Project Glasswing: How Anthropic's Mythos AI Chains Vulnerabilities into Working Exploits
Original: Project Glasswing: what Mythos showed us View original →
What Is Project Glasswing?
Project Glasswing is Anthropic's controlled research program providing select organizations access to Mythos Preview — a security-specialized LLM distinct from general-purpose frontier models. Cloudflare participated and tested the model against their own infrastructure, publishing the full results on their blog.
What Mythos Can Do
Exploit chain construction: Mythos can take multiple low-severity vulnerability primitives and chain them into a single, more severe working exploit. This is senior security researcher reasoning, not automated scanning.
Proof generation: Rather than generating speculative findings, Mythos writes, compiles, and executes code to verify vulnerabilities. When initial hypotheses fail, it iterates independently.
Cloudflare's 8-Stage Architecture
- Recon: Architecture mapping and initial task queue
- Hunt: ~50 concurrent agents targeting specific attack classes
- Validate: Independent adversarial review to filter false positives
- Gapfill: Re-queues under-explored areas
- Dedupe: Collapses duplicate findings
- Trace: Cross-repo exploitability analysis
- Feedback: Loops validated findings back into hunting
- Report: Structured output
Limitations and Dual-Use Warning
Despite lacking standard guardrails, Mythos exhibited unpredictable refusals on legitimate security tasks — identical requests produced different outcomes across runs. Cloudflare is explicit: these capabilities will eventually reach attackers. Their recommendation shifts emphasis from fast patching to defensive architecture — separating security boundaries, implementing blocking infrastructure, and coordinating simultaneous global deployments.
Related Articles
Security alerts are moving from volume to trust. GitHub says LLM-based contextual verification reduced secret-scanning false positives by 75.76%, beating its 65% target.
Anthropic said Claude Opus 4.6 found 22 Firefox vulnerabilities during a two-week collaboration with Mozilla. Mozilla classified 14 as high severity and shipped fixes in Firefox 148.0.
Anthropic says Claude contains a J-space that resembles a global workspace for active, verbalizable thoughts. The lead tweet has more than 9.1 million views and points to audit use cases, including hidden goals in sabotage-trained models.