Anthropic launches Project Glasswing to put Mythos Preview into defensive cybersecurity workflows
Original: We’ve partnered with Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Together we’ll use Mythos Preview to help find and fix flaws in the systems on which the world depends. View original →
In an April 7 X post, Anthropic said it has partnered with Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks on Project Glasswing. On the project page, Anthropic describes Glasswing as a defensive cybersecurity effort designed to secure "the world’s most critical software." The company says launch partners and more than 40 additional organizations will use Claude Mythos Preview to scan both first-party and open-source systems, and Anthropic is committing up to $100 million in usage credits plus $4 million in donations to open-source security groups.
The significance is the model claim behind the program. In a follow-up X post and the project announcement, Anthropic says Mythos Preview has already found thousands of high-severity vulnerabilities, including flaws in every major operating system and web browser. The company says it identified patched issues in OpenBSD, FFmpeg, and the Linux kernel, and that some of those bugs survived years or decades of human review and automated testing. Anthropic’s published benchmarks also frame Mythos Preview as materially stronger than Claude Opus 4.6 on cyber and coding tasks, including 83.1% versus 66.6% on Cybersecurity Vulnerability Reproduction and 93.9% versus 80.8% on SWE-bench Verified.
Defensive access first, public lessons later
Anthropic is not positioning Mythos Preview as a general-purpose public release. Instead, the company says the model will stay inside a controlled defensive program while it works on safeguards for dangerous cyber outputs. That makes Project Glasswing less a product launch than an attempt to put advanced offensive-capable coding systems into the hands of defenders before similar capabilities spread more widely. Anthropic says it will publish what it learns within 90 days, along with vulnerability fixes and practical recommendations on disclosure, patching, open-source security, and secure-by-design development. For security teams, the post is a signal that the competition is shifting from faster human researchers to faster AI-assisted vulnerability discovery.
Related Articles
A Hacker News thread drew attention to Anthropic's Project Glasswing, a new security coalition built around Claude Mythos 2 Preview. Anthropic says the effort combines major vendors, $100M in usage credits, and direct support for open-source defenders to harden critical software before frontier vulnerability-research capabilities spread more broadly.
Anthropic published a coordinated vulnerability disclosure framework on March 6, 2026 for vulnerabilities discovered by Claude. The policy sets a default 90-day disclosure path, a compressed 7-day path for actively exploited critical bugs, and a 45-day buffer after patches before technical details are usually published.
Anthropic said on X that it will support a Linux Foundation effort to secure open source software as AI increases the scale of vulnerability discovery. The associated Linux Foundation release says Anthropic and six other tech groups are providing $12.5 million through Alpha-Omega and OpenSSF.
Comments (0)
No comments yet. Be the first to comment!