Project Glasswing is a cybersecurity initiative launched by Anthropic on April 8, 2026, that brings together many of the world’s largest technology and financial organizations to find and fix critical software vulnerabilities using a new frontier AI model called Claude Mythos Preview. The project represents one of the most ambitious cross-industry efforts to date aimed at using artificial intelligence for defensive cybersecurity at scale.
In this article, we’ll discuss what Project Glasswing is, why Anthropic created it, how Claude Mythos Preview works to detect vulnerabilities that have evaded human reviewers for decades, which organizations have signed on as launch partners, and what this initiative means for the future of software security. Whether you’re a security professional or simply someone who depends on digital infrastructure (which is all of us), this is a story worth paying attention to.
TL;DR Snapshot
Project Glasswing is Anthropic’s urgent, industry-wide effort to deploy its most capable AI model for defensive cybersecurity. Powered by Claude Mythos Preview, the initiative has already uncovered a wealth of previously unknown zero-day vulnerabilities in every major operating system and web browser. With a coalition of powerful partners including many of the largest companies in tech, it’s the largest AI-for-defense collaboration the industry has ever seen.
Key takeaways include…
- Claude Mythos Preview has autonomously discovered thousands of critical zero-day vulnerabilities, including flaws that survived decades of human code review and millions of automated tests.
- Anthropic is committing up to $100M in usage credits and $4M in direct donations to open-source security organizations to fund the initiative.
- Several leading tech-industry launch partners have been announced, including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and more than 40 additional organizations.
Who should read this: Cybersecurity professionals, software developers, open-source maintainers, IT leaders, and AI enthusiasts.
Why Project Glasswing Exists: The Cybersecurity Tipping Point
The software that runs our banking systems, hospitals, power grids, and government agencies has always contained bugs. Some of those bugs are serious security vulnerabilities that, if exploited, can allow attackers to hijack systems, steal data, or shut down critical operations. We’ve already seen the real-world consequences of this. Attacks on healthcare systems like the NHS, on energy infrastructure like Colonial Pipeline, and on government agencies like the US Treasury have demonstrated how devastating these vulnerabilities can be. According to a report from the Centre for the Governance of AI, the global financial cost of cybercrime may be around $500 billion every year.
What’s changed is the role AI now plays. As Anthropic explains on the official Project Glasswing page, frontier AI models have reached a level of coding capability where they can surpass all but the most skilled humans at discovering and exploiting software vulnerabilities. That’s a double-edged sword of course, as in the wrong hands, these capabilities could make cyberattacks far more frequent and destructive. But used defensively, they could help find and patch flaws before attackers ever reach them. Project Glasswing is Anthropic’s bet on the defensive side of that equation.
What Claude Mythos Preview Can Do
At the heart of Project Glasswing sits Claude Mythos Preview, an unreleased general-purpose frontier model that Anthropic describes as its most capable yet. It isn’t a narrow security tool, it’s a broadly skilled coding and reasoning model whose abilities happen to translate powerfully into cybersecurity applications.
The results so far are striking. According to Anthropic’s announcement, Mythos Preview has identified thousands of zero-day vulnerabilities across every major operating system and web browser. Three examples stand out amongst the crowed. The model found a 27-year-old vulnerability in OpenBSD, one of the most security-hardened operating systems in the world, that allowed an attacker to remotely crash any machine simply by connecting to it. It also discovered a 16-year-old flaw in FFmpeg, a widely used video encoding library, in a line of code that automated testing tools had executed five million times without catching the problem. And it autonomously found and chained together multiple Linux kernel vulnerabilities to escalate from ordinary user access to full system control.
On the CyberGym benchmark for vulnerability reproduction, Mythos Preview scored 83.1%, compared to 66.6% for Claude Opus 4.6. Crucially, the model found most of these vulnerabilities entirely on its own, without human steering. It’s this autonomous capability that makes the project both so promising for defenders and so urgent as a preemptive measure against misuse.
The Coalition: Who’s Involved and What They’re Doing
Project Glasswing’s launch partners read like a who’s-who of global technology infrastructure. Amazon Web Services (AWS), Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks have all signed on. Beyond those, more than 40 additional organizations that build or maintain critical software infrastructure have been extended access as well.
Each partner brings a different angle. AWS, for example, has been testing Mythos Preview against its own critical codebases. As AWS VP and CISO Amy Herzog noted in a recent security blog announcement, their teams already analyze over 400 trillion network flows daily for threats, and AI is central to that work. Microsoft’s EVP of Cybersecurity Igor Tsyganskiy shared via the MSRC blog that when tested against CTI-REALM, Microsoft’s open-source security benchmark, Mythos Preview showed substantial improvements over previous models.
The Linux Foundation’s involvement is particularly meaningful for the open-source community. CEO Jim Zemlin highlighted that open-source maintainers, whose software underpins the vast majority of modern systems, have historically been left to handle security on their own. Anthropic is donating $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation, plus $1.5M to the Apache Software Foundation, to help change that dynamic. Open-source maintainers interested in access can apply through Anthropic’s Claude for Open Source program.
What Comes Next
Project Glasswing isn’t a one-time announcement, it’s the start of a longer effort that Anthropic says will continue for many months. Within 90 days, the company plans to publicly report on what it’s learned, including details on vulnerabilities fixed and best practices discovered. The initiative will also work with leading security organizations to produce recommendations on how security practices should evolve in the AI era, covering areas like vulnerability disclosure, patching automation, software supply-chain security, and standards for regulated industries.
Importantly, Anthropic does not plan to make Claude Mythos Preview generally available, at least in the near future. The model’s offensive capabilities are too powerful for broad release without additional safeguards. Instead, the company’s goal is to develop cybersecurity guardrails that detect and block a model’s most dangerous outputs, with plans to launch them alongside an upcoming Claude Opus update, and see how that goes before making any further plans for Mythos. Security professionals who need access to it for legitimate work will eventually be able to apply through a forthcoming Cyber Verification Program.
Anthropic has also been in discussions with US government officials about Mythos Preview’s capabilities. The company frames this as a national security priority, arguing that the US and its allies need to maintain a decisive lead in AI technology, and that governments have an essential role in both assessing and mitigating the risks associated with these models.
Frequently Asked Questions
Anthropic is an AI company founded in 2021 that builds the Claude family of AI models. It’s known for its focus on developing AI systems that are safe, steerable, and beneficial to humanity.
Claude Mythos Preview is Anthropic’s newest and most capable frontier AI model. It’s a general-purpose model with exceptional coding and reasoning abilities that translate into powerful cybersecurity applications. It’s not publicly available and is currently restricted to Project Glasswing participants.
A zero-day vulnerability is a software security flaw that was previously unknown to the software’s developers. Because there’s no existing fix or patch, these flaws can be especially dangerous if discovered by malicious actors.
Open-source software is code that’s freely available for anyone to use, modify, and distribute. The vast majority of modern digital systems, from servers to smartphones, rely heavily on open-source components. Because these projects are often maintained by small teams or volunteers, they can lack the resources for rigorous security testing.
Traditional automated security testing tools follow predefined rules and patterns. Claude Mythos Preview can reason about code more like a skilled human security researcher, autonomously discovering novel vulnerabilities and even developing exploit chains, but at a scale and speed no human team could match.
Not currently. Anthropic says the model’s capabilities are too powerful for broad release without additional safeguards. The company plans to develop and test those safeguards with an upcoming Claude Opus model before making Mythos-class models more widely available.
Other Enterprise AI Articles You May Be Interested In
Why Intel Is Joining Elon Musk’s Terafab to Build the World’s Largest AI Chip Factory
Onix Bets Big on Google Cloud With Wingspan-Powered AI Transformation Strategy
Google’s TurboQuant: The Compression Breakthrough That Shook the AI Industry
CGI and AWS Sign Multi-Year Deal to Modernize U.S. Government Technology
ASUS UGen300: How the Hailo-10H Powered USB Stick Is Changing Edge AI in 2026
