Project Glasswing is 📝Anthropic's initiative to use 📝Claude Mythos Preview — its most capable 📝frontier model — to find and remediate vulnerabilities in the world's most critical software before adversaries can exploit them. Announced April 7, 2026, the project is built on a premise Anthropic states plainly: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.
How It Works
Glasswing partners deploy Mythos Preview to scan both proprietary and open-source systems for zero-day vulnerabilities. The model reads source code, hypothesizes vulnerabilities, autonomously ranks files by exploitation likelihood, then develops and verifies exploits — all within a single agentic session. Partners can secure their own systems, contribute findings to the broader ecosystem, and share learnings industry-wide. Anthropic has committed to 90-day public reporting on findings and improvements, and to developing industry recommendations for vulnerability disclosure, software updates, and secure development practices.
Participating Organizations
Twelve launch partners anchor the coalition: 📝Amazon Web Services (AWS), 📝Apple, Broadcom, Cisco, CrowdStrike, Google, Chase Bank, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic itself. Over 40 additional organizations maintaining critical software infrastructure have been granted access.
Findings
In the weeks preceding the announcement, Mythos Preview identified thousands of high-severity zero-day vulnerabilities in every major operating system and every major web browser. Notable discoveries include a 27-year-old vulnerability in OpenBSD and a 16-year-old vulnerability in FFmpeg that automated tools had missed despite running five million times. The model autonomously chained multiple Linux kernel vulnerabilities for privilege escalation. Manual validation confirmed 89% severity agreement with expert security contractors across 198 reviewed vulnerability reports.
Financial Commitments
- $100M in model usage credits for Mythos Preview access across all Glasswing participants
- $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation
- $1.5M to the Apache Software Foundation
Claude for Open Source
A sub-program provides resources enabling maintainers of critical open-source codebases to access security testing capabilities previously unavailable to organizations without large security teams.
Cyber Verification Program
A forthcoming program for legitimate security professionals whose defensive research is restricted by existing model safety safeguards. Details have not yet been published.
Access and Pricing
Mythos Preview is available to approved participants at $25 per million input tokens and $125 per million output tokens, accessible via the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry. Anthropic does not plan to make Mythos Preview generally available.
The Glasswing Paradox
The initiative's central tension is structural: the same capabilities that enable defense enable offense. Mythos can discover and exploit vulnerabilities with equal proficiency. Picus Security coined the term "the Glasswing Paradox" — the thing that can break everything is also the thing that fixes everything. This is not a novel framing in security (penetration testing has always walked this line), but the scale is unprecedented. A model that can autonomously chain kernel vulnerabilities for privilege escalation is a qualitatively different tool than a human pentester.
Sources: Picus Security
The Patching Gap
Fewer than 1% of vulnerabilities found by Mythos have been patched. Discovery is outpacing remediation at a rate that calls into question whether the program's primary bottleneck is finding vulnerabilities or fixing them. Defenders operate on "calendar speed" while attacks occur at "machine speed" — a timing asymmetry that more discovery alone does not solve. Open-source maintainers face an acute version of this problem: individual maintainers of critical projects lack dedicated security teams, and the shift from detection to triage requires operational capacity that many projects simply don't have.
Sources: Picus Security, Platformer
Access as Class System
Organizations outside the coalition don't have access to the same defensive capabilities, creating what one security professional called "a class system." In a threat landscape where detection speed determines survival, the question of who gets access is not trivial. The $100M in credits and the Claude for Open Source sub-program partially address this, but the core model remains gated.
Sources: AI Business, GovInfoSecurity
Strategic Timing Questions
Some observers note that Glasswing's announcement coincides with Anthropic reaching a significant revenue milestone, a major compute deal with Broadcom, and reported IPO considerations by October 2026. This raises questions about whether the initiative represents genuine security urgency or strategic positioning — though the two are not mutually exclusive.
Sources: Picus Security
Proliferation Timeline
Alex Stamos (Corridor CPO, former Facebook and Yahoo security lead) estimates roughly six months before open-weight models catch up to frontier capabilities in vulnerability discovery. If accurate, the window in which gated access provides meaningful asymmetric advantage is narrow. Anthropic itself acknowledges: "Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors committed to deploying them safely."
Sources: Platformer, Fortune
Market Reaction
Following the announcement, cybersecurity stocks including CrowdStrike, Palo Alto Networks, and Zscaler declined 5-11% as investors weighed whether AI-native vulnerability discovery could undermine demand for traditional security products.
Sources: Fortune
Government Relationship
Anthropic has briefed U.S. government officials and offered assistance, but it is not clear the government is taking Anthropic up on the offer. The relationship carries friction — Anthropic previously sought designation as a "supply chain risk" after refusing Pentagon surveillance modifications. A private company now possesses extremely powerful zero-day exploits across nearly every major software project, a concentration of offensive capability that sits uncomfortably outside traditional government oversight structures.
Sources: Platformer, NBC News