You use Chrome, Windows, macOS, or iOS every day. Somewhere behind the scenes, security teams hunt for vulnerabilities in the code you trust with your data. As of this week, eleven of those teams route their hunt through a single AI startup.
On April 7, Anthropic launched Project Glasswing — handing its unreleased Claude Mythos Preview model to eleven organizations: Apple, Microsoft, Google, AWS, Nvidia, Cisco, CrowdStrike, JPMorgan Chase, Broadcom, Palo Alto Networks, and the Linux Foundation. The terms: $100 million in free usage credits, invitation-only access, and a model that Anthropic will never sell to the public. We've covered what Mythos can do — thousands of zero-day vulnerabilities, exploit chains that took human teams weeks compressed into hours at under $2,000 in compute. The question now isn't capability. It's dependency.
Eleven organizations depend on one startup's unreleased model to audit code they wrote themselves. Anthropic sees everyone's vulnerabilities. Nobody else has the tool. The $100M in free credits isn't charity — it's the first hit. Post-preview pricing sits at $25/$125 per million input/output tokens (tokens are the word-chunks AI processes — roughly ¾ of an English word). Once the free ride ends, every partner faces a choice: pay Anthropic's rate card, or lose the only model that outperforms their own red teams by orders of magnitude.
This is classic platform economics dressed in a lab coat. The model finds your bugs. The model knows your bugs. And only one company controls the model.
Now the timing. One day after Glasswing launched, on April 8, a DC federal appeals court denied Anthropic's emergency stay against the Pentagon's supply chain risk designation — a label the Pentagon historically reserves for foreign adversaries like Huawei, now pinned on an American AI company. The court ruled "the equitable balance here cuts in favor of the government." The designation bars defense contractors from using Claude.
The backstory: on February 27, the Pentagon moved to blacklist Anthropic after a failed $200M contract negotiation. Anthropic refused to allow "all lawful purposes" usage, citing concerns about mass surveillance and autonomous weapons. The military branded the company a national security risk. A San Francisco judge initially blocked the designation in March, ruling that Anthropic was being "branded a potential adversary" for disagreeing with policy. The DC court overrode that protection.
So the company that just became the cybersecurity backbone for Apple, Microsoft, and Google simultaneously lost access to the one customer with both the budget and the mandate to fund a competing capability. The Pentagon can't use the best vulnerability-finding tool in existence. Anthropic can't build the government alternative. Nobody else has the model to try.
Cybersecurity stocks dropped 5–11% on the Glasswing announcement. The market understood before anyone explained it: this isn't a product launch. It's a moat. Glasswing locks eleven partners into dependency. The appeals court locks the government out of the only alternative. And your daily software — your browser, your OS, your cloud — now trusts its security to a company that one branch of government arms with $100M in credits while another branch calls a national security threat.
