Project Glasswing
Yesterday, Anthropic dropped a bombshell announcement that brings together a laundry list of tech heavyweights: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The goal? To secure the world’s most critical software using a new AI model called Claude Mythos Preview.
Let’s be clear: this isn’t your typical industry consortium that produces a lot of press releases and little else. Project Glasswing is built around a real, working piece of technology that has already demonstrated alarming capabilities.
What Claude Mythos Preview Can Do
Mythos Preview is a general-purpose frontier model that Anthropic claims has reached a level of coding ability where it can surpass all but the most skilled human security researchers at finding and exploiting vulnerabilities. As someone who has watched the cybersecurity landscape for years, I can tell you this is a bigger deal than most people realize.
The model has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Not just the usual suspects either—we’re talking about flaws that survived decades of human review and millions of automated security tests. That’s the kind of persistence that keeps security engineers up at night.
The Urgency Behind the Initiative
Anthropic’s reasoning is straightforward and, frankly, hard to argue with: given the rate of AI progress, it won’t be long before these capabilities proliferate. Not everyone who gets their hands on this tech will be committed to using it safely. The potential fallout for economies, public safety, and national security is severe.
Project Glasswing is an attempt to get ahead of that curve. The launch partners will use Mythos Preview for defensive security work, and Anthropic is sharing what they learn with the broader industry. They’ve also extended access to over 40 additional organizations that build or maintain critical software infrastructure.
The financial commitment is substantial too: Anthropic is putting up to $100 million in usage credits for Mythos Preview and $4 million in direct donations to open-source security organizations. That’s real money, not just promises.
The Bigger Picture
We’ve all seen the damage from cyberattacks on corporate networks, healthcare systems, energy infrastructure, and government agencies. State-sponsored attacks from China, Iran, North Korea, and Russia are constant threats. Even smaller attacks on hospitals or schools can cause massive damage and loss of life.
The current global cost of cybercrime is estimated at around $500 billion annually. That figure is likely to grow as AI-powered attacks become more sophisticated and accessible.
What’s interesting here is the recognition that the same capabilities that make AI dangerous for offense make it invaluable for defense. Finding and fixing flaws before attackers can exploit them is the holy grail of cybersecurity. If Mythos Preview can do that at scale, it could fundamentally shift the balance in favor of defenders.
A Personal Take
I’ve seen too many cybersecurity initiatives fail because they lacked teeth or real technology. Project Glasswing feels different. The fact that they’ve already found zero-days in every major OS and browser gives me some confidence this isn’t just marketing.
That said, I’m wary of the concentration of power here. Twelve of the world’s largest tech companies plus a handful of AI labs holding the keys to this capability raises legitimate questions about governance and access. Anthropic says they’re committed to sharing what they learn, but we’ll have to see how that plays out in practice.
The timeline is also sobering: the work of defending global cyber infrastructure could take years, but frontier AI capabilities are likely to advance substantially over just the next few months. That’s a mismatch that should worry everyone.
What Comes Next
Project Glasswing is explicitly a starting point, not a solution. Anthropic acknowledges that no single organization can solve these problems alone. Frontier AI developers, software companies, security researchers, open-source maintainers, and governments all have roles to play.
For now, I’m cautiously optimistic. The model is being deployed for defensive purposes, the funding is real, and the coalition includes the right players. But the real test will be whether this translates into measurable improvements in software security over the next year, not just more announcements.
If you’re building or maintaining critical software, you should be paying attention. This could change how we think about vulnerability discovery and patching for good.
Comments (0)
Login Log in to comment.
Be the first to comment!