Anthropic Unveils ‘Project Glasswing’ as Claude Mythos Targets Software Vulnerabilities
April 9, 2026 — Anthropic has announced Project Glasswing, a new initiative that brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world’s most critical software.
Anthropic formed Project Glasswing because of capabilities observed in a new frontier model trained by Anthropic that could reshape cybersecurity. Claude Mythos Preview is a general-purpose, unreleased frontier model that reveals a stark fact: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.
Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout—for economies, public safety, and national security—could be severe. Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes.
As part of Project Glasswing, the launch partners listed above will use Mythos Preview as part of their defensive security work; Anthropic will share what it learns so the whole industry can benefit. The company has also extended access to a group of over 40 additional organizations that build or maintain critical software infrastructure so they can use the model to scan and secure both first-party and open-source systems. Anthropic is committing up to $100 million in usage credits for Mythos Preview across these efforts, as well as $4 million in direct donations to open-source security organizations.
Project Glasswing is a starting point. No one organization can solve these cybersecurity problems alone: frontier AI developers, other software companies, security researchers, open-source maintainers, and governments across the world all have essential roles to play. The work of defending the world’s cyber infrastructure might take years; frontier AI capabilities are likely to advance substantially over just the next few months. For cyber defenders to come out ahead, the community needs to act now.
Cybersecurity in the age of AI
The software that the world relies on every day—responsible for running banking systems, storing medical records, linking up logistics networks, keeping power grids functioning, and much more—has always contained bugs. Many are minor, but some are serious security flaws that, if discovered, could allow cyberattackers to hijack systems, disrupt operations, or steal data.
Over the years there have been serious consequences of cyberattacks for important corporate networks, healthcare systems, energy infrastructure, transport hubs, and the information security of government agencies across the world. On the global stage, state-sponsored attacks from actors like China, Iran, North Korea, and Russia have threatened to compromise the infrastructure that underpins both civilian life and military readiness. Even smaller-scale attacks, such as those where individual hospitals or schools are targeted, can still inflict substantial economic damage, expose sensitive data, and even put lives at risk. The current global financial costs of cybercrime are challenging to estimate, but might be around $500 billion every year.
Many flaws in software go unnoticed for years because finding and exploiting them has required expertise held by only a few skilled security experts. With the latest frontier AI models, the cost, effort, and level of expertise required to find and exploit software vulnerabilities have all dropped dramatically. Over the past year, AI models have become increasingly effective at reading and reasoning about code—in particular, they show a striking ability to spot vulnerabilities and work out ways to exploit them. Claude Mythos Preview demonstrates a leap in these cyber skills—the vulnerabilities it has spotted have in some cases survived decades of human review and millions of automated security tests, and the exploits it develops are increasingly sophisticated.
Ten years after the first DARPA Cyber Grand Challenge, frontier AI models are now becoming competitive with the best humans at finding and exploiting vulnerabilities. Without the necessary safeguards, these powerful cyber capabilities could be used to exploit the many existing flaws in the world’s most important software. This could make cyberattacks of all kinds much more frequent and destructive, and empower adversaries of the United States and its allies. Addressing these issues is therefore an important security priority for democratic states.
Although the risks from AI-augmented cyberattacks are serious, there is reason for optimism: the same capabilities that make AI models dangerous in the wrong hands make them invaluable for finding and fixing flaws in important software—and for producing new software with far fewer security bugs. Project Glasswing is an important step toward giving defenders a durable advantage in the coming AI-driven era of cybersecurity.
Anthropic does not plan to make Claude Mythos Preview generally available, but the eventual goal is to enable users to safely deploy Mythos-class models at scale—for cybersecurity purposes, but also for the myriad other benefits that such highly capable models will bring. To do so, progress needs to be made in developing cybersecurity (and other) safeguards that detect and block the model’s most dangerous outputs. Anthropic plans to launch new safeguards with an upcoming Claude Opus model, allowing the company to improve and refine them with a model that does not pose the same level of risk as Mythos Preview.
Plans for Project Glasswing
This announcement is the beginning of a longer-term effort. To be successful, it will require broad involvement from across the technology industry and beyond.
Project Glasswing partners will receive access to Claude Mythos Preview to find and fix vulnerabilities or weaknesses in their foundational systems—systems that represent a very large portion of the world’s shared cyberattack surface. Anthropic anticipates this work will focus on tasks like local vulnerability detection, black box testing of binaries, securing endpoints, and penetration testing of systems.
Anthropic’s commitment of $100 million in model usage credits to Project Glasswing and additional participants will cover substantial usage throughout this research preview. Afterward, Claude Mythos Preview will be available to participants at $25/$125 per million input/output tokens (participants can access the model on the Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry).
In addition to Anthropic’s commitment of model usage credits, the company has donated $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5 million to the Apache Software Foundation to enable the maintainers of open-source software to respond to this changing landscape (maintainers interested in access can apply through the Claude for Open Source program).
Anthropic intends for this work to grow in scope and continue for many months, and the company will share as much as it can so that other organizations can apply the lessons to their own security. Partners will, to the extent they’re able, share information and best practices with each other; within 90 days, Anthropic will report publicly on what it has learned, as well as the vulnerabilities fixed and improvements made that can be disclosed. Anthropic will also collaborate with leading security organizations to produce a set of practical recommendations for how security practices should evolve in the AI era. This will potentially include:
- Vulnerability disclosure processes
- Software update processes
- Open-source and supply-chain security
- Software development lifecycle and secure-by-design practices
- Standards for regulated industries
- Triage scaling and automation
- Patching automation.
Anthropic has also been in ongoing discussions with US government officials about Claude Mythos Preview and its offensive and defensive cyber capabilities. As noted above, securing critical infrastructure is a top national security priority for democratic countries—the emergence of these cyber capabilities is another reason why the US and its allies must maintain a decisive lead in AI technology. Governments have an essential role to play in helping maintain that lead, and in both assessing and mitigating the national security risks associated with AI models. Anthropic is ready to work with local, state, and federal representatives to assist in these tasks.
Anthropic is hopeful that Project Glasswing can seed a larger effort across industry and the public sector, with all parties helping to address the biggest questions around the impact of powerful models on security. The company invites other AI industry members to join in helping to set the standards for the industry. In the medium term, an independent, third-party body—one that can bring together private- and public-sector organizations—might be the ideal home for continued work on these large-scale cybersecurity projects.
Source: Anthropic
Related
A New Memory Chip Survives 700°C and Could Enable AI in Space
Heat has never been a friend to electronic components, and memory chips are no exception….
CAS Launches ‘Newton’ Agentic AI Built on Curated Scientific Data
COLUMBUS, Ohio, April 9, 2026 — CAS, a division of the American Chemical Society, has…
Anthropic Unveils ‘Project Glasswing’ as Claude Mythos Targets Software Vulnerabilities
April 9, 2026 — Anthropic has announced Project Glasswing, a new initiative that brings together Amazon…
Linux Foundation A2A Protocol Marks One Year with Broad Enterprise and Cloud Adoption
SAN FRANCISCO, April 9, 2026 — The A2A (Agent-to-Agent) Protocol project, hosted by the Linux…
SiFive Raises $400M Series G to Advance RISC-V Architecture for AI Infrastructure
SANTA CLARA, Calif., April 9, 2026 — SiFive today announced it has raised $400 million…
CIQ Rolls Out ARCA Single-Stack Solution for Academic HPC Operations
RENO, Nev., April 9, 2026 — CIQ, the founding support and services partner of Rocky…
