Project Glasswing: the largest AI cybersecurity coalition ever created brings together tech giants

Cybersecurity has never been a simple topic, but what is happening right now changes the game in a way few people expected.

Anthropic just announced Project Glasswing, an initiative bringing together some of the biggest names in global technology — AWS, Apple, Cisco, Google, Microsoft, NVIDIA, CrowdStrike, JPMorganChase, Broadcom, Palo Alto Networks, and the Linux Foundation — around a common goal: using artificial intelligence to protect the critical software that keeps the world running.

The trigger for all of this was an unreleased model called Claude Mythos Preview, and what it can do with software vulnerabilities is, at the very least, impressive — and at the same time concerning. 🔍

We are talking about an AI that found flaws decades old in systems that millions of people use every single day, completely on its own, without any human guidance during the process.

The question hanging in the air is: if an AI can find these gaps before attackers do, what happens when this same technology falls into the wrong hands?

It is exactly this delicate balance between defensive opportunity and real risk that Project Glasswing is trying to address — and understanding how this works in practice is what you will find in the paragraphs ahead. 👇

What Claude Mythos Preview found — and why it alarmed everyone

Before getting into the details of Project Glasswing itself, it is worth understanding what motivated its creation with such urgency. Claude Mythos Preview is a general-purpose frontier model that was set loose to analyze widely used codebases around the world, and the results went beyond what even Anthropic’s own engineers expected. The model identified thousands of high-severity zero-day vulnerabilities in a completely autonomous fashion — without receiving hints, without a human pointing out where to look, without any kind of guidance during task execution. It simply read the code, understood the logical structure behind it, and found the gaps on its own.

The most unsettling part was not just the ability to find these flaws, but the nature of them. Some of these vulnerabilities had existed for years — in certain cases, decades — inside systems that are part of the digital infrastructure used by banks, hospitals, governments, and companies of all sizes. The flaws were found in all major operating systems and all major web browsers, along with a range of other widely used software. These were not obscure bugs hidden in irrelevant projects. They were real problems in critical software that had simply never been discovered because the scale and depth of analysis needed to find them was beyond conventional human capacity within a reasonable timeframe.

To illustrate the severity of the findings, here are three concrete examples shared by Anthropic:

• A 27-year-old vulnerability in OpenBSD — an operating system known for being one of the most secure on the planet, used in firewalls and critical infrastructure. The flaw allowed an attacker to remotely crash any machine running the system simply by connecting to it.
• A 16-year-old flaw in FFmpeg — the library used by countless software applications to encode and decode video. The bug was in a line of code that automated testing tools had executed five million times without ever detecting the problem.
• Multiple chained vulnerabilities in the Linux kernel — the software that runs on the majority of servers worldwide. The model found and connected several flaws autonomously to demonstrate how an attacker could escalate from standard user access to full control of the machine.

All of these vulnerabilities have already been reported to the maintainers of the respective software and patched. For many other discoveries, Anthropic is publishing cryptographic hashes of the details on its Red Team blog, with full disclosure planned for after fixes are in place.

This raises a question that gets straight to the point: if Claude Mythos Preview was able to do this in a controlled environment with clear defensive research intentions, what stops a tool with similar capabilities from being used offensively? The honest answer is: very little, if nothing is done. And it was precisely this awareness that pushed Anthropic to act quickly, turning an internal technical discovery into a global cybersecurity initiative. 🛡️

Project Glasswing in practice: how a coalition of giants actually works

Project Glasswing is not just a polished corporate press release loaded with big-company logos. The core proposal is concrete: use artificial intelligence in a coordinated way to perform deep audits on critical open-source software and widely used digital infrastructure, identifying vulnerabilities before malicious actors do. The idea is to create a kind of collective shield, where each participating organization contributes resources, expertise, and system access so the AI can work at a global scale.

The involvement of names like AWS, Google, Microsoft, and Apple is not just symbolic. These companies control enormous portions of global digital infrastructure — from cloud services to operating systems, development platforms, and enterprise networks. Having them inside the same project means Glasswing has access to a comprehensive view of where the most fragile points in the global technology ecosystem are. The presence of the Linux Foundation, in turn, is especially relevant because a large portion of the critical software running the world — from servers to embedded devices — is based on Linux and open-source projects that have historically faced security maintenance and review challenges due to the sheer volume and complexity of the code.

Beyond the launch partners, Anthropic extended access to Claude Mythos Preview to a group of more than 40 additional organizations that build or maintain critical software infrastructure, so they can use the model to scan and protect both proprietary and open-source systems.

Financial investment and long-term commitment

In terms of investment, Anthropic is putting real money on the table. The company committed up to 100 million dollars in usage credits for Claude Mythos Preview for Glasswing participants. On top of that, it allocated 2.5 million dollars to Alpha-Omega and OpenSSF through the Linux Foundation, and 1.5 million dollars to the Apache Software Foundation, with the goal of helping open-source software maintainers respond to this evolving landscape. The company also made 4 million dollars in direct donations to open-source security organizations.

After the period covered by the research credits, Claude Mythos Preview will be available to participants at 25 dollars per million input tokens and 125 dollars per million output tokens, with access through the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.

Beyond identifying flaws, the project includes a structured responsible disclosure process, which is fundamental in this context. Finding a critical vulnerability and simply publishing it without giving software maintainers time to fix the problem would be irresponsible — and potentially catastrophic. Glasswing establishes protocols so that discoveries made by the AI are communicated in a coordinated manner to the responsible teams, ensuring that fixes reach users before information about the flaws becomes public. This is what separates a serious cybersecurity initiative from a simple demonstration of technological capability. 🔒

What partners are saying — and doing

One of the most interesting parts of this announcement is that several partners had access to Claude Mythos Preview for a few weeks before the public reveal, and their accounts reinforce the gravity of the moment.

Cisco stated that AI capabilities have crossed a threshold that fundamentally changes the urgency needed to protect critical infrastructure, and that the old methods of system hardening are no longer sufficient. AWS highlighted that its teams are already using the model on critical codebases and that it is helping strengthen the company’s code. Microsoft tested Mythos Preview against its CTI-REALM security benchmark and reported substantial improvements over previous models.

CrowdStrike offered a particularly direct perspective: the gap between a vulnerability being discovered and being exploited by an adversary has collapsed — what used to take months now happens in minutes with AI. Palo Alto Networks emphasized that these models need to be in the hands of open-source maintainers and defenders everywhere, before attackers gain access to equivalent capabilities.

JPMorganChase stressed that promoting cybersecurity and the resilience of the financial system is central to its mission, and that Glasswing offers a unique opportunity to evaluate next-generation AI tools for defensive cybersecurity. Google, for its part, highlighted its own investments in AI-driven security tools — such as Big Sleep and CodeMender — and committed to making Mythos Preview available to participants through Vertex AI.

The Linux Foundation brought up a crucial point: historically, security expertise has been a luxury reserved for organizations with large specialized teams, while open-source maintainers — whose software underpins most of the world’s critical infrastructure — were left to figure out security on their own. Glasswing offers a real path to changing that equation. 💡

Artificial intelligence as a defense tool: real opportunity or risky bet?

Using artificial intelligence to solve cybersecurity problems is not a new idea. Machine learning-based tools have been used for years to detect anomalous network behavior, identify phishing attempts, and analyze suspicious traffic patterns. What Project Glasswing brings that is different is the scale and depth of the analysis — we are talking about a model capable of understanding complex logical context within extensive codebases, not just recognizing surface-level patterns. This is a massive qualitative leap, and it opens doors that were previously closed for digital defense.

The benchmark results for Claude Mythos Preview reinforce this difference. The model achieved the highest scores ever recorded across several software coding tasks, including SWE-bench Verified, SWE-bench Pro, SWE-bench Multilingual, and Terminal-Bench 2.0. On CyberGym, a benchmark specifically focused on cybersecurity vulnerability reproduction, the gap between Mythos Preview and Anthropic’s previous model, Claude Opus 4.6, was substantial.

On the other hand, it is impossible to ignore the paradox this advancement creates. The same capability that makes Claude Mythos Preview valuable for defense is what makes it potentially dangerous in the wrong hands. An AI capable of finding vulnerabilities in critical software autonomously is, by definition, an extremely powerful attack tool if its use is not controlled. This is the kind of technology that security experts call dual-use — it serves equally well to protect and to attack, depending on who is in control. And Anthropic is very aware of this, which explains the urgency in building a defensive coalition before the model is even publicly released.

For precisely this reason, Anthropic does not plan to make Claude Mythos Preview available to the general public. The eventual goal is to allow users to work with Mythos-class models safely and at scale — for cybersecurity and other benefits alike — but only after advances in developing safeguards that detect and block the model’s most dangerous outputs. The company plans to ship these new protections first with an upcoming Claude Opus model, allowing them to be refined on a model that does not carry the same level of risk as Mythos Preview.

What Glasswing is trying to do, in essence, is make sure the race is not won by the attackers. In cybersecurity, there is a well-established principle: defenders need to be right every single time, while attackers only need to succeed once. Artificial intelligence has the potential to rebalance that equation — but only if it is deployed in a coordinated way, with clear processes and with the participation of those who actually control the most critical systems. This is exactly the reasoning behind the choice of project partners, and it is what makes this initiative different from previous announcements that stayed more on paper than in practice. 🤝

Next steps: what to expect from Project Glasswing

Today’s announcement is just the beginning of a long-term effort. Anthropic has made it clear that the work will expand in scope and continue for many months. The project partners will share information and best practices with each other, and within 90 days Anthropic will publish a public report on what was learned, the vulnerabilities that were fixed, and the improvements that can be disclosed.

Partner work is expected to focus on tasks such as local vulnerability detection, black-box binary testing, endpoint security, and penetration testing. Anthropic also plans to collaborate with leading security organizations to produce a set of practical recommendations on how security practices should evolve in the age of AI, potentially covering areas like:

Tools we use daily

Translation

Text Inspection & Clipping

Social Media

Search & Research

Recruitment

Programming

Productivity & Organization

Operations

Marketing & Sales

Finance & Investment

Education

Design & Media

Data & Analytics

Content & Writing

Automation

• Vulnerability disclosure processes
• Software update processes
• Open-source and supply chain security
• Software development lifecycle and secure design practices
• Standards for regulated industries
• Triage scaling and automation
• Patch automation

The company also confirmed that it is in ongoing discussions with U.S. government authorities about the offensive and defensive capabilities of Claude Mythos Preview. Protecting critical infrastructure is a national security priority for democratic nations, and the emergence of these cyber capabilities is yet another reason why the U.S. and its allies need to maintain a decisive edge in AI technology.

The bigger picture: why the urgency makes sense

To understand why so many organizations are moving so quickly, it helps to look at the cybersecurity landscape that already existed before Glasswing. The global financial costs of cybercrime are hard to estimate precisely, but they may be in the range of 500 billion dollars per year. Attacks on corporate networks, healthcare systems, energy infrastructure, transportation hubs, and government agencies have already demonstrated severe consequences on multiple occasions.

On the geopolitical front, state-sponsored attacks from countries like China, Iran, North Korea, and Russia threaten to compromise the infrastructure that sustains both civilian life and military readiness. Even smaller-scale attacks — against individual hospitals or schools — can cause substantial economic damage, expose sensitive data, and put lives at risk.

Historically, finding and exploiting software vulnerabilities required a level of expertise that very few professionals possessed. With the latest frontier AI models, the cost, effort, and knowledge required to carry out this kind of work have dropped dramatically. Ten years after the first DARPA Cyber Grand Challenge, frontier AI models are becoming competitive with the best humans at finding and exploiting vulnerabilities. The pace of progress suggests these capabilities will proliferate rapidly — potentially beyond actors committed to responsible use.

What this means for everyday technology users

For most people, all this talk about vulnerabilities, AI models, and corporate coalitions might seem far removed from everyday life. But the impact is much closer than it appears. The critical software that Glasswing aims to protect includes systems that process banking transactions, manage medical records, control energy and communication infrastructure, keep logistics networks running, and form the foundation of virtually every digital service we use daily. An unpatched flaw in these systems does not just affect companies — it affects individuals, personal data, finances, and in extreme cases, public safety.

On top of that, the pace at which new vulnerabilities are discovered and exploited has been steadily increasing in recent years. Human security teams, no matter how skilled, simply cannot keep up with the volume and complexity of code that needs to be audited. This is where artificial intelligence comes in not as a replacement for human experts, but as a force multiplier — enabling smaller teams to perform analyses that previously would have required hundreds of people and months of work. Glasswing is, in this sense, a bet that the technology that created part of the problem can also be the most effective solution to it.

Project Glasswing also aims to inspire an even broader effort. Anthropic is inviting other members of the AI industry to join the work of establishing standards for the sector. In the medium term, the company suggests that an independent third-party body — one capable of bringing together organizations from both the public and private sectors — could be the ideal home for the continuation of these large-scale cybersecurity projects.

The announcement of Project Glasswing marks a moment when the technology industry appears to be taking collective responsibility for global cybersecurity seriously. Whether this coalition will translate into concrete results over the coming months and years, only time will tell — but the fact that companies that are normally competitors are sitting at the same table to face this challenge already says a lot about the gravity of what is at stake. 🌐