Buy Crypto- Markets
Futures- Spot
- Copy Trade
- Earn
- More
Afraid to Open the Pandora's Box? Anthropic's Most Powerful Model Ever Dares Not Be Disclosed
OpenBSD's codebase has a 27-year-old vulnerability. There is a 16-year-old vulnerability in FFmpeg, with that code segment being invoked over 5 million times before being discovered. The entities that unearthed these two things were not top researchers on any bug bounty platform, nor Google Project Zero. It was Anthropic, a model not yet publicly released, codenamed Claude Mythos Preview.
On April 7, Anthropic announced Project Glasswing. The action itself was simple: sharing Mythos Preview with a whitelist. The list included AWS, Apple, Google, Microsoft, NVIDIA, Broadcom, Cisco, CrowdStrike, JPMorgan Chase, Linux Foundation, Palo Alto Networks, along with about 40 institutions responsible for critical infrastructure. Those not on the list could not access it. Anthropic explicitly stated that they do not plan to publicly release this model in the near term.
This is the first time the cutting-edge laboratory has proactively locked up its strongest asset.
Over the past two years, the release rhythm has been almost reflexive. Every generational leap of GPT, Gemini, and Claude followed a pattern of "release, observe, patch." Anthropic's own "Responsible Scaling Policy" (RSP) is essentially a commitment framework: reach a certain capability threshold, implement corresponding mitigation measures, and then continue to release. Glasswing is not the next step in this framework but the first exception. A model that Anthropic itself has deemed "unsuitable for release as per the original process" has been singled out and given only to the guardians.
What has Mythos Preview achieved? The official statement mentions "thousands of zero-day vulnerabilities, covering every mainstream operating system and browser." More illustrative than the numbers is the breadth of capability. Claude 4.6 Opus had a success rate close to zero in tasks like independent vulnerability discovery. In other words, just six months ago, Anthropic's strongest public model couldn't do this at all. Mythos can string together multiple unrelated vulnerabilities into a complete attack chain, with a four-step browser exploit being a proven example. Moving from "almost zero" to a "four-vulnerability chain" is not an incremental generational advancement but a leap.
The maintainers have already felt it. Both Greg Kroah-Hartman of the Linux kernel and Daniel Stenberg, the author of curl, have recently stated the same thing: over the past year, AI-generated security reports have transitioned from "spam-level" to "real, high-quality, must-see" content. The number of reports received by open-source projects is increasing, as is their quality, while the manpower of maintainers remains the same. This is something the defense side has long been struggling with. Anthropic's actions have simply brought this issue from vague anxiety to the forefront.
It's worth taking a look at the whitelist itself. The list includes the three major clouds (AWS, Google, Microsoft), three hardware companies (Apple, NVIDIA, Broadcom), two networking equipment manufacturers (Cisco, Palo Alto Networks), one endpoint security company (CrowdStrike), one open-source infrastructure organization (Linux Foundation), and one bank. There is only one bank on the list, which is JPMorgan Chase.
This is not a random allocation of slots. Anthropic has drawn a map of "if these fall, the sky will fall." The vast majority of the world's code runs on the stack of these companies, and the vast majority of the world's money runs through one of them. The logic behind the whitelist is not "who needs it most" but "whose fall will most immediately affect everyone." Outside the list, Anthropic has allocated an additional $4 million to open-source security organizations. The money provides manpower, the model provides capability, and together they sum up to one thing: giving maintainers a few months.
Anthropic's own wording is more direct than the whitelist. In its statement, the company writes, "Given the pace of AI development, this kind of capability will not remain in the hands of those dedicated to security deployment in the long term." Following that is a line stating, "Defending the global network infrastructure may take several years."
Putting these two sentences together, Anthropic concludes that the window of time before the model leaks or is replicated is short, while the window of time for defenders to patch vulnerabilities is long. The whole point of Glasswing lies between these two time disparities. With a controlled first move, they exchange a few months to a year of patching time.
There is also a Washington dimension to this matter. Anthropic is engaging in ongoing discussions with the U.S. government regarding the capabilities of Mythos Preview. At the same time, the company has an unresolved dispute with the U.S. Department of Defense concerning the scope of military AI usage. On one hand, the company refuses to use the model for certain military purposes, while on the other hand, it proactively shares this model with the Linux Foundation and Apple's security team. These two actions are not contradictory but are two sides of the same judgment. Anthropic is defining "what this model can be used for" rather than leaving that definition to the users.
The most unusual thing about Glasswing is not what it did, but when it did it. In the past, AI companies proved themselves through releases. Now, Anthropic chooses to prove itself through "non-release." A cutting-edge lab actively locks away its most powerful product, not because of commercial reasons, not because the alignment isn't done, not because of regulatory requirements, but because it has calculated that the open timetable can't keep up with the fix timetable.
What to watch in the coming months is not the Mythos Preview itself, but how many vulnerabilities are patched up from the 50 or so institutions in the whitelist that ran it. The next thing to watch is whether other cutting-edge labs will follow suit. If they do, an industry that operates on an "open, iterative, open" rhythm will have seen its first "lock it up and then we'll see" move. If they don't, Anthropic will be the one standing at the door. Holding the key, watching the clock.
You may also like
Consumer-grade Crypto Global Survey: Users, Revenue, and Track Distribution
Prediction Markets Under Bias
Stolen: $290 million, Three Parties Refusing to Acknowledge, Who Should Foot the Bill for the KelpDAO Incident Resolution?
ASTEROID Pumped 10,000x in Three Days, Is Meme Season Back on Ethereum?
ChainCatcher Hong Kong Themed Forum Highlights: Decoding the Growth Engine Under the Integration of Crypto Assets and Smart Economy
Why can this institution still grow by 150% when the scale of leading crypto VCs has shrunk significantly?
Anthropic's $1 trillion, compared to DeepSeek's $100 billion
Geopolitical Risk Persists, Is Bitcoin Becoming a Key Barometer?
Annualized 11.5%, Wall Street Buzzing: Is MicroStrategy's STRC Bitcoin's Savior or Destroyer?
An Obscure Open Source AI Tool Alerted on Kelp DAO's $292 million Bug 12 Days Ago
Mixin has launched USTD-margined perpetual contracts, bringing derivative trading into the chat scene.
The privacy-focused crypto wallet Mixin announced today the launch of its U-based perpetual contract (a derivative priced in USDT). Unlike traditional exchanges, Mixin has taken a new approach by "liberating" derivative trading from isolated matching engines and embedding it into the instant messaging environment.
Users can directly open positions within the app with leverage of up to 200x, while sharing positions, discussing strategies, and copy trading within private communities. Trading, social interaction, and asset management are integrated into the same interface.
Based on its non-custodial architecture, Mixin has eliminated friction from the traditional onboarding process, allowing users to participate in perpetual contract trading without identity verification.
The trading process has been streamlined into five steps:
· Choose the trading asset
· Select long or short
· Input position size and leverage
· Confirm order details
· Confirm and open the position
The interface provides real-time visualization of price, position, and profit and loss (PnL), allowing users to complete trades without switching between multiple modules.
Mixin has directly integrated social features into the derivative trading environment. Users can create private trading communities and interact around real-time positions:
· End-to-end encrypted private groups supporting up to 1024 members
· End-to-end encrypted voice communication
· One-click position sharing
· One-click trade copying
On the execution side, Mixin aggregates liquidity from multiple sources and accesses decentralized protocol and external market liquidity through a unified trading interface.
By combining social interaction with trade execution, Mixin enables users to collaborate, share, and execute trading strategies instantly within the same environment.
Mixin has also introduced a referral incentive system based on trading behavior:
· Users can join with an invite code
· Up to 60% of trading fees as referral rewards
· Incentive mechanism designed for long-term, sustainable earnings
This model aims to drive user-driven network expansion and organic growth.
Mixin's derivative transactions are built on top of its existing self-custody wallet infrastructure, with core features including:
· Separation of transaction account and asset storage
· User full control over assets
· Platform does not custody user funds
· Built-in privacy mechanisms to reduce data exposure
The system aims to strike a balance between transaction efficiency, asset security, and privacy protection.
Against the background of perpetual contracts becoming a mainstream trading tool, Mixin is exploring a different development direction by lowering barriers, enhancing social and privacy attributes.
The platform does not only view transactions as execution actions but positions them as a networked activity: transactions have social attributes, strategies can be shared, and relationships between individuals also become part of the financial system.
Mixin's design is based on a user-initiated, user-controlled model. The platform neither custodies assets nor executes transactions on behalf of users.
This model aligns with a statement issued by the U.S. Securities and Exchange Commission (SEC) on April 13, 2026, titled "Staff Statement on Whether Partial User Interface Used in Preparing Cryptocurrency Securities Transactions May Require Broker-Dealer Registration."
The statement indicates that, under the premise where transactions are entirely initiated and controlled by users, non-custodial service providers that offer neutral interfaces may not need to register as broker-dealers or exchanges.
Mixin is a decentralized, self-custodial privacy wallet designed to provide secure and efficient digital asset management services.
Its core capabilities include:
· Aggregation: integrating multi-chain assets and routing between different transaction paths to simplify user operations
· High liquidity access: connecting to various liquidity sources, including decentralized protocols and external markets
· Decentralization: achieving full user control over assets without relying on custodial intermediaries
· Privacy protection: safeguarding assets and data through MPC, CryptoNote, and end-to-end encrypted communication
Mixin has been in operation for over 8 years, supporting over 40 blockchains and more than 10,000 assets, with a global user base exceeding 10 million and an on-chain self-custodied asset scale of over $1 billion.
$600 million stolen in 20 days, ushering in the era of AI hackers in the crypto world
Vitalik's 2026 Hong Kong Web3 Summit Speech: Ethereum's Ultimate Vision as the "World Computer" and Future Roadmap
On the same day Aave introduced rsETH, why did Spark decide to exit?
Full Post-Mortem of the KelpDAO Incident: Why Did Aave, Which Was Not Compromised, End Up in Crisis Situation?
After a $290 million DeFi liquidation, is the security promise still there?
ZachXBT's post ignites RAVE nearing zero, what is the truth behind the insider control?
App