When the world’s software is everyone’s problem but the solution belongs to twelve American companies, we should ask whose security we are actually talking about.
I spend a lot of time in the Alps — on rock, on snow, occasionally in the dark when a route takes longer than planned. One thing you learn quickly in the mountains is that a rescue system that only covers certain valleys, run exclusively by people from one country, is not a rescue system. It is a club with a flag on it.
I have been thinking about that image since Anthropic announced Project Glasswing on 7 April 2026. The initiative is built around Claude Mythos Preview, an unreleased AI model that Anthropic describes as capable of finding and exploiting zero-day vulnerabilities in every major operating system and web browser. The technical achievements are real and they are striking. During internal testing, Mythos Preview fully autonomously identified a 17-year-old remote code execution vulnerability in FreeBSD — CVE-2026-4747 — that allows an unauthenticated attacker anywhere on the internet to gain root on any server running NFS. Separately, a researcher on the red team noted that Mythos found a crash vulnerability in OpenBSD that had been sitting undetected for 27 years: send a small amount of data to any OpenBSD server and bring it down. He said he had found more bugs in a few weeks with Mythos than in the rest of his career combined.
These are not incremental improvements. They represent a qualitative shift in what machine intelligence can do with software. Anthropic’s own documentation frames this honestly: models have now reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting vulnerabilities. That is a sentence worth reading twice.
The response, Project Glasswing, is presented as a defensive initiative — a coordinated effort to give Mythos access to the organisations responsible for the most critical global software infrastructure, so defenders can get ahead of attackers before models with similar capabilities proliferate. Anthropic has committed $100 million in usage credits and $4 million in direct donations to open-source security organisations. The twelve founding partners are AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic itself. Access has been extended to roughly 40 additional organisations, the composition of which has not been disclosed.
Every founding partner is American. The extended cohort’s geography is not public. The model itself is not being released.
Who Builds the Rescue System Gets to Define the Emergency
The security rationale is coherent. A model capable of autonomous exploitation at this level cannot simply be handed to everyone and trusted not to cause damage. Restricting access to a set of major infrastructure operators while patching is done is, in principle, a defensible approach. I am not arguing that Anthropic should have released Mythos publicly.
What I am arguing is that the choice of who gets early access, who is excluded from governance, and who shapes the norms that emerge from this initiative has profound consequences that are being underweighted in the coverage.
Security expert Bruce Schneier was direct about the dynamics at play: the announcement was, at least in part, a PR move — and it worked. Within a week, OpenAI had announced a similarly restricted rollout of its own cybersecurity-focused model. Anthropic’s valuation reportedly doubled to $800 billion by mid-April, while annualised revenue was reported to have jumped from $9 billion to $30 billion in the first months of 2026. These figures do not invalidate the technical case for Glasswing. But they are part of the context, and anyone writing about this initiative as purely altruistic safety leadership is missing the picture.
There is a pattern here that I have seen in other domains. When a powerful capability becomes technically mature, the organisations that control it move quickly to establish themselves as its responsible stewards. Regulatory frameworks then form around their assumptions, their governance preferences, their definitions of risk. Competitors — particularly international ones — face a raised barrier. The capacity to define what “responsible” means is itself a form of competitive advantage. This is not necessarily malicious. It is simply how power concentrates around capability.
The European Commission’s AI Alliance has already noted that the Glasswing announcement requires a formal technical audit within the EU’s 2026 digital governance framework. With the EU AI Act moving toward full enforcement in August 2026, models like Mythos sit squarely in the category of systemic risks that require public oversight, not just corporate vetting. The EU AI Office was not among the initiators of Project Glasswing. That is a governance gap, not a detail.
The Sharpest Critique Comes from Lagos, Not Brussels
I want to spend a moment on a perspective that has been largely absent from Western technology coverage of this story.
Civic technology researchers writing from Nigeria have made the structural argument as plainly as I have seen it made anywhere. The absence of any African technology institution, government agency, or civil society organisation from Project Glasswing’s launch — or from the expanded cohort of forty additional organisations — is a structural signal that the global AI safety conversation continues to sideline the Global South. Africa loses an estimated 10% of its GDP each year to cyberattacks, according to the UN Economic Commission for Africa. The World Economic Forum’s Global Cybersecurity Outlook 2026 found that only 8% of organisations in Sub-Saharan Africa rate their cyber resilience as meeting requirements, compared to a global average of 19%.
The infrastructure at risk is not abstract. Legislative monitoring platforms, election observation systems, digital accountability databases, and open data portals across the continent are built on the same open-source software stacks — Linux, Apache, and others — that Glasswing partners are now scanning with Mythos. The Linux Foundation is a Glasswing partner, and open-source security is explicitly part of the initiative’s mandate. But there is a meaningful difference between securing infrastructure and ensuring that the institutions governing the most vulnerable parts of that infrastructure have any voice in how that security is managed.
When Mythos-class capabilities eventually proliferate — and Anthropic itself acknowledges that proliferation is a matter of when, not if — only the organisations that participated in Project Glasswing will have built the institutional experience and internal capacity to respond. The window being created right now is not just an opportunity for the twelve founding partners. It is a window that is closing for everyone else.
What a Genuinely Global Initiative Would Require
I am not naive about the practical difficulties. Inclusion creates coordination costs. Not every institution has the security infrastructure to handle a model this capable responsibly. Speed matters when you are trying to patch before attackers get equivalent access.
But these are engineering and governance problems, not impossibilities. A genuinely multi-polar initiative would need at minimum four things that Glasswing currently lacks.
European institutional participation. ENISA, the EU Agency for Cybersecurity, should be a counterbalance — not because European companies need a commercial advantage, but because public-sector oversight of this kind of capability serves the public interest in ways that a consortium of technology companies cannot. ASML and SAP manage critical nodes in global hardware and enterprise software supply chains; their absence leaves blind spots.
Asian manufacturing and semiconductor representation. TSMC and Samsung manufacture the chips that run the software Glasswing is scanning. The Cyber Security Agency of Singapore would offer a neutral, high-capability bridge between Western and Eastern security standards in a way that none of the current twelve partners can.
Global South involvement, not as recipients but as participants. TCS and Infosys maintain vast portions of the world’s software. India’s developer base is not a footnote to global software infrastructure — it is a central pillar of it. African institutions managing civic and governmental digital infrastructure face some of the sharpest exposure to exactly the categories of vulnerability Mythos is finding. Their participation is not charity; it is technical completeness.
Multilateral governance. Anthropic itself has acknowledged that an independent, third-party body bringing together private and public-sector organisations across borders might eventually be the right home for this work. The ITU, as the UN’s agency for digital technology, could provide a framework for global disclosure norms and prevent the effective hoarding of vulnerability intelligence by a single national corporate ecosystem. That acknowledgement in Anthropic’s own documentation is worth more than it has been given credit for. It should be acted on, not treated as aspirational language.
The Governance Question Is Not Separate from the Technical One
I run a company, Fab Campaigns, that works at the intersection of data, environmental intelligence, and cross-border partnerships. One of the principles I apply consistently is that the governance architecture of an initiative is not separate from its technical architecture — it is part of the technical architecture. How a system is governed determines what it optimises for, who bears its risks, and who captures its value. A vulnerability patching programme governed exclusively by U.S. corporate interests will, over time, optimise for U.S. corporate interests — even if its individual participants are acting in good faith.
The Internet Governance Project made this point well: what Project Glasswing is actually organising is not just model access. The scarce resource, as vulnerability discovery becomes commoditised, is the institutional capacity to close the loop from discovery through verified remediation. The twelve founding partners are not just large technology firms — they are the organisations with the deepest institutional knowledge of their own codebases. That knowledge compounds. The gap between participants and non-participants will widen over the coming months, not narrow.
Voluntary disclosure by companies that simultaneously profit from the announcement of their capabilities is not adequate transparency. It is marketing dressed in the language of safety. That framing may be uncomfortable, but the numbers around Anthropic’s valuation make it unavoidable.
Project Glasswing is a genuine technical watershed. The capabilities that Mythos Preview has demonstrated are real, and the case for using them defensively before they proliferate is sound. I do not doubt the sincerity of the researchers involved, many of whom have spent careers building the kind of judgement required to handle this responsibly.
But a rescue system that covers certain valleys, run by people from one country, is not a rescue system. Until Project Glasswing includes European regulators, Asian manufacturers, Global South institutions, and multilateral governance bodies with genuine authority, it is something more precise and more limited than a global safety initiative.
It is a technological moat with excellent PR.
The question worth asking — and worth pressuring Anthropic, publicly and directly, to answer — is whether the independent, multi-polar governance body they gesture toward in their own documentation will materialise before the window closes, or after it.
If you have thoughts on the governance architecture of AI-driven security initiatives, or on where the multilateral conversations on this are actually happening, I am interested. My contact details are on this site.
Sources
Anthropic, Project Glasswing: Securing critical software for the AI era — anthropic.com/glasswing
Anthropic Red Team, Assessing Claude Mythos Preview’s cybersecurity capabilities — red.anthropic.com
Fortune, Anthropic is giving some firms early access to Claude Mythos to bolster cybersecurity defenses — fortune.com
Foreign Policy, How Big of a Threat Is Mythos? — foreignpolicy.com
Bruce Schneier, On Anthropic’s Mythos Preview and Project Glasswing — schneier.com
Foreign Affairs Forum, Claude Mythos and Project Glasswing: The Most Dangerous AI Ever Built and the Emergency Plan to Control It — faf.ae
Internet Governance Project, AI, Project Glasswing, and the Changing Institutional Economics of Bugs — internetgovernance.org
TheCable, When AI safety looks like exclusion: What Project Glasswing means for Africa’s digital future — thecable.ng
Daniel Zivica / European Commission AI Alliance (Futurium), The Glasswing Protocol: Industrial Implications for the Digital Omnibus — futurium.ec.europa.eu
HPCwire, Anthropic Unveils Project Glasswing as Claude Mythos Targets Software Vulnerabilities — hpcwire.com
Augment Code, The 2026 EU AI Act and AI-Generated Code: What Changes for Dev Teams — augmentcode.com