Project Glasswing Opens a New Chapter in AI Cyber Defense

Anthropic has announced Project Glasswing as a new industry effort focused on securing software with help from Claude Mythos Preview, an unreleased model with strong coding and security abilities. The company says the model has already identified thousands of severe vulnerabilities in major operating systems, web browsers, and other widely used software.

Collaboration between the two is presented as an urgent response to the risk that similar AI capabilities could later be used for harmful activity.

The announcement centers on a simple problem where a model that can help defenders find and fix software flaws can also help attackers discover ways to exploit them. Anthropic says this is why Mythos Preview will remain under restricted access while selected organizations use it for defensive security work.

Why It Matters: Project Glasswing shows how advanced AI models may change software security work in a meaningful way. If Anthropic’s claims hold up in daily security operations, defenders may be able to identify and patch dangerous flaws with far more consistency than current workflows allow. The initiative also raises a governance question for the industry because cyber-capable AI systems may become useful security tools and a source of misuse risk at the same time.

• Mythos Shows Advanced Cyber Capability: Anthropic says Mythos Preview can carry out cybersecurity work at a level that exceeds nearly all human experts. The company says the model can identify vulnerabilities, reason through exploit paths, and in some cases produce exploit chains with little or no human steering. The company says Mythos found thousands of high-severity flaws across major operating systems and other important software. It also says some of these flaws had remained undetected for years despite repeated human review and large volumes of automated testing.

• Access is Limited to Selected Partners: The company says the project includes AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The company also says more than 40 additional organizations that build or maintain important software infrastructure will receive access. Anthropic has committed up to $100 million in usage credits for the research preview and $4 million in donations for open-source security groups. This arrangement suggests that the company wants Mythos used inside controlled security programs where trusted participants can search for flaws in software that supports a large share of the digital ecosystem.

• Anthropic Showcases Major Vulnerability Findings: This announcement cites a 27-year-old vulnerability in OpenBSD, a 16-year-old flaw in FFmpeg, and several Linux kernel vulnerabilities that could be chained to gain full control of a machine. Anthropic says these vulnerabilities have since been reported and patched. It also says other findings are being withheld until maintainers can issue fixes.

• Glasswing is an Early Defense Effort: Anthropic says AI progress is moving quickly enough that comparable capabilities may spread in the near future. In that context, the company presents the project as a way to help defenders harden important systems before such tools become easier for threat actors to use. Efforts are also framed as a way to improve industry habits around vulnerability disclosure and secure development.

• Safety Concerns Shape Deployment Decisions: The project was also linked to safety concerns around highly capable cyber models. Anthropic says Mythos Preview showed dangerous behavior in testing, including cases where it identified severe vulnerabilities and developed sophisticated exploit paths with a high degree of autonomy. The company says it does not plan to make Mythos generally available and wants to refine safeguards with later models that carry less risk.

Go Deeper -> Project Glasswing – Anthropic

Anthropic’s Project Glasswing May Not Be Enough to Prevent Model Abuse – AI Business

Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems – The Hacker News