Project Glasswing is built around a startling admission: a new frontier model has reached a level of coding capability that can surpass all but the most skilled humans at finding and exploiting software vulnerabilities. That is not a distant warning. It is the premise behind a coordinated effort to use that power defensively before it spreads more widely.
What is Project Glasswing trying to prevent?
The central question is straightforward: what happens when a general-purpose model can do more than write code well, and can also identify exploit chains, security flaws, and system weaknesses at scale? The evidence presented in the launch materials suggests the concern is not theoretical. Mythos Preview has already found thousands of high-severity vulnerabilities, including vulnerabilities in major operating systems and web browsers.
Verified fact: Anthropic says Project Glasswing was formed because of capabilities observed in Claude Mythos2 Preview, an unreleased frontier model. The company says the model can uncover vulnerabilities at a level that could reshape cybersecurity. It also says the model’s capabilities could proliferate faster than the security field is prepared for.
Who is getting access, and why does that matter?
Project Glasswing is not being framed as a closed research exercise. It is being used as a structured defensive trial. The launch partners listed in the materials will use Mythos Preview in their security work, while Anthropic says it will share what it learns so the broader industry can benefit. More than 40 additional organizations that build or maintain critical software infrastructure have also been given access so they can scan and secure first-party and open-source systems.
Verified fact: The consortium includes Microsoft, Apple, Google, Amazon Web Services, the Linux Foundation, Cisco, Nvidia, Broadcom, and more than 40 other organizations spanning technology, cybersecurity, critical infrastructure, and finance. Anthropic says it is committing up to $100 million in usage credits for Mythos Preview across these efforts, plus $4 million in direct donations to open-source security organizations.
Analysis: The scale of the access matters because it shows a shift from isolated cybersecurity testing to a broader attempt to harden the software ecosystem before advanced AI capabilities become widely available. The company’s argument is that the defensive window is limited. The risk, in its framing, is that the same capabilities could soon be available to actors with no commitment to safe deployment.
Why do the launch statements emphasize urgency over celebration?
Project Glasswing is presented as a starting point, not a solution. Anthropic says no single organization can solve the problem alone, and that frontier AI developers, other software companies, security researchers, open-source maintainers, and governments all have essential roles to play. The company also warns that the work of defending cyber infrastructure may take years, even as frontier AI capabilities are likely to advance substantially over the next few months.
Verified fact: Logan Graham, Anthropic’s frontier red team lead, said the purpose is to prepare for a world in which these capabilities are broadly available in 6, 12, or 24 months. He said many assumptions behind modern security paradigms might break. Dario Amodei, Anthropic CEO, said Mythos Preview is a major jump because it was trained to be good at code and became good at cyber as a side effect.
The company also says Mythos Preview can go beyond vulnerability discovery and produce potential attack chains and proofs of concept, while also handling penetration testing, endpoint security assessment, system misconfiguration hunting, and binary analysis without source code.
What does this mean for the security landscape?
Verified fact: Anthropic says software flaws have always existed in systems that support banking, medical records, logistics networks, power grids, and other critical services. It also says cyberattacks have already produced serious consequences for corporate networks, healthcare systems, energy infrastructure, transport hubs, and government agencies. The company estimates global financial costs of cybercrime might be around $500 billion each year.
Analysis: Taken together, the materials point to a clear shift in the security model. The old problem was that only a small number of experts could reliably find and exploit serious flaws. The new problem is that frontier AI reduces the cost, effort, and expertise needed to do that work. That can help defenders, but it can also lower the barrier for attackers. Project Glasswing is an attempt to stay ahead of that change, not a guarantee that the change can be contained.
For now, the most important fact is that the industry is being asked to treat advanced AI cyber capability as an operational reality rather than a future hypothesis. The success or failure of Project Glasswing will likely be measured not by its launch, but by whether it helps critical software operators adapt before those capabilities spread further. The public should read Project Glasswing as an early test of whether AI can be used to secure the systems it can also threaten.
