Project Glasswing is a new cross-industry initiative aimed at using a powerful, unreleased Anthropic model to harden the software that underpins critical infrastructure. The founding group spans cloud, platform, security, and enterprise heavyweights—Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks—with a stated goal: put frontier-grade AI vulnerability discovery to work on defense before similar capabilities spread more widely.
At the center of the effort is Claude Mythos 2 Preview, described as a general-purpose frontier model with agentic coding and reasoning strong enough to find and, in some cases, exploit software vulnerabilities at a level that can exceed all but the most skilled human security researchers.
Why Glasswing exists: vulnerability hunting is getting cheaper
Software bugs are a constant; the difference now is the economics of finding the worst ones. The announcement frames the shift in terms of falling costs, effort, and required expertise for vulnerability discovery and exploitation, driven by increasingly capable AI models that can read code, reason through edge cases, and propose workable exploit paths.
That matters because the same weaknesses sit inside systems that keep banking, health records, logistics, and energy infrastructure running—areas where successful attacks have already had visible consequences. The post also points to estimates placing global cybercrime damage costs at roughly $500B per year, while noting the uncertainty in such figures.
What Anthropic says Mythos Preview has already found
Anthropic reports that, over the past few weeks, Claude Mythos Preview was used to identify thousands of zero-day vulnerabilities, including many described as critical, across every major operating system and every major web browser, plus other widely used software.
A related technical write-up on Anthropic’s Frontier Red Team blog is linked for patched examples and exploit details: Frontier Red Team blog post. Anthropic says the model identified nearly all of the highlighted vulnerabilities—and developed many related exploits—autonomously, without human steering. Examples provided include:
- A 27-year-old OpenBSD vulnerability that could allow a remote attacker to crash a machine simply by connecting to it.
- A 16-year-old FFmpeg vulnerability in code that automated testing tools reportedly executed five million times without detecting the issue.
- A Linux kernel vulnerability chain enabling escalation from ordinary user access to full system control.
Anthropic says these examples were reported to maintainers and have been patched. For other vulnerabilities not yet ready for disclosure, the company says it is publishing cryptographic hashes now and will reveal details after fixes are available.
Benchmarks cited: CyberGym and a spread of SWE-bench results
To quantify the gap between Mythos Preview and Anthropic’s prior model tier, the announcement highlights CyberGym results for “Cybersecurity Vulnerability Reproduction,” listing Mythos Preview at 83.1% versus 66.6% for Claude Opus 4.6.
It also includes a table of broader evaluation results spanning coding, reasoning, and tool use. Among the scores shown:
- SWE-bench Pro: 77.8% (Mythos Preview) vs 53.4% (Opus 4.6)
- Terminal-Bench 2.0: 82.0% vs 65.4%
- SWE-bench Verified: 93.9% vs 80.8%
- Humanity’s Last Exam (without tools / with tools): 56.8% / 64.7% vs 40.0% / 53.1%
- OSWorld-Verified: 79.6% vs 72.7%
Anthropic attaches caveats about memorization screens on some SWE-bench problems, notes that SWE-bench Multimodal used an internal implementation, and flags that Mythos “still performs well” on Humanity’s Last Exam at low effort, which it says could indicate some memorization.
For more detail on the model, Anthropic points to the Claude Mythos Preview system card.
How partners get access—and what they’ll do with it
Project Glasswing partners are expected to use Claude Mythos Preview in defensive work across foundational systems. The announcement anticipates focus areas such as local vulnerability detection, black box testing of binaries, securing endpoints, and penetration testing.
Anthropic also says it extended access to “over 40 additional organizations” that build or maintain critical software infrastructure to scan both first-party and open-source systems.
Notably, Anthropic says it does not plan to make Claude Mythos Preview generally available. Instead, the longer-term goal is enabling users to “safely deploy Mythos-class models at scale,” which depends on building safeguards to detect and block the most dangerous outputs. Anthropic says it plans to launch new safeguards with an upcoming Claude Opus model, refining them with a model that “does not pose the same level of risk as Mythos Preview.”
Funding, credits, and pricing after the preview period
Anthropic is committing up to $100M in usage credits for Mythos Preview across Project Glasswing and additional participants, alongside $4M in direct donations to open-source security organizations.
The announcement also specifies that after the research preview, Claude Mythos Preview will be available to participants priced at $25/$125 per million input/output tokens, with access via the Claude API as well as Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry.
On the open-source side, Anthropic says it donated $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5M to the Apache Software Foundation. It also links an application path for maintainers via the Claude for Open Source program.
What comes next: a 90-day report and guidance for the AI era
Project Glasswing is positioned as a multi-month effort with an explicit sharing loop. Anthropic says partners will share best practices where possible, and that within 90 days Anthropic will publish what it has learned—along with vulnerabilities fixed and improvements that can be disclosed.
The initiative also plans to collaborate with security organizations on practical recommendations for how security practices should evolve in the AI era, potentially covering:
- Vulnerability disclosure processes
- Software update processes
- Open-source and supply-chain security
- Software development lifecycle and secure-by-design practices
- Standards for regulated industries
- Triage scaling and automation
- Patching automation
Anthropic also notes ongoing discussions with US government officials about Mythos Preview’s offensive and defensive capabilities, and frames critical infrastructure security as a national security priority for democratic countries.
