Category: Industry News & Commentary

Last refreshed: May 15, 2026

Two partnership and policy stories from the Anthropic desk that haven’t been covered here yet, both with meaningful implications for how Claude reaches enterprise users and how governments are thinking about AI security risk.

Part 1: Snowflake’s $200M Partnership — 12,600 Enterprise Customers as Distribution

In December 2025, Anthropic and Snowflake announced a multi-year, $200M partnership making Claude models available to Snowflake’s 12,600+ enterprise customers across all three major clouds. The partnership makes Claude the AI layer inside Snowflake’s data platform for a client base concentrated in financial services, healthcare, and life sciences — the three regulated verticals where Anthropic has been most deliberately building.

The specific products:

• Snowflake Intelligence — powered by Claude Sonnet 4.6, providing conversational data analysis directly within the Snowflake environment
• Snowflake Cortex AI Functions — supporting Claude Opus 4.5 and newer models for structured AI functions across the Snowflake data warehouse

Source: anthropic.com/news/snowflake-anthropic-expanded-partnership

The number that matters most here isn’t $200M — it’s 12,600. That’s the customer count Snowflake brings as a distribution channel. These are enterprise organizations that have already made a procurement decision to standardize on Snowflake for data infrastructure. Embedding Claude inside that infrastructure means Claude becomes the AI system those organizations reach for when they need to query, analyze, or reason about their own data — without requiring a separate AI platform procurement decision.

This is the distribution model that makes enterprise AI market share move: not direct sales to 12,600 enterprises, but a single partnership that makes Claude the default AI layer inside infrastructure those enterprises already use. Snowflake customers in financial services can run Claude-powered compliance analysis on their own Snowflake data. Healthcare organizations can run Claude-powered analysis on patient data that stays within their existing Snowflake security perimeter.

The regulated-industry focus is deliberate. Financial services, healthcare, and life sciences are the verticals where data governance requirements are strictest — and where the ability to run AI on your own data, within your own security perimeter, without moving that data to an external AI service, is the deciding factor in procurement. Snowflake’s existing data residency and compliance infrastructure makes that possible in a way that a direct Anthropic API call often doesn’t.

Part 2: India’s RBI Warning + The Glasswing Gap

In late April 2026, India’s Finance Ministry and Reserve Bank of India convened meetings on cybersecurity preparedness specifically referencing Claude Mythos risk. Finance Minister Nirmala Sitharaman met with bank executives at North Block to advise pre-emptive hardening. The RBI began consulting with global regulators. CERT-In, major telcos, and fintechs ran parallel risk assessments.

Source: Business Standard, April 27, 2026 — business-standard.com

The structural issue underneath the news: Project Glasswing — Anthropic’s defensive cybersecurity consortium that provides early access to Mythos for defensive purposes — named the following founding partners: AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, and Nvidia. Zero Indian firms. India is Anthropic’s second-largest market globally. Its government is actively warning its financial sector about Mythos risk. And no Indian organization is in the defender consortium that gets early access to the model and the defensive research that goes with it.

This is not a small gap. The Mozilla Firefox result (271 vulnerabilities in a month, including 20-year-old bugs) demonstrated what Mythos can do in a real production codebase. If that capability is available to offensive actors — or if non-partner organizations don’t have the same early visibility into what Mythos can find — organizations outside the Glasswing partner network are in a different risk position than those inside it.

The Tension This Creates

Anthropic’s distribution into India is accelerating. Cognizant deployed Claude across 350,000 employees. Razorpay built its Agent Studio on the Claude Agent SDK and wired UPI rails through Claude as an authorized payment agent with NPCI. Air India, CRED, and Swiggy are named enterprise customers. India is Anthropic’s second-largest market.

Meanwhile: India’s government is warning its financial sector about the offensive potential of Claude Mythos, no Indian firm is in the Glasswing defender consortium, and INR-denominated pricing (with 18% GST) makes the effective Pro subscription cost approximately ₹2,240/month for Indian users — a meaningful friction point for the market Anthropic is describing as its #2 global market.

The distribution is running faster than the partnership infrastructure is opening. Either Project Glasswing expands to include Indian financial institutions and cybersecurity organizations, or India builds its own parallel defensive capacity, or the gap becomes a structural political fact in Anthropic’s India relationship.

India’s government isn’t opposed to Claude. It’s actively adopting it across both public and private sector. The RBI/Finance Ministry meetings were framed as hardening preparation, not restriction. But the asymmetry — India as top-2 market, zero Indian firms in the defender consortium — is conspicuous enough that it will eventually require a response.

Frequently Asked Questions

What does the Snowflake-Anthropic partnership include?

A multi-year, $200M agreement announced December 2025, making Claude models available to Snowflake’s 12,600+ enterprise customers. Snowflake Intelligence launched powered by Claude Sonnet 4.6 for conversational data analysis (model at time of partnership announcement; verify current model with Snowflake). Snowflake Cortex AI Functions supports Opus 4.5 and newer models. The focus is regulated industries: financial services, healthcare, and life sciences.

What is Project Glasswing?

Project Glasswing is Anthropic’s invitation-only defensive cybersecurity program that provides early access to Claude Mythos Preview for organizations working to defend critical infrastructure. Named founding partners include AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, and Nvidia. Access is invitation-only with no self-serve sign-up. No Indian organizations are currently named as Glasswing partners.

Why is India’s government warning about Claude Mythos if India is Anthropic’s second-largest market?

The Indian government’s meetings (RBI, Finance Ministry, CERT-In) were framed as defensive preparation, not restriction. The concern is that Mythos-tier capability could be used offensively against Indian financial infrastructure — a legitimate risk that applies regardless of Anthropic’s commercial relationship with India. The tension is that organizations inside Project Glasswing get early access to defensive research while India’s financial sector, with no Glasswing presence, does not.

Last refreshed: May 15, 2026

Harvard’s Faculty of Arts and Sciences will provide Claude access to all affiliates — students, faculty, staff, and researchers — and will discontinue ChatGPT Edu after June 2026. Continuing ChatGPT Edu access will require “administrative and budgetary approval.” Harvard FAS also holds a Google Gemini institutional agreement. The story was reported by The Harvard Crimson on April 28, 2026.

This is the cleanest institutional AI platform switch yet on record. Harvard FAS covers roughly 20,000 affiliates. The administrative approval language around ChatGPT Edu continuation is the detail that tells you this isn’t additive — it’s a replacement.

What Actually Happened

Harvard FAS is not abandoning all AI tools. It’s rotating its primary institutional AI platform from ChatGPT Edu to Claude. The Gemini institutional agreement stays. What’s changing is which AI system gets the default institutional license, the frictionless path, the one that “just works” for every affiliate without requiring a separate approval process.

That framing matters. When an institution of Harvard FAS’s size structures access so that one platform requires administrative approval to continue while another is provided automatically to all affiliates, the default is the decision. The approval requirement for ChatGPT Edu isn’t a ban — it’s a friction tax that most users won’t bother to pay.

Why Institutions Switch AI Platforms

The Harvard Crimson’s reporting framed the switch as “platform rotation based on capability” — not a permanent commitment to any single AI provider. That framing is worth taking seriously. Academic institutions making technology decisions at this scale move deliberately, and the stated rationale (capability) suggests the evaluation was substantive.

The specific capabilities that tend to drive academic platform decisions:

• Long-form document handling: Claude’s 1M token context window (on Opus 4.7 and Sonnet 4.6) is directly useful for academic work — reading full papers, dissertations, and research datasets in a single session
• Research synthesis: Multi-document reasoning across large corpora without chunking
• Writing quality: Academic writing and editing assistance where tone and precision matter
• Institutional trust signals: Claude’s Constitutional AI approach and Anthropic’s safety positioning have become differentiators in institutional procurement conversations

We don’t have Harvard FAS’s internal evaluation criteria. What we know is that after running a ChatGPT Edu institutional agreement, they evaluated their options and chose to route default access to Claude.

What This Signals for Enterprise Platform Switching

Harvard FAS is a useful case study because academic institutions make AI procurement decisions in a way that resembles enterprise decisions more than consumer decisions: budget approval processes, IT security review, institutional liability considerations, and the need for a platform that works across a wildly diverse user base — from first-year undergraduates to Nobel laureates.

The platform switching question — “can our organization move from one AI platform to another?” — has been theoretical for most of the last two years. Harvard FAS running this switch makes it concrete. The institutional machinery for moving 20,000 users from one AI platform to another exists and has been executed.

For enterprise teams evaluating whether to consolidate on Claude or maintain a multi-platform approach: the Harvard FAS switch is evidence that the transition is operationally feasible at institutional scale, and that institutions with high capability and safety requirements are making this choice.

The Competitive Context

Claude now holds institutional agreements at major universities. ChatGPT Edu launched as OpenAI’s play for this exact market. The Harvard FAS switch doesn’t mean OpenAI is losing the education market — it means the competition for institutional default status is real and Claude is winning some of those decisions on capability grounds.

Anthropic’s enterprise market share, cited in its April 2026 Partner Network announcement, had grown from 24% to 40% since the Claude 4 generation launched. Harvard FAS is one data point in that trend.

Our Take

We track institutional AI adoption because it signals where the capability and trust thresholds are in the market. When an institution like Harvard FAS — which has the internal expertise to evaluate these platforms seriously — runs a full procurement process and routes its default institutional license to Claude, that’s a substantive signal about where the models stand.

The “administrative approval required to continue ChatGPT Edu” language is the tell. That’s not a ban. It’s the institutional equivalent of making one option the path of least resistance and the other a deliberate choice. For 20,000 people with actual work to do, the default wins.

Frequently Asked Questions

Did Harvard ban ChatGPT?

No. Harvard FAS is discontinuing its ChatGPT Edu institutional agreement after June 2026. Continuing access will require administrative and budgetary approval — meaning it’s available but no longer the frictionless default. Harvard FAS is also maintaining its Google Gemini institutional agreement. Claude is becoming the new institutional default, not an exclusive platform.

How many people does the Harvard FAS Claude agreement cover?

Harvard FAS covers all affiliates — students, faculty, staff, and researchers within the Faculty of Arts and Sciences. Exact affiliate count varies, but FAS is one of Harvard’s largest schools, covering undergraduate education and most of Harvard’s graduate programs in arts, sciences, and humanities.

Why did Harvard FAS switch from ChatGPT to Claude?

The Harvard Crimson reported the switch was framed as “platform rotation based on capability” — not a permanent commitment to any single provider. Anthropic hasn’t published the specific evaluation criteria Harvard FAS used. What’s on record is that after running a ChatGPT Edu institutional agreement, FAS evaluated its options and chose to route default access to Claude.

Does Harvard’s decision affect other universities?

Institutional decisions at the Harvard level typically influence procurement conversations at peer institutions — not through imitation but because evaluation committees at other universities use visible peer decisions as data points in their own capability and risk assessments. The Harvard FAS switch makes Claude a more credible institutional option for other universities running similar evaluations.

Last refreshed: May 15, 2026

Anthropic’s Code with Claude conference went global this spring. After the San Francisco event on May 6, London is next on May 19 — followed by Tokyo on June 10. Both are free to attend in person (applications closed; selected by lottery in April) or via livestream from anywhere in the world. If you’re a developer building on Claude and didn’t get an in-person seat, the livestream is worth blocking time for. Here’s what we know about both events and why the Tokyo date in particular is worth paying attention to.

What Code with Claude Is

Code with Claude is Anthropic’s annual developer conference — a full day of hands-on technical workshops, live capability demos, and 1:1 office hours with the engineers who build Claude. It’s structured specifically for developers and founders who are building with the API, not for people who want marketing keynotes. The SF event on May 6 featured three parallel tracks: Research (direct access to Anthropic researchers on current and future model capabilities), Claude Platform (production agent deployment on Anthropic infrastructure), and Claude Code (running Claude Code at scale — long-horizon tasks, multi-repo work, parallel agents).

Confirmed speakers across the series: Ami Vora (CPO at Anthropic), Boris Cherny (Head of Claude Code), and Angela Jiang (Product Lead for the Claude API and SDKs). Partner presentations from GitHub, Vercel, and Datadog were part of the SF agenda and are likely to carry into London and Tokyo.

The Extended day format — May 20 for London, June 11 for Tokyo — is a separate event focused on independent developers and early-stage founders: builder deep-dives, laptops-open workshops from Anthropic’s Applied AI team.

What Came Out of San Francisco (May 6)

London and Tokyo attendees will be walking in with context from what Anthropic announced in SF. The major developments from May 6:

• Managed Agents public beta: Multiagent Orchestration and Outcomes moved to public beta. Multiple SF sessions were dedicated to Managed Agents, including “Get to Production 10x Faster with Claude Managed Agents” and a hands-on “Build a Production-Ready Agent” workshop.
• Dreaming (developer preview): Agents that review and reorganize their own session history between runs. Harvey (legal AI) reported roughly a 6× task completion rate increase after implementing it.
• SpaceX compute expansion: Doubled rate limits for Pro, Max, Team, and Enterprise; 1,500% input token increase and 900% output token increase for Tier 1 API customers; peak-hours throttling eliminated for Pro and Max.
• Claude Code v2.1.133: Subagent skill discovery fix (was silently broken), worktree base ref control, effort-level hooks.

London and Tokyo events will likely build on these — demonstrating Managed Agents and Claude Code in production contexts with the partner companies that attended SF.

London — May 19, 2026

London is Anthropic’s first Code with Claude event in Europe. The practical significance: for developers building in European markets, this is the first opportunity to engage directly with Anthropic’s engineering team rather than attending via livestream from across the Atlantic.

For teams working in regulated European industries — financial services, healthcare, legal — the Claude Platform and Research tracks are the most relevant. Anthropic’s Finance Agents suite (Moody’s integration, financial analysis and compliance tooling) and Claude Security Beta are recent launches that will likely feature in the sessions, given the financial services concentration in London.

The London timezone (BST, UTC+1) makes the livestream accessible for much of Europe, Africa, and Middle East without the early-morning constraint that the SF event imposed. Register at claude.com/code-with-claude/london.

What to Watch For at London

• Enterprise deployment patterns — London’s enterprise tech community is distinct from SF’s startup-heavy audience
• EU AI Act compliance framing — Anthropic’s approach to regulated market deployment
• MCP ecosystem sessions — the Model Context Protocol is increasingly central to how Claude connects to enterprise data sources
• Any Claude Code enterprise adoption data — the JetBrains 2026 developer survey showed significant Claude Code growth year-over-year; London sessions may provide more context

Tokyo — June 10, 2026

The Tokyo date is the strategically interesting one. Anthropic chose Japan as its first Asia-Pacific Code with Claude location at a moment when it has already made several Japan-specific moves: the NEC enterprise partnership (April 2026) and active engagement with Japan’s developer community. This is Anthropic positioning before competitors have fully embedded in the Japanese enterprise AI market.

Japan’s enterprise AI adoption pattern is different from the US. Large enterprises dominate, procurement cycles are longer, and partnerships with established technology companies (like NEC) carry more weight than direct developer adoption alone. Tokyo’s Code with Claude is as much about signaling enterprise commitment as it is about developer community building.

The Tokyo event is also relevant to Southeast Asia broadly — developers across the Asia-Pacific region can attend via livestream at a timezone that doesn’t require a middle-of-the-night session.

What to Watch For at Tokyo

• NEC partnership details — the most concrete Japan enterprise deployment announced so far
• Asia-Pacific pricing or access updates — Anthropic’s pricing in USD creates friction in markets like India and Japan where USD conversion plus local taxes creates meaningful access barriers
• Localization and multilingual Claude capability demos — Claude’s multilingual support is strong on paper; Tokyo is where it gets demonstrated to an audience that can evaluate it critically
• Any announcement of a dedicated Japan or APAC infrastructure presence

How to Attend Remotely

Both events are fully livestreamed at no cost. The livestream covers all three conference tracks. Recordings are published to Anthropic’s YouTube channel (the “Code w/ Claude Developer Conference” playlist) within 7–10 days of each event. If you’re watching recorded sessions rather than live, the Claude Code track tends to have the highest density of immediately applicable technical content.

For the London event: sessions run BST (UTC+1). For Tokyo: JST (UTC+9). Anthropic hasn’t published detailed schedules for London or Tokyo publicly yet — check claude.com/code-with-claude for updates as each event approaches.

Our Take

We watched the SF event closely and tracked what came out of it. The Managed Agents announcements were the most developer-relevant; the SpaceX rate limit news was the most immediately practical for anyone hitting API ceilings. Both London and Tokyo will be building on that foundation with an audience that has had two more weeks to actually use what Anthropic shipped in SF.

The office hours format is underrated. Getting 30 minutes with Boris Cherny’s team on a specific Claude Code workflow problem is worth more than three conference talks. If you’re attending in person or have specific implementation questions, that’s the format to prioritize.

For us, Tokyo is the event to watch for signals about where Anthropic’s international enterprise push is actually headed. The NEC partnership gave them a credible anchor. Code with Claude Tokyo is where they build on it.

Frequently Asked Questions

Is Code with Claude London free to attend?

Yes. Both in-person attendance and virtual livestream are free. In-person applications closed in April with selection by lottery. Livestream registration remains open at claude.com/code-with-claude/london.

Will Code with Claude Tokyo sessions be recorded?

Yes. All sessions from all three cities are published to Anthropic’s YouTube channel within approximately 7–10 days of each event. The “Code w/ Claude Developer Conference” playlist on Anthropic’s YouTube channel is the official home for recordings.

What tracks are available at London and Tokyo?

Based on the SF event structure, three parallel tracks: Research (model capabilities and direction), Claude Platform (production agent deployment), and Claude Code (scaling Claude Code in real engineering workflows). Specific session details for London and Tokyo haven’t been fully published; check claude.com/code-with-claude for the agenda as each event approaches.

What is the Extended day format?

The Extended day (May 20 for London, June 11 for Tokyo) is a separate event focused specifically on independent developers and early-stage founders — builder stories, hands-on workshops from Anthropic’s Applied AI team, and a more informal format than the main conference day.

Is Code with Claude relevant if I’m not using Claude Code specifically?

Yes. The Claude Platform track covers Managed Agents, MCP integrations, and production deployment patterns that apply to any team using the Claude API — not just Claude Code users. The Research track covers model capabilities and roadmap direction relevant to anyone building on Claude.

Last refreshed: May 15, 2026

On May 7, 2026, Mozilla’s engineering team published the technical account of what happened when they ran Claude Mythos Preview against the Firefox codebase. The headline numbers — 271 vulnerabilities found, 423 total security bugs fixed in April — had already circulated. What the Mozilla Hacks post added was the methodology: how they actually built the pipeline, what Mythos found that human reviewers and fuzzers had missed for decades, and a candid account of what AI-assisted security research looks like in production.

This is that story, with the details that matter.

The Numbers in Context

Mozilla’s security team was fixing roughly 20 to 30 security bugs in Firefox per month throughout 2025. That number jumped to 423 in April 2026 — a roughly 20× increase in a single month. Of those 423 total fixes, 271 were attributed to Claude Mythos Preview. The remaining bugs came from external reports (41), other internal pipeline work using different models, and traditional fuzzing.

The 271 Mythos-found bugs broke down by severity as follows, from the Mozilla advisory:

• 180 rated sec-high — vulnerabilities triggerable with normal user behavior, like visiting a web page
• 80 rated sec-moderate — would be sec-high except they require unusual steps from the victim
• 11 rated sec-low — annoying but low harm risk (safe crashes, etc.)

Mozilla also directly credited 3 separate CVEs to Anthropic’s Frontier Red team (CVE-2026-6746, CVE-2026-6757, CVE-2026-6758) — bugs Anthropic had submitted to Mozilla a couple months prior, before the harness work began.

What Claude Mythos Found That Everything Else Missed

The most striking finding from Mozilla’s report isn’t the volume — it’s the age and complexity of what Mythos surfaced. Mozilla published a sample of the bug reports. Two entries stand out:

A 20-Year-Old XSLT Bug (Bug 2025977)

Mythos identified a bug in Firefox’s XSLT implementation where reentrant key() calls cause a hash table rehash that frees its backing store while a raw entry pointer is still in use. The bug had been sitting in the codebase for 20 years, undetected by fuzzing and manual review. Mozilla noted this was one of several sec-high issues involving XSLT they fixed in the same release.

A 15-Year-Old HTML Legend Element Bug (Bug 2024437)

Mythos triggered a bug in the <legend> element by orchestrating edge cases across distant parts of the browser — including recursion stack depth limits, expando properties, and cycle collection. The bug had existed for 15 years. Mozilla’s description of the finding: “meticulous orchestration of edge cases across distant parts of the browser.” This is the kind of bug that requires reasoning about how subsystems interact at a systems level — not pattern-matching on known vulnerability types.

Sandbox Escape Bugs That Human Reviewers Had Missed

Several of the 271 bugs were sandbox escapes — vulnerabilities that, when chained with other exploits, could allow an attacker to break out of Firefox’s sandboxed content process into the privileged parent process. Mozilla noted these are “notoriously difficult to find with fuzzing.” Mythos found multiple. It also attempted prototype pollution attacks on hardened subsystems — and found nothing exploitable there, confirming that Mozilla’s earlier architectural changes had worked.

How the Agentic Harness Actually Works

Mozilla’s engineers are explicit about the mechanism that changed everything: it’s not the model alone. It’s the combination of a capable model with an agentic harness that can generate and run reproducible test cases.

Earlier attempts at AI-assisted security review using GPT-4 and Claude Sonnet 3.5 produced too many false positives to be practical. The shift came when the harness could do something the earlier systems couldn’t: create a test case, run it, observe the result, and confirm whether the hypothesized bug was real before reporting it. Static analysis produces noise. An agent that can execute code to verify its findings produces signal.

The pipeline Mozilla built, in their own description:

1. Parallelized jobs run across multiple ephemeral VMs, each tasked with hunting bugs in a specific target file
2. Findings are written back to a central bucket
3. A discovery subsystem deduplicates against known issues, tracks bugs, triages them, classifies by severity, and manages patches through the release process
4. Over 100 engineers contributed code to get patches out the door

Mozilla started this pipeline with Claude Opus 4.6 on sandbox escape hunting. When Mythos became available, they swapped it in. Their assessment of the upgrade: “model upgrades increase the effectiveness of the entire pipeline: the system gets simultaneously better at finding potential bugs, creating proof-of-concept test cases to demonstrate them, and articulating their pathology and impact.”

What Mythos Couldn’t Break

Mozilla’s engineers made a point of documenting what Mythos tried and failed to do. Specifically: it repeatedly attempted prototype pollution attacks — a class of sandbox escape that human researchers had used successfully in the past — and was blocked by architectural changes Mozilla had made. The hardened subsystems held.

Mozilla’s take on this: “Observing such direct payoff from previous hardening work was even more rewarding than finding and fixing more bugs.” This is actually the more important message for security teams: defensive architecture works, and AI analysis now provides the empirical test of whether it does.

What This Means for the Software Security Ecosystem

Mozilla’s engineers closed their post with a direct recommendation: anyone building software can start using an agentic harness with a modern model today. Their advice on approach is practical — start with simple prompting, observe what the model produces, iterate. The inner loop they describe is: “there is a bug in this part of the code, please find it and build a testcase.”

The implications are real for any organization that maintains a codebase:

• The asymmetry is reversing. For years, offensive AI (cheap to prompt, cheap to deploy) had the advantage over defensive security (slow, expensive human review). An agentic harness that can verify its own findings changes that balance. Mozilla’s engineers describe the current moment as one where “defenders finally have a chance to win, decisively.”
• Old code is newly exposed. 15-year and 20-year-old bugs in a heavily-reviewed browser like Firefox suggests that large, mature codebases contain latent vulnerabilities that fuzzing and human review have consistently missed. If that’s true of Firefox, it’s true of most production software.
• The pipeline is the work. Mozilla’s engineers are clear that the model is a component, not the product. Building the triage, deduplication, patch management, and release integration around the model is what made this work at scale. The pipeline required significant iteration and tight feedback loops with the engineers who were fielding the bugs.

Claude Mythos Preview: Access and Context

Claude Mythos Preview is not a generally available model. It’s offered through Project Glasswing as an invitation-only research preview for defensive cybersecurity workflows, specifically for organizations working on critical infrastructure. Pricing from Anthropic’s docs: $25 input / $125 output per million tokens. Mozilla’s access was part of this program.

The generally available Claude models as of May 2026 (verified from Anthropic’s official documentation):

• Claude Opus 4.7 (claude-opus-4-7) — flagship, 1M context window
• Claude Sonnet 4.6 (claude-sonnet-4-6) — balanced speed/intelligence, 1M context window
• Claude Haiku 4.5 (claude-haiku-4-5-20251001) — fastest, 200K context window

Mozilla’s earlier pipeline work used Claude Opus 4.6 before Mythos was available and still found significant vulnerabilities. The pipeline architecture is available to any team; Mythos-tier capability is not.

Our Take

We’ve been tracking the Mythos story since the Project Glasswing announcement in April. The Mozilla post is the first time a production engineering team has published the full technical account of what AI-assisted security research looks like from the inside — not benchmarks, not Anthropic’s own claims, but Mozilla’s own engineers describing what they built, what it found, and what it couldn’t crack.

The 20-year-old XSLT bug is the one that cuts through the noise. Firefox is one of the most security-reviewed browser codebases in existence. Thousands of professional security researchers, internal teams, and academic researchers have looked at this code. An AI model running in an agentic harness found a two-decade-old bug with a reproducible test case in what Mozilla described as a pipeline that “required significant iteration.” That’s not a benchmark number — it’s a deployed result from a production security team.

The question for any organization that ships software is no longer whether this class of tooling will become standard. It’s how fast and whether your team will be ahead of or behind that curve when it does.

Frequently Asked Questions

What is Claude Mythos Preview?

Claude Mythos Preview is Anthropic’s most capable AI model, offered exclusively through Project Glasswing as an invitation-only research preview for defensive cybersecurity workflows. It’s not publicly available. Pricing is $25 per million input tokens and $125 per million output tokens. Mozilla, along with other critical infrastructure partners, received access as part of this program.

How many Firefox vulnerabilities did Claude Mythos find?

Claude Mythos Preview found 271 security vulnerabilities in Firefox that were fixed in Firefox 150 (April 21, 2026) and subsequent point releases. Of those, 180 were rated sec-high, 80 sec-moderate, and 11 sec-low. Total security bugs fixed across all of April 2026 was 423, including externally reported bugs and bugs found by other internal methods.

What is the agentic harness Mozilla built?

Mozilla built a custom pipeline on top of their existing fuzzing infrastructure. It runs model-powered agents in parallel across ephemeral VMs, each tasked with finding bugs in a specific file or subsystem. Agents generate reproducible proof-of-concept test cases to verify bugs before reporting them — eliminating the false positive problem that made earlier AI security review impractical. Findings are piped into a deduplication and triage system integrated with Mozilla’s normal patch management and release process.

Can other organizations use this approach?

Yes, with the publicly available models. Mozilla’s engineers explicitly recommend that any software team start using an agentic harness with a modern model now. You don’t need Mythos access to start — Claude Opus 4.7 and Sonnet 4.6 are publicly available via the Anthropic API. The pipeline architecture is the work; the model upgrade is a component swap.

What’s the difference between what Claude found and what fuzzing finds?

Traditional fuzzing generates random or semi-random inputs to trigger crashes. It’s effective at finding memory corruption bugs triggered by malformed data, but poor at finding bugs that require complex reasoning about how distant subsystems interact. The 15-year-old HTML legend element bug and 20-year-old XSLT bug that Mythos found both required reasoning about multi-subsystem interactions that fuzzing consistently missed. AI analysis and fuzzing are complementary; Mozilla runs both.