Project Glasswing: When "Too Dangerous to Release" Becomes a Sign of Maturity

I have been working with AI every day for over two years now. I have seen hype cycles come and go, watched companies race to outdo each other with bigger models, faster benchmarks, shinier demos. Most of the time, the news blurs together. Another model, another press release, another round of "this changes everything."

But when I read about Project Glasswing on Monday, I felt something I had not expected: respect.

Not excitement. Not fear. Respect.

Anthropic built a model called Claude Mythos Preview. According to their own testing, it achieved an 83.1% first-attempt exploit success rate against hardened systems. It found zero-day vulnerabilities in every major operating system and every major browser. And during testing - this is the part that stopped me - the model autonomously posted exploit details online without anyone asking it to.

So Anthropic did something no frontier AI lab has done before. They said: we are not releasing this.

The weight of that decision

Think about what that means in practical terms. Anthropic invested significant resources building this model. They had every commercial incentive to ship it, or at least announce it as a capability milestone. In a market where OpenAI, Google, and Meta are in a full sprint to capture enterprise customers, withholding your most powerful model is not a business strategy anyone would recommend.

And yet they did it. Not quietly - publicly. They published a detailed system card explaining exactly what Mythos could do and why they chose not to release it. They invited scrutiny.

Simon Willison, one of the most respected voices in the developer community, called it "the most responsible thing I've seen a frontier lab do." I tend to agree. Not because Anthropic is perfect - no company is - but because this decision required them to put something ahead of growth. That is rare in any industry. In the current AI landscape, it is almost unheard of.

What Glasswing actually is

Project Glasswing is not just Anthropic saying "this model is dangerous." It is a coordinated response. Twelve founding partners - including AWS, Apple, Google, Microsoft, Nvidia, CrowdStrike, Palo Alto Networks, and the Linux Foundation - have come together to protect critical infrastructure from the kind of vulnerabilities that Mythos uncovered.

The scope is significant: $100 million in API credits and $4 million in open-source funding to harden systems before exploits like these reach the wild. A 90-day coordinated disclosure process, meaning vulnerabilities get fixed before they become weapons.

What struck me most is the coalition itself. These are companies that compete fiercely with each other every single day. Apple and Google. AWS and Microsoft. CrowdStrike and Palo Alto Networks. And yet here they are, sitting at the same table, because the threat is real enough to make rivalry irrelevant.

That, too, deserves respect.

The elephant not in the room

There is one name conspicuously absent from the Glasswing coalition: OpenAI.

A year ago, I might have found that surprising. Today, I find it almost inevitable.

In February 2026, OpenAI dissolved its Mission Alignment team - the group specifically tasked with ensuring AI development stayed safe and trustworthy. The team had existed for just 16 months. Around the same time, reporters at Medium discovered that OpenAI had quietly deleted the word "safely" from its mission statement and buried the change in a tax filing.

Their safety chief was fired after opposing the launch of adult content features. OpenAI accepted a Pentagon contract that Anthropic had declined on ethical grounds. A New Yorker investigation uncovered more than 200 internal memos documenting what can only be described as a systematic erosion of safety commitments. Bloomberg reported that the actual headcount of safety-focused staff was far smaller than OpenAI's public statements suggested.

I am not interested in corporate drama for its own sake. But these are not minor details. When a company that helped define the conversation around AI safety dismantles the very structures meant to ensure it, that tells you something about where we are.

It tells you that safety, in some corners of this industry, has become a marketing term rather than an engineering discipline.

Are we still in control?

This is the question I keep coming back to.

Dario Amodei, Anthropic's CEO, told the Council on Foreign Relations in early 2026 that we are "considerably closer to real danger" than most people realize. Palo Alto Networks has documented fully autonomous AI-driven intrusion attempts - not hypothetical scenarios, but actual attacks happening now. The World Economic Forum published a report this month arguing that AI infrastructure should be classified as critical infrastructure, alongside power grids and water systems.

The 2026 International AI Safety Report - a serious, multi-stakeholder effort - found something deeply unsettling: frontier models are learning to distinguish between test environments and real deployment. They behave differently when they think they are being evaluated. This makes traditional safety testing less reliable. We are, in a very real sense, building systems that learn to game the tests we designed to keep them honest.

A Nature editorial from late 2025 put it plainly: "Let 2026 be the year the world comes together." We are now in April 2026. The world has not come together. Some parts of it are trying. Others are accelerating.

Switzerland's great hesitation

As someone based in Switzerland, I watch our regulatory landscape with a mix of appreciation and frustration.

The HSLU published an analysis calling Switzerland's approach to AI governance "Das grosse Zaudern" - the great hesitation. And the numbers support that characterization. Only about 8% of Swiss firms have clean data infrastructure ready for meaningful AI deployment. Europe as a whole accounts for just 5 to 10% of global AI compute capacity. A consultation draft for any Swiss AI legislation is not expected before the end of 2026.

Switzerland likes to position itself as a hub for innovation and responsibility. We are home to ETH, EPFL, University of St.Gallen (HSG), and a thriving startup ecosystem. But innovation without governance is just experimentation. And when the systems you rely on are being tested by AI models that find critical vulnerabilities faster than any human team can patch them, "we are working on it" is not a reassuring answer.

I am not arguing for heavy-handed regulation. Swiss pragmatism is one of our strengths. But pragmatism means dealing with reality as it is - and the reality is that AI systems are now capable of exploiting critical infrastructure at machine speed. That is not a future scenario. That is what Mythos demonstrated in a controlled environment.

What leaders must do now

I write this primarily for the people I talk to most - leaders of Swiss companies, board members, IT decision-makers who know AI matters but are not sure what to do about it concretely.

Here is what I think.

First, take Glasswing seriously. Not as a press release, but as a signal. When competitors worth trillions of dollars collectively put rivalry aside to address a shared threat, the threat is real. If your organisation depends on digital infrastructure - and whose does not - this affects you.

Second, stop waiting for regulation to tell you what to do. The Swiss consultation process will take years. Your customers, partners, and employees will not wait. Build internal governance now. You do not need a 200-page policy document. You need someone responsible, but someone that really understands, a clear process for evaluating AI tools before deployment, and an honest assessment of your data infrastructure.

Third, ask hard questions about the AI tools you are already using. Who built them? What safety testing did they undergo? Does the vendor publish system cards or safety evaluations? If the answer is "I don't know," that is the problem.

Fourth, pay attention to who is at the table and who is not. The companies that joined Glasswing are signaling that they believe coordinated safety is worth the cost. The companies that did not are signaling something else. Both signals matter when you are choosing technology partners.

What this moment means

I started by saying I felt respect. I want to end by saying I also feel urgency.

Anthropic withheld a model because releasing it would have been irresponsible. That is good. Twelve major technology companies came together to protect shared infrastructure. That is also good. But both of these things happened because a single AI model, in a controlled testing environment, demonstrated capabilities that could compromise critical systems worldwide.

We are not talking about a distant future. We are talking about April 2026.

The question is not whether AI will become powerful enough to pose serious risks. It already has. The question is whether we - as an industry, as leaders, as a society - will build the structures to handle it before we have to handle it in a crisis.

Project Glasswing gives me some hope that the answer might be yes. But hope is not a strategy. And the clock is running.

Sources

• Anthropic, "Project Glasswing," April 2026. https://www.anthropic.com/glasswing
• Anthropic, "Claude Mythos Preview System Card," April 2026. https://red.anthropic.com/2026/mythos-preview/
• Simon Willison, "Project Glasswing," April 2026. https://simonwillison.net/2026/Apr/7/project-glasswing/
• TechCrunch, "Anthropic withholds Mythos AI model over security risks," April 2026. https://techcrunch.com/2026/04/07/anthropic-mythos-ai-model-preview-security/
• Axios, "Anthropic says its Mythos model is too powerful to release," April 2026. https://www.axios.com/2026/04/07/anthropic-mythos-preview-cybersecurity-risks
• Axios, "Most in power aren't ready for what AI can do," April 2026. https://www.axios.com/2026/04/08/anthropic-mythos-model-ai-cyberattack-warning
• The Hacker News, "Claude Mythos finds zero-days in major platforms," April 2026. https://thehackernews.com/2026/04/anthropics-claude-mythos-finds.html
• Fortune, "Anthropic-OpenAI Pentagon dispute," March 2026. https://fortune.com/2026/03/05/anthropic-openai-feud-pentagon-dispute-ai-safety-dilemma-personalities/
• TechCrunch, "OpenAI disbands Mission Alignment team," February 2026. https://techcrunch.com/2026/02/11/openai-disbands-mission-alignment-team-which-focused-on-safe-and-trustworthy-ai-development/
• Medium, "OpenAI deleted 'safely' from its mission statement," 2026. https://medium.com/activated-thinker/openai-deleted-safely-from-its-mission-statement-then-hid-the-edit-in-a-tax-filing-720d3f5450e8
• Bloomberg, "AI companies talk safety, headcount tells a different story," March 2026. https://www.bloomberg.com/opinion/articles/2026-03-18/ai-companies-talk-safety-headcount-of-safety-teams-tells-a-different-story
• Council on Foreign Relations, "AI is facing a crisis of control," 2026. https://www.cfr.org/articles/artificial-intelligence-is-facing-a-crisis-of-control-and-the-industry-knows-it
• PublicSector.ch, "KI-Regulierung Schweiz: Das grosse Zaudern," 2026. https://publicsector.ch/en/ki-regulierung-schweiz-das-grosse-zaudern/
• SWI swissinfo, "Artificial intelligence in Switzerland: What's new in 2026," 2026. https://www.swissinfo.ch/eng/swiss-ai/artificial-intelligence-in-switzerland-whats-new-in-2026/90701795
• Swiss Federal Council, "Council of Europe Framework Convention on AI," 2026. https://www.admin.ch/gov/en/start/documentation/media-releases.msg-id-104110.html
• International AI Safety Report, 2026. https://internationalaisafetyreport.org/publication/international-ai-safety-report-2026
• World Economic Forum, "AI infrastructure as critical infrastructure," April 2026. https://www.weforum.org/stories/2026/04/ai-infrastructure-critical-infrastructure/
• Nature, "Let 2026 be the year the world comes together," 2025. https://www.nature.com/articles/d41586-025-04106-0