Anthropic announced the launch of Project Glasswing, an industry-wide initiative designed to leverage a new, unreleased AI model to fortify critical software infrastructure. The project brings together a coalition of major technology firms, including Google, Microsoft, Amazon Web Services, Apple, Nvidia, and Cisco, to address the risks posed by increasingly capable AI systems.
At the center of this initiative is Claude Mythos Preview, a general-purpose frontier model that Anthropic says is currently restricted to "defensive security" partners. According to the company, the model’s "strong agentic coding and reasoning skills" allowed it to identify thousands of high-severity vulnerabilities in every major operating system and web browser in recent weeks. Anthropic noted that the model identified these bugs and developed related exploits "entirely autonomously, without any human steering."
Newton Cheng, cyber lead for Anthropic’s frontier red team, stated that the model is intended to give defenders a "head start" against adversaries. The company is withholding a public release of Mythos Preview due to significant security concerns. Access is currently limited to the project’s partners, which include JPMorgan Chase, Broadcom, CrowdStrike, the Linux Foundation, and Palo Alto Networks, alongside approximately 40 other organizations.
A Watershed Moment for Security
In a technical blog post, the Anthropic research team described the model’s performance as a "watershed moment for security." The team reported that Mythos Preview is capable of finding and exploiting zero-day vulnerabilities in open-source codebases and reverse-engineering exploits on closed-source software. While the researchers noted that over 99% of the vulnerabilities identified during their testing remain unpatched, they emphasized that the 1% they can discuss demonstrates a "substantial leap" in AI capabilities.
Despite the model's high performance, its debut follows a recent data leak. Dianne Penn, a head of product management at Anthropic, told The Verge that the leak was attributed to human error and was "not related to software vulnerabilities in any way." She added that the company is "taking steps in terms of solidifying our processes."
To support the initiative, Anthropic has committed up to $100 million in usage credits for Mythos Preview. The company is also providing $4 million in direct donations to the Linux Foundation and the Apache Software Foundation. Cheng stated that while Anthropic is subsidizing these costs, the long-term goal is to prepare the broader industry for a landscape where AI-driven cyberattacks become more frequent and sophisticated. Anthropic maintains that because AI progress is moving rapidly, collaborative defensive action is necessary to ensure that security measures outpace the ability of malicious actors to exploit these systems.
