Project Glasswing: the initiative bringing tech giants together to use AI in global cyber defense

Artificial Intelligence has reached a point where it can find security flaws in critical systems before any human even realizes they exist.

And we are not talking about simple or recent breaches.

We are talking about vulnerabilities that stayed hidden for decades, surviving millions of automated tests and years of human review, without ever being detected.

This scenario created both an opportunity and an urgent warning, and that is exactly what motivated the birth of Project Glasswing, an initiative that brings together some of the biggest names in global tech to use this same AI capability in favor of digital defense.

Behind the project are companies like Amazon Web Services, Apple, Cisco, Microsoft, Google, NVIDIA, JPMorganChase, CrowdStrike, Broadcom, Palo Alto Networks and Anthropic itself, alongside the Linux Foundation.

A list that, on its own, says a lot about how serious this initiative really is. 🔐

The trigger for all of this was Claude Mythos Preview, a frontier AI model not yet released to the public that demonstrated a striking capability: finding and exploiting software vulnerabilities autonomously, at a level that surpasses virtually any human security expert.

This is not an exaggeration and it is not science fiction.

It is what is happening right now, and understanding what it means, both for good and for risk, is what this article sets out to do. 👇

What is Project Glasswing and why it matters so much

Project Glasswing is a collaborative initiative focused on cybersecurity that uses advanced AI models to identify and fix critical vulnerabilities in widely used software around the world. The name evokes transparency, the idea of making visible what had been hidden for a long time, as if the walls of systems became glass for those who know where to look. And that metaphor makes complete sense when you understand what the project actually does in practice: it puts Artificial Intelligence in the role of a tireless security researcher, capable of analyzing millions of lines of code in search of flaws that went unnoticed for years, even decades.

The initiative was born in response to a reality the tech industry can no longer ignore. With the rapid advancement of AI models, it became clear that the same technology capable of detecting threats can also be used to create them. This dual potential sparked a quiet race: who is going to use this first, the defenders or the attackers? Glasswing bets on collaboration among industry giants to make sure the scales tip the right way, toward protection. And what makes this even more significant is that it is not a closed or proprietary initiative. By involving the Linux Foundation, the project commits to the open source ecosystem, which is exactly where many of the most critical vulnerabilities tend to live, precisely because the code is public and anyone, well-intentioned or not, can study it.

When you put companies like Microsoft, Google, Apple, Amazon Web Services, NVIDIA and Anthropic at the same table, the signal it sends to the market is clear: AI-based cybersecurity has moved beyond an experimental project and become a strategic priority at a global level. Each of these companies has critical infrastructure that depends on secure systems, and all of them have already faced or are vulnerable to sophisticated attacks. The union of these players around a common goal is, at the very least, a historic milestone for the digital security industry.

Claude Mythos Preview: the model that changed the game

Claude Mythos Preview is the name of the model developed by Anthropic that served as the starting point for this entire mobilization. It is a general-purpose model, not yet publicly available, that revealed a striking fact: AI models have reached a level of coding capability where they can outperform all but the most qualified humans at the task of finding and exploiting software vulnerabilities.

In internal tests and controlled evaluations, this model demonstrated the ability to not only identify vulnerabilities in code, but also to understand the context in which they exist, simulate possible attack vectors, and develop sophisticated exploits, all of this autonomously, without any human guidance. To get a sense of the impact, consider that experienced security researchers take days or weeks to audit a complex system. Claude Mythos Preview does it in a fraction of the time, with a depth of analysis that exceeds what any human team could cover manually.

What sets this model apart from other security analysis tools already on the market is the combination of contextual reasoning and technical capability. Traditional static code analysis tools, like vulnerability scanners, work with known patterns. They look for what has already been cataloged, what already has a name and a registered CVE. Claude Mythos Preview, on the other hand, can reason about code behavior, understand interactions between components, and identify flaws that do not have a name yet, so-called zero-day vulnerabilities, which are precisely the most dangerous because nobody is defending against them yet. The model has already found thousands of these high-severity vulnerabilities, including some in every major operating system and web browser. This distinction is fundamental to understanding why the project was received with so much attention by the cybersecurity industry.

Of course, a capability at this level raises serious questions. If an Artificial Intelligence model can find and exploit vulnerabilities autonomously, what happens when this technology falls into the wrong hands? That question is not paranoia, it is a legitimate concern that the project creators themselves openly acknowledge. Given the pace of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors committed to their safe use. The consequences for economies, public safety, and national security could be severe. That is why Glasswing is not just about detecting flaws, it also involves strict responsible disclosure protocols, where discovered vulnerabilities are communicated in a controlled manner to the maintainers of affected software before any public exposure. This ensures the window of exposure is as small as possible and that fixes reach users before bad actors can exploit the flaws. 🛡️

Old vulnerabilities, new threats: the most impressive cases

One of the most disturbing and at the same time most fascinating aspects of this whole story is the discovery that widely used systems carry vulnerabilities that have existed for a very long time without ever being detected. We are not talking about abandoned legacy code sitting on some forgotten server. We are talking about libraries and components that are part of the backbone of the modern internet, software that went through audits, was reviewed by entire developer communities, and still hid flaws that only an AI model with advanced reasoning capability was able to spot.

The original article from Anthropic describes three examples that illustrate the magnitude of what was found:

• OpenBSD, 27-year-old vulnerability: Mythos Preview found a flaw in OpenBSD, an operating system with a reputation as one of the most secure in the world, widely used to run firewalls and critical infrastructure. The vulnerability allowed an attacker to remotely crash any machine running the system simply by connecting to it. This flaw had been there for nearly three decades without being detected.
• FFmpeg, 16-year-old vulnerability: A flaw was also discovered in FFmpeg, the library used by countless software programs to encode and decode video. The vulnerability was in a line of code that automated testing tools had executed five million times without ever catching the problem.
• Linux Kernel, privilege escalation: The model autonomously found and chained multiple vulnerabilities in the Linux kernel, the software that runs most of the world’s servers, allowing an attacker to escalate from regular user access to full control of the machine.

All of these vulnerabilities have already been reported to the maintainers of the respective software and have been fixed. For many other flaws found, Anthropic is providing cryptographic hashes of the details today, with plans to reveal the full data once patches are available.

This puts into perspective how much is still left to discover and, consequently, how much we are still exposed without knowing. When a critical vulnerability is found in a widely used open source library, the impact can spread across thousands of products and services that depend on that component. The Log4Shell case, discovered in 2021, is perhaps the best-known example of this dynamic: a flaw in a logging library used in practically everything, from corporate servers to games, exposed a massive number of systems worldwide. Glasswing operates in exactly this layer of risk, trying to find the next vulnerabilities of this type before someone with bad intentions does.

The real cost of cyberattacks and why the urgency is now

To put the importance of an initiative like Project Glasswing in perspective, it is worth looking at the numbers and concrete examples of the impact of cyberattacks around the world. We have already witnessed serious consequences from attacks against corporate networks, healthcare systems, energy infrastructure, transportation hubs, and government agencies in multiple countries. On the international stage, state-sponsored attacks have compromised infrastructure that supports both civilian life and military readiness.

Even smaller-scale attacks, like those targeting individual hospitals or schools, still cause substantial economic damage, expose sensitive data, and can put lives at risk. Estimates of the global financial costs of cybercrime are challenging to calculate, but they hover around 500 billion dollars per year.

What makes Project Glasswing‘s approach especially relevant right now is that it acknowledges a paradigm shift in how cybersecurity needs to work. The traditional model is reactive: a flaw is discovered, usually after an attack, and then a fix is developed and distributed. Glasswing proposes the opposite, a proactive stance where AI continuously scans systems for flaws before they are exploited. This does not eliminate all risks, nothing does, but it drastically reduces the window of exposure and fundamentally changes the dynamic between attackers and defenders. In a scenario where attacks are increasingly sophisticated and automated, having an equally sophisticated and automated defense is no longer a competitive advantage, it is a basic necessity. 🔍

The investment and structure behind the project

The financial commitment behind Project Glasswing is significant. Anthropic is committing up to 100 million dollars in usage credits for Claude Mythos Preview for partners and additional participants. On top of that, the company made direct donations of 2.5 million dollars to the Alpha-Omega and OpenSSF projects through the Linux Foundation, and 1.5 million dollars to the Apache Software Foundation, totaling 4 million in direct donations to open source security organizations.

Access to the model has been extended to a group of more than 40 additional organizations that build or maintain critical software infrastructure, allowing them to use the model to scan and protect both their own systems and open source projects. After the initial research period covered by the credits, Claude Mythos Preview will be available to participants at 25 dollars per million input tokens and 125 dollars per million output tokens, with access available through the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.

Partner work will focus on tasks such as local vulnerability detection, black-box testing of binaries, endpoint protection, and penetration testing of systems. Within 90 days, Anthropic will publicly report what was learned, the vulnerabilities that were fixed, and the improvements that can be disclosed.

The project also plans to collaborate with leading security organizations to produce practical recommendations on how security practices should evolve in the AI era, including:

• Vulnerability disclosure processes
• Software update processes
• Open source and supply chain security
• Software development lifecycle and security-by-design practices
• Standards for regulated industries
• Scalability and triage automation
• Patch automation

What the project partners are saying

Reactions from partners reinforce the gravity and urgency of the situation. The CEO of Cisco was direct in stating that AI capabilities have crossed a threshold that fundamentally changes the urgency needed to protect critical infrastructure, and that there is no going back. AWS highlighted that its teams analyze more than 400 trillion network flows per day in search of threats and that AI is central to its ability to defend at scale.

Igor Tsyganskiy, Executive VP of Cybersecurity and Microsoft Research, emphasized that we are entering a phase where cybersecurity is no longer limited by purely human capability, and that the opportunity to use AI responsibly to improve security at scale is unprecedented. When tested against CTI-REALM, an open source security benchmark from Microsoft, Claude Mythos Preview showed substantial improvements compared to previous models.

Tools we use daily

Translation

Text Inspection & Clipping

Social Media

Search & Research

Recruitment

Programming

Productivity & Organization

Operations

Marketing & Sales

Finance & Investment

Education

Design & Media

Data & Analytics

Content & Writing

Automation

George Kurtz from CrowdStrike made an observation that sums up the moment well: the window between a vulnerability being discovered and being exploited by an adversary has collapsed, what used to take months now happens in minutes with AI. The Linux Foundation added that open source maintainers, whose software supports much of the world’s critical infrastructure, have historically been left to fend for themselves when it comes to security, and Glasswing offers a path to change that equation.

Palo Alto Networks warned that the models need to be in the hands of defenders and open source owners everywhere to find and fix vulnerabilities before attackers gain access, and that everyone needs to prepare for AI-assisted attackers. Google reinforced its commitment with tools like Big Sleep and CodeMender for finding and fixing critical flaws, making Mythos Preview available to participants through Vertex AI. 💬

On availability and the future of the model

An important point: Anthropic does not plan to make Claude Mythos Preview available to the general public. The model remains restricted to project partners and participants precisely because of the dual potential of its capabilities. The eventual goal is to allow Mythos-class models to be deployed at scale safely, not just for cybersecurity, but also for the many other benefits that such capable models can bring.

To get there, the company needs to advance the development of safeguards that detect and block the most dangerous outputs from the model. Anthropic plans to launch new safeguards with an upcoming Claude Opus model, allowing them to refine those safeguards with a model that does not present the same level of risk as Mythos Preview. Additionally, the company has been in ongoing conversations with U.S. government officials about the model’s offensive and defensive cyber capabilities, recognizing that protecting critical infrastructure is a national security priority for democratic nations.

The role of AI in the new era of digital security

Project Glasswing is, in practice, a clear signal that Artificial Intelligence is taking on a central role in how the world will handle digital threats going forward. Not as a supporting tool, but as an essential and indispensable component of any serious cybersecurity strategy. Modern AI models have already demonstrated that they can outperform human experts at specific technical analysis tasks, and the field of digital security is one of the most promising for this application precisely because it involves a volume of data and complexity that is beyond the human ability to process manually at scale.

Ten years after the first DARPA Cyber Grand Challenge, frontier AI models are becoming competitive with the best humans at finding and exploiting vulnerabilities. Without the necessary safeguards, these powerful cyber capabilities could be used to exploit the many existing flaws in the world’s most important software, making cyberattacks of all kinds much more frequent and destructive.

This does not mean security professionals are going to be replaced, quite the opposite. What should happen is a redefinition of roles, where human experts focus on strategic decisions, context analysis, and risk management, while AI handles the heavy lifting of technical analysis at scale. Companies like CrowdStrike, Palo Alto Networks and Broadcom, which already operate directly in the security market, are part of the project precisely because they understand that this integration between human and artificial intelligence is the natural path forward, and those who do not adapt will fall behind in an industry where staying current is not optional.

What Glasswing represents, therefore, goes beyond a specific security project. It marks a moment when the tech industry collectively acknowledged that AI is too powerful to be left without direction, and that the best way to ensure it works in favor of society is by building collaborative, transparent, and responsible frameworks to guide its use. The work of defending the world’s cyber infrastructure could take years; the capabilities of frontier AI will likely advance substantially in the coming months. For defenders to stay ahead, action needs to happen now.

In a field as critical as cybersecurity, where the consequences of a failure can go far beyond compromised data and affect physical infrastructure, financial systems, and even lives, this collective stance is not just welcome, it is absolutely necessary. Anthropic has invited other members of the AI industry to join the effort and, in the medium term, suggested that an independent third-party body, capable of bringing together organizations from the public and private sectors, could be the ideal home for the continuation of these large-scale cybersecurity projects. 🌐