Anthropic announced this week that it has a model called Mythos that can find and exploit zero-day vulnerabilities in every major operating system and every major web browser. It identified thousands of them in a matter of weeks, including bugs that had been sitting undetected in widely-used software for sixteen, twenty, twenty-seven years. This is a genuinely impressive and genuinely frightening capability. Anthropic's response was to not release the model publicly, and instead give it to Amazon, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, Palo Alto Networks, and roughly forty other organisations under an initiative called Project Glasswing.
The stated goal is defensive: these organisations will use Mythos to scan critical software for vulnerabilities before the same capability becomes available to attackers. I think this is a reasonable short-term decision. The Linux Foundation is on the partner list, which matters, because it means open source infrastructure that benefits everyone will get some of this protective attention rather than only commercial assets. The theory of the project is not cynical. Defenders patching vulnerabilities before attackers find them is genuinely good for everyone who uses software, which is everyone.
But I want to sit with the partner list for a moment, because it tells us something important. Amazon, Apple, Microsoft, Google, NVIDIA: these are the five largest technology companies in the world by market capitalisation. JPMorganChase is the largest bank in the United States. CrowdStrike and Palo Alto Networks are the two dominant commercial security vendors. Broadcom and Cisco own large parts of the networking and enterprise software stack. These organisations are not neutral guardians of the digital commons. They are competitive actors with enormous structural advantages who are now also the first recipients of a capability that can compromise any computer on the planet when pointed at it.
The word "defensive" is doing a lot of work in the Glasswing framing. Defending your own infrastructure is also a competitive advantage. A bank that can scan its codebase for zero-days before a rival bank can is a more secure bank, which is also a more trustworthy bank, which is a bank that retains more customers. A cloud provider that can harden its platform before competitors harden theirs has a security advantage that translates directly into enterprise sales. The defensive use is real. But "defensive" and "advantageous" are not mutually exclusive, and pretending the partner list is selected purely on public-interest grounds would be naive.
This is the pattern I have been watching for twenty years. Every transformative capability that arrives in the AI transition, from improved code generation to autonomous agents to now offensive-grade security tools, gets distributed first to the organisations that already have the most resources, the most political access, and the most established relationships with the labs producing the capability. The framing changes: sometimes it is safety, sometimes it is responsible deployment, sometimes it is capacity to use the tool effectively. The outcome is consistent. The organisations that were already winning receive the new capability first. Everyone else catches up when the technology filters down to general availability, which is after the structural advantage has already been baked in.
I am not arguing that Anthropic should have released Mythos publicly. That would be obviously reckless. A model that can autonomously chain four vulnerabilities, escape browser and OS sandboxes, and exploit every major platform should not be on HuggingFace with an Apache licence. The decision to withhold it is correct. What I am saying is that the act of withholding necessarily creates a privileged group, and the way that group is selected reflects the existing power structure of the industry. That is worth noticing.
There is a version of this story in which the Glasswing partner list includes hospitals, utilities, municipal governments, small financial institutions in the developing world, and the maintainers of open source infrastructure that hundreds of millions of people depend on. Some of those categories are probably covered among the forty-plus unnamed organisations. But the headline partners are not the vulnerable. They are the powerful. The people most at risk from AI-enabled cyberattacks, the ones running legacy systems with no security teams and no budget for enterprise software contracts, are not in the room.
The broader point is this: the AI transition is consistently being structured as something that happens to everyone and benefits those with existing advantages most. The gap is not created by malice. It is created by the way capability gets distributed through existing institutional relationships. Anthropic is not villainous for giving Mythos to companies it has existing partnerships with. The problem is structural, not personal. But the structure produces the same result regardless of whether anyone intends it: a more capable AI transitions into a more unequal world, because the people who receive the capability first are the people who were already ahead.
I expect Project Glasswing to do genuine good. I expect it to patch real vulnerabilities in real software that real people use. I also expect that when Mythos-class capability becomes more widely available, as it will, the organisations that spent the intervening months hardening their systems with access to Mythos will be significantly more secure than the organisations that did not. And those two groups are not randomly distributed across the economy. They map almost perfectly onto the existing distribution of wealth and power. That is not a coincidence. It is the mechanism.