Anthropic Launches Project Glasswing to Put AI on the Front Lines of Cybersecurity

TL;DR: Anthropic has unveiled Project Glasswing, a coalition of more than 40 technology and infrastructure organisations using an unreleased Claude frontier model to autonomously discover and disclose critical software vulnerabilities.

Anthropic on Monday announced Project Glasswing, an initiative directing frontier AI at defensive cybersecurity at scale. The programme grants coalition partners early access to Claude Mythos Preview — a general-purpose model not yet publicly available — for vulnerability detection, black-box testing, and penetration testing across widely deployed software.

• Partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, Nvidia, and Palo Alto Networks, alongside the Linux Foundation and more than 40 organisations that maintain critical open-source infrastructure.
• Claude Mythos Preview has already autonomously identified thousands of high-severity zero-day vulnerabilities, including a 27-year-old flaw in OpenBSD, a 16-year-old vulnerability in FFmpeg, and Linux kernel exploit chains capable of granting full system control.
• Disclosures follow coordinated vulnerability principles: affected maintainers receive advance notice and a remediation window before any technical details are made public.

The scale of what the model has reportedly found raises immediate questions about how much undetected risk sits inside widely trusted codebases. OpenBSD has been celebrated for its security focus for nearly three decades; FFmpeg underpins video processing in billions of devices. The fact that both harboured undetected high-severity flaws points to structural limits in human-led code auditing — limits that AI-assisted analysis appears well positioned to address.

Project Glasswing also marks a notable strategic shift for Anthropic. Rather than leading with productivity or developer tooling, the company is staking a claim in cybersecurity infrastructure — a sector with substantial government and enterprise budget. Whether Glasswing generates direct revenue or serves primarily as a trust-building exercise, it signals that Anthropic views security as a commercial frontier. The dual-use risk — that the same autonomous vulnerability-finding capability could be turned offensive — will likely dominate regulatory conversations about the project in the months ahead. Anthropic has not yet published details on the safeguards governing how Mythos Preview's findings are handled within the coalition.