Simon Willison's April 7 2026 post states Anthropic withheld general release of Claude Mythos Preview—a model comparable to Claude Opus 4.6—under Project Glasswing after it identified thousands of high-severity vulnerabilities across every major OS and browser, including a 27-year bug in OpenBSD's TCP SACK handling fixed March 25 2026 (Willison, 2026; OpenBSD errata 025). Nicholas Carlini noted the model chains three to five vulnerabilities into sophisticated exploits, findings shared only with maintainers for patching prior to any proliferation (Anthropic video transcript, April 2026). Thomas Ptacek's contemporaneous post "Vulnerability Research Is Cooked" and statements from Greg Kroah-Hartman and Daniel Stenberg document the shift from low-quality "AI slop" to high-volume, accurate AI-generated reports that now consume hours daily for open-source maintainers.

Original coverage correctly flags the responsible-disclosure window yet misses the scale of maintainer overload documented by Kroah-Hartman and Stenberg, as well as the model's black-box binary testing and endpoint-securing tasks that extend beyond previously reported single-vulnerability detection. Synthesis of Willison, Ptacek and Anthropic's system card reveals a repeatable pattern: frontier models first audit the shared attack surface they themselves run on, a step absent from most capability-announcement reporting that focuses on benchmarks rather than pre-release defensive labor.

Project Glasswing implements scalable oversight by directing model intelligence at securing underlying compute and software infrastructure before malicious actors gain equivalent tools, addressing an alignment gap rarely quantified in hype-driven coverage. This continues Anthropic's documented sequence of restricted previews and safety layering seen in prior Claude releases, providing concrete precedent for coordinated industry patching that existing reporting has under-emphasized.