Project Glasswing Is Quietly Patching The Internet's Biggest Holes

Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software.

It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans.https://t.co/NQ7IfEtYk7
— Anthropic (@AnthropicAI) April 7, 2026

This post is the signal: Anthropic’s new frontier model, Claude Mythos Preview, is being positioned as a serious cybersecurity capability jump, not a casual “new default model” release. That matters for setup, because most teams won’t do a blind full swap. You’ll want a controlled rollout across tools.

The practical approach is simple: keep your current stable model as default, add Mythos as a security-focused profile, and route specific tasks to it. Below is the exact setup pattern across Claude Code, Cursor, Zed, direct API use, AWS Bedrock, and Google Vertex AI.

Claude Code

For Claude Code users, the safest config change is to add Mythos as an alternate model profile, then switch per session when doing vulnerability analysis or exploit-path investigation. Keep Opus as baseline for normal coding until you’ve validated behavior and access.

# ~/.claude/config.json (example)
{
  "defaultModel": "claude-opus-4-7",
  "profiles": {
    "default": {
      "model": "claude-opus-4-7"
    },
    "security": {
      "model": "claude-mythos-preview"
    }
  }
}

If your account is not entitled yet, the security profile may fail with model-access errors. That’s expected in a preview rollout. Keep fallback enabled so your workflow doesn’t block.

Before moving to other tools, the second embed reinforces why this rollout is controlled: Anthropic keeps framing Glasswing as a defensive coordination effort, not broad open access on day one.

A statement from Anthropic CEO, Dario Amodei, on our discussions with the Department of War.https://t.co/rM77LJejuk
— Anthropic (@AnthropicAI) February 26, 2026

After reading that, assume entitlement and policy constraints are part of setup, not edge cases.

Cursor

In Cursor, use the model picker for quick tests, but for team consistency you should define project-level defaults. Set your normal assistant to Opus, then create a Mythos-specific workflow for security prompts and code audit tasks.

// .cursor/settings.json (example)
{
  "ai.model": "claude-opus-4-7",
  "ai.altModels": [
    "claude-mythos-preview"
  ],
  "ai.routing": {
    "securityReview": "claude-mythos-preview",
    "default": "claude-opus-4-7"
  }
}

Gotcha: if your org policy locks model lists, local changes may not apply until admin approval. Test with a known security task and verify the returned model metadata before trusting results.

Zed

Zed setups vary depending on whether you route through Anthropic directly or an OpenAI-compatible proxy. Either way, the upgrade pattern is identical: keep a default model and add Mythos as a named option for targeted use.

// ~/.config/zed/settings.json (example)
{
  "assistant": {
    "provider": "anthropic",
    "default_model": "claude-opus-4-7",
    "models": [
      "claude-opus-4-7",
      "claude-mythos-preview"
    ]
  }
}

If your Zed build or provider adapter doesn’t yet expose Mythos, leave the entry in place and continue with Opus. That way the switch is instant once access lands.

Anthropic API (direct)

This is the cleanest place to control migration. Add model routing in code, not in scattered environment variables only. Gate Mythos by task class and feature flag.

// request body (example)
{
  "model": "claude-mythos-preview",
  "max_tokens": 4096,
  "messages": [
    { "role": "user", "content": "Audit this diff for exploit chains..." }
  ]
}

// recommended runtime routing (example)
const model =
  featureFlags.mythos && task.type === "security_critical"
    ? "claude-mythos-preview"
    : "claude-opus-4-7";

Also add explicit fallback for 403/404/entitlement failures. Preview models should never become a single point of failure in CI pipelines.

This third embed is useful context for API users: the messaging continues to emphasize defensive security workflows, which is exactly where you should route Mythos first.

A statement on the comments from Secretary of War Pete Hegseth. https://t.co/Gg7Zb09IMR
— Anthropic (@AnthropicAI) February 28, 2026

So don’t flip your entire app to Mythos immediately. Use bounded, high-value security lanes first.

AWS Bedrock

For Bedrock users, model invocation depends on region and model catalog availability under your account. The exact change is to replace the model ID in your invoke call once Mythos is available to your tenant.

# boto3-style pseudo example
response = bedrock_runtime.invoke_model(
    modelId="anthropic.claude-mythos-preview-v1:0",
    body=json.dumps({
        "anthropic_version": "bedrock-2023-05-31",
        "max_tokens": 4096,
        "messages": [{"role":"user","content":"Run a vuln-oriented review on this module"}]
    })
)

If that model ID isn’t recognized yet, keep using your current Claude Bedrock ID and monitor the Bedrock model catalog. In preview programs, exact IDs and region availability can lag launch announcements.

Google Vertex AI

Vertex AI users should follow the same pattern: keep current production model in place, then create a separate endpoint config for Mythos-targeted security jobs. This makes rollback easy and audit trails cleaner.

# conceptual Vertex config snippet (example)
model: "claude-mythos-preview"
region: "us-central1"
routing:
  default: "claude-opus-4-7"
  security_critical: "claude-mythos-preview"

On Vertex, verify both model availability and org policy permissions before rollout. Some teams have platform-level controls that require explicit allowlisting of new model names.

Cross-tool rollout checklist (do this once)

Whatever IDE or cloud you use, successful setup comes down to six checks:

1) Keep stable default model (do not hard replace everywhere).
2) Add Mythos as an explicit secondary/security model.
3) Gate usage with a feature flag.
4) Route only security-critical tasks first.
5) Add fallback on access/policy/timeout errors.
6) Log model name per request for evaluation and cost tracking.

This gives you clean A/B comparisons instead of launch-week guesswork.

Peter Steinberger is joining OpenAI to drive the next generation of personal agents. He is a genius with a lot of amazing ideas about the future of very smart agents interacting with each other to do very useful things for people. We expect this will quickly become core to our…
— Sam Altman (@sama) February 15, 2026

The broader context from other frontier leaders points the same direction: cyber capability is accelerating, and teams that treat model rollout as an engineering change-management problem will do better than teams that treat it like a hype event.

Bottom line: set up Mythos Preview as a controlled security profile across Claude Code, Cursor, Zed, API, Bedrock, and Vertex. Keep Opus as your stable default, move critical security workflows first, and expand only after you’ve validated reliability, access, and cost in your own stack.

Now you know more than 99% of people. — Sara Plaintext