote code execution flaw in FreeBSD. Those results were significant enough that Anthropic has held the model back and built an access programme around it instead.

That programme is Project Glasswing: roughly 50 vetted partners (AWS, Apple, Microsoft, Google, CrowdStrike, Palo Alto Networks, NVIDIA, JPMorgan Chase, Cisco, Broadcom and the Linux Foundation among them) get supervised access to Mythos Preview to find and patch vulnerabilities in their own products and in the open source code we all depend on, before the capability proliferates. The first public summary report is expected in July 2026, and patch volume is expected to peak in the weeks running up to it. Many of the most operationally significant CVEs are likely to sit in shared dependencies like TLS, parsing and auth libraries, meaning a single CVE may require coordinated patches across hundreds of downstream products.

That's the trigger event. Now to the people advising the boards.

 

What the Big 4 are saying

EY, PwC, Deloitte and KPMG have all published direct positions on Mythos, and the striking thing is how aligned they are. None are treating it as hype. The consensus runs to four points: the bottleneck has moved from detection to execution speed, and finding bugs is no longer the hard part; the response window is now measured in weeks, not quarters; protection by policy (Anthropic gating Mythos) is temporary, with comparable capabilities expected from other labs within 6 to 18 months; and you cannot assume your software vendors are ready. You need to seek explicit assurance, not hope. KPMG adds an important insurance-specific note: capacity in already tight sectors (utilities, OT/SCADA, telcos) will harden first. Deloitte's 90-day prescription is the most actionable summary of the lot: scan and remediate your own code now, and treat vendor assurance as a contractual requirement rather than a quarterly review item.

 

And the cyber insurance market?

Insurers haven't moved on price yet, but the language has shifted fast. Fitch Ratings flagged in February that Mythos has raised eyebrows and that vulnerabilities will likely outnumber patches in the short to medium term. Brokers expect the early move to be on wordings and exclusions rather than premiums explicit AI discovered vulnerability carve outs, real-time evidence of patching cadence as a condition of cover, and a harder line on shared dependency aggregation. CyberCube has drawn the uncomfortable historical parallel to BlueKeep / Ransomware-as-a-Service in 2019, which produced a 30-point average rise in US cyber loss ratios once FY19 financials were filed. Once the first high-profile post-Mythos loss lands, repricing won't be gradual.

 

What I think this actually means

Anthropic holding the model back doesn't keep the cat in the bag, but it buys time. Other labs are racing to reproduce Mythos-class capability, and open-weight catch-up is widely expected within 6 to 18 months. Anthropic's choice to gate access through a defender-first coalition is, on balance, the responsible play: it gives critical infrastructure a head start before the same capability is generally available. It is not a permanent win. It is a head start.

The pressure on vendors is the most important short-term lever. If you run anything material on SaaS (and most of us do), your supply chain is now your security perimeter in a way it wasn't a year ago. Ask your vendors directly what their Glasswing-era patch timelines look like, what their incident response plan is for an AI-discovered vulnerability in a shared dependency, and how they prioritise. If they can't give you a coherent answer, that is the answer. Deloitte's ‘seek assurance, don't assume’ is the right framing.

Library dependencies are where this gets ugly. Two of Mythos's flagship findings were in projects maintained by small volunteer teams. When Glasswing surfaces a vulnerability in a low-headcount upstream library, and the library that depends on it is itself waiting on its own upstream fix, the patch cascade can take months. Plan for that to be the norm, not the exception.

 

What we're doing at MillTech

Three concrete steps:

1. Dedicated tech resource to prepare for the fallout. To support our security engineers, we have ring-fenced block of time for our entire development team, which we have called Patch Fest’ to fix dependency issues and address known vulnerabilities ahead of the Glasswing disclosures. This is expensive, and we couldn't do it without strong backing from our C-suite and board.

2. Shifted security as far left as it can practically go. Developers get the tooling to identify security issues as they write code, with library updates as a first-class part of the workflow rather than something logged on a quarterly cadence.

3. Operating on the assumption that everything is insecure. As frontier models keep improving, a Mythos-scale event is going to be at least an annual occurrence. The right answer is detection and response capability with a heavy emphasis on automated remediation, built internally and demanded contractually from every vendor we rely on.

 

One last warning

Before everyone runs out and points AI at log analysis to detect AI-generated attacks: remember that infosec, at its core, is about tricking people and machines into doing things they aren't meant to do. The moment AI-operated log watchers and detection pipelines become the norm, sophisticated APTs (and AI-augmented attackers) will adapt. They'll learn what not to trigger to stay below the threshold, and where models can be trusted to make decisions, they'll work out how to poison them.

Mythos isn't the last wave. It's the first one we can see clearly. Build for the ones we can't.