Project Glasswing: How Anthropic's Mythos AI Chains Vulnerabilities into Working Exploits

What Is Project Glasswing?

Project Glasswing is Anthropic's controlled research program providing select organizations access to Mythos Preview — a security-specialized LLM distinct from general-purpose frontier models. Cloudflare participated and tested the model against their own infrastructure, publishing the full results on their blog.

What Mythos Can Do

Exploit chain construction: Mythos can take multiple low-severity vulnerability primitives and chain them into a single, more severe working exploit. This is senior security researcher reasoning, not automated scanning.

Proof generation: Rather than generating speculative findings, Mythos writes, compiles, and executes code to verify vulnerabilities. When initial hypotheses fail, it iterates independently.

Cloudflare's 8-Stage Architecture

1. Recon: Architecture mapping and initial task queue
2. Hunt: ~50 concurrent agents targeting specific attack classes
3. Validate: Independent adversarial review to filter false positives
4. Gapfill: Re-queues under-explored areas
5. Dedupe: Collapses duplicate findings
6. Trace: Cross-repo exploitability analysis
7. Feedback: Loops validated findings back into hunting
8. Report: Structured output

Limitations and Dual-Use Warning

Despite lacking standard guardrails, Mythos exhibited unpredictable refusals on legitimate security tasks — identical requests produced different outcomes across runs. Cloudflare is explicit: these capabilities will eventually reach attackers. Their recommendation shifts emphasis from fast patching to defensive architecture — separating security boundaries, implementing blocking infrastructure, and coordinating simultaneous global deployments.