Project Glasswing, Anthropic’s initiative to protect critical software with AI

Anthropic has announced Project Glasswing, a cybersecurity alliance bringing together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks. The goal is to use artificial intelligence defensively to detect and fix security flaws in the world's most critical software before they can be exploited by malicious actors.

At the center of the initiative is Claude Mythos Preview, a new AI model developed by Anthropic that has shown a notable ability to identify vulnerabilities in computer code. Over the past few weeks, the model detected thousands of previously unknown security flaws across all major operating systems and web browsers. Some of these flaws had gone undetected for decades despite undergoing millions of automated security tests.

Among the documented cases, the model found a 27-year-old vulnerability in OpenBSD, an operating system used in firewalls and critical infrastructure, which allowed an attacker to remotely crash any machine running it. It also detected a 16-year-old bug in FFmpeg, a widely used video processing library, in a line of code that automated tools had analyzed five million times without catching it. In addition, it identified and chained together several vulnerabilities in the Linux kernel to gain full control of a system from ordinary user access. All flaws have been reported to the maintainers of the affected software and have since been patched.

In CyberGym cybersecurity benchmarks, Mythos Preview scored 83.1%, compared to 66.6% for Claude Opus 4.6. Anthropic does not plan to make the model generally available; its use will be limited to project partners and more than 40 organizations that manage critical and open source software infrastructure.

The company has committed up to $100 million in model usage credits for participants, and has donated an additional $4 million to open source security organizations. Within 90 days, Anthropic will publish a report on the results and any vulnerabilities that can be publicly disclosed.

The initiative comes as AI has significantly reduced the time and level of expertise required to exploit software flaws. Project Glasswing aims to ensure that defenders can leverage these same capabilities before attackers do.

Key points

• Anthropic launches Project Glasswing to use AI in detecting vulnerabilities in critical software.
• The Claude Mythos Preview model has found thousands of serious flaws across all major operating systems and browsers.
• Some detected flaws had gone undiscovered for decades despite millions of automated tests.
• Twelve major technology companies are participating as partners, including AWS, Microsoft, Google, Apple and Cisco.
• Anthropic will not make the model generally available due to the risk it would pose in the wrong hands.
• The company is committing $100 million in usage credits and $4 million in donations to open source security projects.
• Within 90 days, Anthropic will publish a report on results and vulnerabilities that can be made public.