Anthropic just dropped something that should make anyone who cares about software security sit up and pay attention. Project Glasswing is a new initiative that brings together a laundry list of the biggest names in tech—Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and of course Anthropic itself—all to tackle what they see as an urgent problem: AI is getting really, really good at finding and exploiting software vulnerabilities, and if we don’t get ahead of it, the consequences could be ugly.
The catalyst here is Claude Mythos Preview, a new frontier model that Anthropic has been training. It’s not released yet, but based on what they’ve seen, it’s already surpassed all but the most elite human hackers at finding and exploiting bugs. We’re not talking about trivial stuff either. Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and every major web browser. Think about that for a second. Code that has survived decades of human review and millions of automated tests, and this model just walks in and finds holes.
This is exactly the kind of capability that keeps security researchers up at night. Not because the model itself is malicious, but because it won’t be long before these capabilities proliferate. And once they’re out there, it’s not just well-meaning researchers who will have access. State-sponsored attackers from China, Iran, North Korea, Russia—they’re all going to want this. The financial costs of cybercrime are already estimated at around $500B per year globally. That number could skyrocket.
Project Glasswing is Anthropic’s attempt to flip the script. Instead of letting offensive capabilities race ahead, they’re putting this model to work for defense. The launch partners will use Mythos Preview in their own security work. Anthropic will share what they learn with the broader industry. They’ve also extended access to over 40 additional organizations that build or maintain critical software infrastructure—things like banking systems, medical records, power grids, logistics networks. The kind of stuff that, if it goes down, people die.
And they’re putting real money behind it. Anthropic is committing up to $100 million in usage credits for Mythos Preview across these efforts, plus $4 million in direct donations to open-source security organizations. That’s not chump change, and it signals they’re serious about this being a long-term play, not just a PR stunt.
What I find particularly interesting is the scope of the coalition. You’ve got cloud providers (AWS, Google, Microsoft), hardware folks (Apple, Broadcom, Cisco, NVIDIA), security specialists (CrowdStrike, Palo Alto Networks), a bank (JPMorganChase), and the Linux Foundation representing open source. These are organizations that compete with each other in various markets, but they’re all sitting at the same table for this. That tells you how serious the threat is perceived to be.
Now, let’s talk about the model itself. Claude Mythos Preview is a general-purpose frontier model, not specifically trained for cybersecurity. The fact that it’s this good at finding vulnerabilities is almost incidental—it’s a side effect of its ability to read and reason about code. Over the past year, we’ve seen AI models get progressively better at this, but Mythos Preview represents a genuine leap. The exploits it develops are increasingly sophisticated, and it’s finding bugs that have survived for years.
This is where the optimism comes in, though. The same capabilities that make these models dangerous in the wrong hands make them incredibly valuable for defense. If you can use AI to find and fix flaws before attackers do, you’re not just playing catch-up—you’re getting ahead. Project Glasswing is explicitly about giving defenders a durable advantage in what’s shaping up to be an AI-driven era of cybersecurity.
Ten years after the first DARPA Cyber Grand Challenge, we’ve reached a point where frontier AI models are competitive with the best humans at this stuff. That’s both terrifying and exciting. The risks are real, and they’re not hypothetical. But if we act now, there’s a real chance we can build systems that are fundamentally more secure than anything we’ve had before.
No one organization can solve this alone. That’s the whole point of Project Glasswing. Frontier AI developers, software companies, security researchers, open-source maintainers, governments—everyone has a role to play. The work of defending the world’s cyber infrastructure might take years, but frontier AI capabilities are advancing over months. For defenders to come out ahead, we need to move fast.
Anthropic is positioning this as a starting point, and I think that’s the right framing. This isn’t a one-and-done announcement. It’s the beginning of what needs to be an ongoing effort. The $100M in credits and $4M in donations are real commitments, but the real test will be whether this coalition holds together and actually produces results. I’ll be watching closely.
Comments (0)
Login Log in to comment.
Be the first to comment!