The cybersecurity world has been buzzing since early April, and if you haven't heard about Claude Mythos yet, you need to. Anthropic's newly announced frontier AI model isn't just another incremental upgrade — it represents what many in the industry are calling a genuine inflection point in the arms race between attackers and defenders. For organizations running ServiceNow, the implications are significant and urgent.
What Is Claude Mythos?
Claude Mythos Preview is Anthropic's most powerful AI model to date — described in the company's own words as "by far the most powerful AI model we've ever developed." What makes Mythos remarkable — and unsettling — isn't that it's a cybersecurity tool. It was never designed to be one. It's a general-purpose model. Yet in testing, its raw reasoning and agentic coding capabilities produced something alarming: a machine that can autonomously find and exploit software vulnerabilities at a scale and speed no human team can match.
In just a few weeks of internal testing, Mythos identified thousands of previously unknown zero-day vulnerabilities across every major operating system and web browser — vulnerabilities that had survived decades of human review and millions of automated security scans. In one documented case, the model examined part of FreeBSD's Network File System server, identified a 17-year-old remote code execution flaw, and then autonomously built a working exploit that granted root access to an unauthenticated attacker — from a single prompt.
Let that sink in. A vulnerability that survived for nearly two decades, undetected. Found and weaponized in hours.
Project Glasswing: The Industry's Response
Faced with the reality of what they had built, Anthropic made a consequential decision: instead of a broad commercial release, they launched Project Glasswing — a controlled, coalition-based initiative to put Mythos to work for defense before it falls into the wrong hands.
The coalition reads like a who's who of technology and cybersecurity: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, and Nvidia are among the named partners, alongside roughly 40 additional organizations responsible for maintaining critical software infrastructure. Anthropic is committing up to $100 million in usage credits to support the effort.
Each coalition member brings something unique to the table.
CrowdStrike, a founding member of Project Glasswing, framed its participation plainly: the window between vulnerability discovery and exploitation has collapsed — what once took months now happens in minutes with AI. That is not a reason to slow down; it's a reason to move together, faster. CrowdStrike brings sensor-level endpoint visibility across enterprises — a trillion events per day, 280+ tracked adversary groups, and 1,800+ AI applications already discovered across customer environments. In their assessment, Mythos Preview's capabilities compound dramatically when paired with real-world threat intelligence and machine-speed enforcement.
Cisco emphasized infrastructure urgency, noting that AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure, and that the old ways of hardening systems are no longer sufficient.
AWS stated they are building defenses before threats emerge, working from custom silicon all the way up through the stack.
The common thread across every coalition member? Recognition that this is not a problem any single organization can solve alone — and that the clock is running.
Why the Cybersecurity Community Is Both Excited and Alarmed
The dual-use nature of Mythos is the central tension of this story. The same capabilities that make it an extraordinary defensive tool make it extraordinarily dangerous in the wrong hands. Anthropic has privately warned top government officials that Mythos makes large-scale cyberattacks significantly more likely in the near term. The U.S. Treasury Secretary and Federal Reserve Chair reportedly called in top bank CEOs specifically to discuss the risk.
What changed? Previous AI models could assist security researchers. Mythos operates at a fundamentally different level — it can conduct autonomous security research, end to end, without human intervention after an initial prompt. It identifies the vulnerability, evaluates exploitability, develops the exploit, and tests it. That capability previously required teams of elite human researchers working for weeks or months. Mythos can do it in hours, at scale.
Mitigations that relied on friction — complexity that slowed attackers — are now far weaker. When an AI can grind through tedious exploitation steps quickly and at scale, the math of defense changes. Hard barriers remain valuable. Everything else must be reconsidered.
What SHAW Is Doing About It
This is not a distant threat to monitor from the sidelines. It is an active shift in the threat landscape that demands an active response — and for organizations running ServiceNow, the work starts inside your own instance.
ServiceNow sits at the center of enterprise operations: ITSM, GRC, SecOps, HR, and increasingly, AI-driven automation through Now Assist and third-party integrations. That centrality is exactly what makes it a high-value target. AI-augmented attackers don't need a zero-day in ServiceNow's code. They need a misconfigured ACL, an exposed API endpoint, or an overprivileged service account — and with tools like Mythos raising the capability floor for every adversary, they'll find those gaps faster than any human audit cycle can keep up with.
SHAW was built for exactly this environment.
SecOps module implementation and optimization puts your organization in the posture that Project Glasswing's coalition members are advocating for: threat visibility before escalation, not after. We implement and tune ServiceNow's Security Operations module to give your team meaningful signal — connecting vulnerability data, incident response, and threat intelligence in a single workflow. The same principle that led CrowdStrike to bring endpoint visibility to Project Glasswing applies inside your ServiceNow environment: you cannot defend what you cannot see.
AI governance in ServiceNow is the emerging challenge that most organizations haven't fully confronted yet. CrowdStrike put it directly in their Glasswing announcement: Anthropic's model safety work addresses what the model can do. It does not address what happens when that model runs inside an enterprise with access to customer data, financial systems, and thousands of users. That deployment governance gap is real — and it exists in your ServiceNow instance today, wherever Now Assist or AI agents are automating workflows, triaging tickets, or querying data. SHAW helps define the governance layer: what AI agents can access, what actions they can take, and how that activity is monitored and audited. This is the runtime protection that the Glasswing coalition is calling essential at the infrastructure level — and it applies just as directly to your ServiceNow environment.
GRC and compliance alignment ensures your security posture translates into a defensible compliance position as regulatory expectations around AI and cyber risk continue to tighten. The events of the past few weeks — government warnings, emergency briefings with bank executives, a $100 million industry coalition — are signals that regulators are watching this space closely. Organizations that can demonstrate structured governance of their AI-connected systems, documented access controls, and active risk management workflows will be far better positioned when that scrutiny arrives. We build those frameworks inside ServiceNow, where your compliance evidence lives alongside your operations.
The Bottom Line
The Glasswing coalition's message was consistent across every member: the gap between vulnerability discovery and exploitation has collapsed, and organizations that wait for a breach to audit their environment are playing by the old rules. ServiceNow environments that were considered well-configured six months ago need to be evaluated against the new threat model — one where adversaries have access to the same AI capabilities that Anthropic just spent $100 million trying to put in the hands of defenders first.
SHAW exists to close that gap for the organizations that run their operations on ServiceNow. If you want to know where your exposure is before an attacker does, that conversation starts with us.
Contact us today to schedule a Free ServiceNow consultation call.