On April 7, 2026, Anthropic did something unusual for an AI company: it announced a new model and simultaneously decided not to release it. Claude Mythos Preview, the company’s most capable model to date, was instead distributed through a tightly controlled program called Project Glasswing, accessible to roughly 50 organizations worldwide. The list reads like a registry of the companies that define global technology infrastructure: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks as launch partners, alongside over 40 additional organizations building or maintaining critical software.

The reason for the restriction was not commercial caution or regulatory pressure. Anthropic made clear that Mythos had, during internal testing, demonstrated the ability to autonomously identify and exploit zero-day vulnerabilities across every major operating system and every major web browser. Some of the vulnerabilities it uncovered had been dormant for decades: a 27-year-old flaw in OpenBSD, a 17-year-old remote code execution vulnerability in FreeBSD (CVE-2026-4747), a 16-year-old bug in FFmpeg. The model did not just flag these weaknesses. It wrote working exploits for them, chaining multiple vulnerabilities together without human intervention after an initial prompt. Logan Graham, who leads offensive cyber research at Anthropic, told Axios that the model’s autonomy and its ability to combine multiple vulnerabilities into a single attack chain represented something qualitatively different from what earlier models could do.

India was not in the room when this decision was made. No Indian company received access under Project Glasswing, either as a named launch partner or as part of the broader cohort of 40-plus organizations. That single fact carries consequences that are still unfolding, and they are consequences that affect not just India’s technology sector but the security posture of every institution that relies on Indian-managed software infrastructure.

To understand why access matters, it helps to be precise about what Mythos Preview is capable of. Security researchers and CISOs are accustomed to tools that assist with vulnerability scanning. What Mythos does is different in kind, not just degree. The model can be instructed to find bugs, and it will work through complex codebases, reason about the interactions between components, identify flaws that have never been catalogued, and then write code to exploit them. Anthropic’s own red team tested this against a list of 100 known memory corruption vulnerabilities in the Linux kernel. Mythos selected 40 as potentially exploitable and successfully produced working privilege escalation exploits for more than half of them, fully autonomously.

In its own scanning work prior to the Glasswing launch, Anthropic used Mythos to find thousands of zero-day vulnerabilities, described in its published documentation as critical severity across major operating systems and browsers. The model has a one-million-token context window, which means it can hold and reason across vast amounts of source code simultaneously. For defenders, this is an instrument capable of scanning at a pace and scale that has no meaningful human equivalent. For attackers, it is the same instrument.

There is, however, an uncomfortable asymmetry built into Anthropic’s framing. Defenders gain visibility into vulnerabilities; they do not automatically gain remediation speed. Meanwhile, the model itself was accessed without authorization on the same day Glasswing was announced. According to Bloomberg’s reporting, a group of users communicating through a private Discord channel guessed the model’s API endpoint URL using familiarity with Anthropic’s URL naming conventions, a method aided by a prior data leak at Mercor, a recruiting platform, and by active contractor credentials held by one member of the group. The access was through a third-party vendor environment, not Anthropic’s core systems. That breach was confirmed by Anthropic, which said it was investigating the incident. It demonstrated that the window between “restricted” and “effectively public” is narrower than the architecture of Project Glasswing assumed.

India’s exclusion from Project Glasswing became a matter of public record in the final week of April 2026, when Finance Minister Nirmala Sitharaman confirmed at an industry event that the Ministry of Electronics and Information Technology was in active discussions with the US administration, with Anthropic, and with companies already testing the model. Her comment, widely reported, captured the stakes with unusual directness: “The cyber challenge we have because of Mythos is going to be a big one.”

The government’s response has run along two tracks simultaneously. On one track, it is negotiating for access. MeitY Secretary S. Krishnan confirmed on April 28 that discussions are underway to work out the logistics of including Indian entities. Nasscom, India’s primary IT industry body, wrote separately to Anthropic making the case that Indian firms maintain critical code used by organizations worldwide, and that their exclusion from early access creates a systemic vulnerability that is not limited to Indian systems. The RBI is reported to be consulting with the US Federal Reserve and the Bank of England. The National Payments Corporation of India is separately exploring whether it can gain access to identify zero-day vulnerabilities in payment infrastructure.

On the other track, the government is preparing for the scenario in which negotiations move slowly or produce partial results. Sitharaman and IT Minister Ashwini Vaishnaw jointly chaired a meeting with senior officials from banks, the RBI, MeitY, the NPCI, and the Department of Financial Services to assess Mythos-related risk to financial infrastructure. CERT-In and the National Critical Information Infrastructure Protection Centre have been directed to strengthen defenses around power grids, telecom networks, and banking systems. Indian banks have been asked to report suspicious incidents promptly and to coordinate with specialized cybersecurity agencies. The urgency in the official’s framing of these preparations was stark: “The government needs to build its capacity as of yesterday.”

Nasscom’s letter to Anthropic was not a routine lobbying communication. It articulated a risk argument that the company’s own published framing makes difficult to dismiss. Indian IT-BPM companies generated approximately $254 billion in revenue in FY2024, of which roughly $199 billion was export revenue (excluding hardware). The sector employs over five million people and operates as the maintenance and development layer for a significant portion of enterprise software running in the United States, Europe, and the Asia-Pacific region. TCS, Infosys, Wipro, HCLTech, and their ecosystem of mid-tier and specialist firms do not just write new software for global clients. They maintain the legacy code that keeps banks, insurers, airlines, healthcare systems, and government agencies operational.

This is the structural problem that Nasscom’s letter pointed toward. If Mythos-class AI can autonomously find vulnerabilities in that legacy codebase, the attack surface is not an Indian problem in any narrow sense. A vulnerability in code maintained by an Indian IT firm for a US bank is a vulnerability in that bank. The cascading risk runs through the global supply chain of software maintenance, and India sits at the center of that supply chain. Nasscom’s framing, as reported by multiple outlets, was that as AI systems evolve to autonomously chain vulnerabilities across platforms, the potential for cross-border cascading incidents becomes significantly higher. That is not a political argument for preferential access. It is an engineering argument about how interdependent systems fail.

The geopolitical framing that Anthropic itself has employed complicates India’s case while also clarifying why the exclusion occurred. Anthropic briefed senior US government officials on Mythos’s capabilities, framing the model as part of why “the US and its allies must maintain a decisive lead in AI technology.” That language positions access to Mythos as a function of alliance politics, not commercial relationships or technical merit. India is a partner of the United States on a range of strategic matters, including through the Quad framework, but it is not a formal treaty ally. The initial Glasswing cohort appears to reflect that distinction precisely.

Security leaders in Indian enterprises face an immediate operational question that cannot wait for diplomatic negotiations to conclude. The question is not whether Mythos-class capabilities will become broadly available. The consensus among security analysts is that they will, within months. The question is what an enterprise can do now, during the window of restricted access, to reduce its exposure.

The most actionable near-term guidance from analysts cited in this reporting is to monitor the patch releases from companies that are inside the Glasswing program. Cisco, Palo Alto Networks, and CrowdStrike are all Glasswing participants with direct relationships with Indian enterprise security buyers. When those companies release patches, they will be addressing vulnerabilities that Mythos has already found. Deploying those patches immediately, rather than following a standard monthly or quarterly cycle, is the closest available proxy for having access to the model’s findings. The gap between patch release and enterprise deployment has historically been one of the primary vectors for successful attacks; that gap becomes more dangerous when the tool finding the vulnerabilities is operating at machine speed.

Beyond patch velocity, the Mythos situation argues for a structural reexamination of how Indian enterprises think about vulnerability management. The traditional model treats vulnerability discovery as a periodic exercise, driven by scheduled pen tests, compliance audits, and vendor advisories. Mythos demonstrates that AI-enabled discovery can be continuous and autonomous, and that the backlog of unknown vulnerabilities in mature codebases is likely far larger than any organization currently estimates. Investing in AI-assisted vulnerability scanning tools that are currently available commercially, and building the internal capacity to act on their output, positions an organization better for the moment when Mythos-equivalent capabilities reach the open market.

For CISOs specifically, the Mythos situation also surfaces a governance question that their boards and leadership teams are beginning to ask. If an AI model can find thousands of critical vulnerabilities in a major operating system in weeks, what does that imply about the vulnerability surface of your own organization’s production systems? That question does not require access to Mythos to begin answering. It requires a willingness to commission a rigorous assessment of legacy code, to understand which components of your infrastructure are maintained by third parties that may or may not have access to AI-assisted security tools, and to build the remediation capacity to act on findings at a speed that matches how quickly the threat environment is changing.

India’s push for access to Mythos is, at one level, a specific and time-bounded negotiation over a single AI model. At another level, it is a preview of a recurring problem. Anthropic has said it expects models with Mythos-equivalent cybersecurity capabilities to become broadly available within three to six months. When that happens, the controlled-access architecture of Project Glasswing will be obsolete, and the negotiating dynamics of this moment will be irrelevant. But the structural question that this episode surfaces will remain: when the most consequential AI capabilities are developed by a small number of US-based companies, governed under US regulatory frameworks, and initially deployed under access programs that reflect US alliance priorities, how does the rest of the world manage the lag between when those capabilities emerge and when everyone has equitable access to them?

A senior government official quoted by multiple Indian outlets put it with characteristic bluntness: “Currently, Anthropic has held off the wider release, but tomorrow more companies can launch such models. They may release them without advance notice. The government needs to build its capacity as of yesterday.” The observation applies equally to Indian enterprises. The Mythos situation is not the last time this problem will arise. It is the first time it has arrived at sufficient scale and speed to make the gap between access and exposure visible to everyone paying attention.

For Indian CXOs in banking, telecom, payments, and technology services, the practical implication is that the defensive posture their organizations adopt in the next six months will determine how exposed they are when the access gap closes, on whatever terms it eventually closes. The companies inside Project Glasswing are using this period to find and fix vulnerabilities in systems that overlap with Indian-maintained infrastructure. India’s enterprises need to use this same period to build the capacity to do the same, with the tools currently available, at a pace that reflects the urgency their own government has now publicly acknowledged.