Hacker News Spotlights Project Glasswing, a Defensive Alliance for Critical Software
Original: Project Glasswing: Securing critical software for the AI era View original →
A Hacker News discussion pushed attention toward Project Glasswing, Anthropic's new defensive-security initiative built around Claude Mythos 2 Preview. Anthropic says the project brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks to secure critical software before frontier vulnerability-research capabilities spread more widely. The company is also extending access to more than 40 additional organizations that maintain critical infrastructure or open-source dependencies.
The core claim is unusually direct. Anthropic says Mythos Preview has already found thousands of high-severity vulnerabilities, including issues in every major operating system and web browser, and that many of them were identified and exploited autonomously. The Glasswing page says Anthropic is committing up to $100M in usage credits plus $4M in direct donations to open-source security groups so launch partners can scan first-party and open-source code with the model.
Why the examples matter
Anthropic is not framing this as a generic AI-for-security story. The company gives concrete examples: a 27-year-old OpenBSD bug that could remotely crash a machine, a 16-year-old FFmpeg flaw hiding in code paths that automated testing had exercised millions of times, and a Linux kernel exploit chain that escalated ordinary user access into full control of a system. Anthropic says those issues have already been disclosed and patched, and points to its Frontier Red Team write-up for technical detail on a subset of the findings.
The important signal for HN readers is not just that Anthropic has a stronger model. It is that frontier model labs are starting to treat vulnerability discovery as a live operational risk rather than a future scenario. Glasswing is essentially a coordination mechanism: get model providers, hyperscalers, security vendors, banks, and open-source stewards onto the same defensive timeline before these capabilities become commonplace. Whether that is enough is still an open question, but the page makes Anthropic's position clear: the window for preparing critical software is measured in months, not years.
Related Articles
Anthropic put Claude Code Security into limited research preview for Enterprise and Team customers. The tool reasons over whole codebases, ranks severity and confidence, and proposes patches for human review.
Anthropic published a coordinated vulnerability disclosure framework on March 6, 2026 for vulnerabilities discovered by Claude. The policy sets a default 90-day disclosure path, a compressed 7-day path for actively exploited critical bugs, and a 45-day buffer after patches before technical details are usually published.
Anthropic said on X that it will support a Linux Foundation effort to secure open source software as AI increases the scale of vulnerability discovery. The associated Linux Foundation release says Anthropic and six other tech groups are providing $12.5 million through Alpha-Omega and OpenSSF.
Comments (0)
No comments yet. Be the first to comment!