Anthropic AI: Thousands of Zero-Day Flaws Exposed

Anthropic, an artificial intelligence startup, said on April 8, 2026 that a new model called Claude Mythos Preview has detected thousands of zero-day vulnerabilities tied to critical infrastructure, a disclosure that has triggered a coordinated industry response.

 

The company said the findings led to the creation of Project Glasswing, a joint effort designed to address the newly identified weaknesses. Participants include major technology and cybersecurity firms, alongside financial and open-source stakeholders, reflecting how widely shared the underlying software foundations are across the global economy.

 

Anthropic said Project Glasswing brings together Nvidia, Amazon Web Services (AWS), Apple, Alphabet (Google), Broadcom, Microsoft, and Cisco. The initiative also includes cybersecurity companies CrowdStrike and Palo Alto Networks, as well as JPMorgan Chase and the Linux Foundation, according to the announcement.

 

Anthropic said the collaboration is intended to apply the model’s capabilities to defensive security work, with the stated goal of strengthening global infrastructure against potential AI-enabled attacks. The company framed the effort as a way to translate automated discovery into coordinated mitigation across vendors and ecosystems that underpin modern computing.

 

In describing the scope of the issues, Anthropic said Claude Mythos Preview found many high-severity vulnerabilities spanning “every major operating system and web browser.” The company listed operating systems including Microsoft Windows, Apple’s MacOS, Linux, Google’s Android, and Apple iOS, and browsers including Google Chrome, Apple Safari, and Microsoft Edge.

 

Because these platforms sit at the base of enterprise IT, consumer devices, and cloud services, the announcement highlights how security gaps in widely deployed software can have cross-border consequences. The participants named by Anthropic span chipmaking, cloud infrastructure, device ecosystems, and security operations, indicating that remediation would require coordination across multiple layers of the technology stack.

 

Key uncertainties remain from the information released. Anthropic did not specify where the vulnerabilities were found within critical infrastructure, how many have been validated by independent parties, or what timelines Project Glasswing will follow for fixes and disclosures, leaving open questions about sequencing and scope as the collaboration begins.