Anthropic just announced Project Glasswing, and it’s the kind of initiative that sounds boring until you realize what’s actually going on. The short version: a bunch of major tech companies—Amazon, Apple, Google, Microsoft, NVIDIA, Cisco, Broadcom, CrowdStrike, JPMorganChase, the Linux Foundation, and Palo Alto Networks—are teaming up with Anthropic to secure critical software. The long version involves a new AI model that can already find vulnerabilities in every major operating system and web browser, and that’s both impressive and terrifying.
They’re calling the model Claude Mythos Preview. It’s unreleased, general-purpose, and according to Anthropic, it can “surpass all but the most skilled humans at finding and exploiting software vulnerabilities.” That’s a strong claim, but they’ve got the receipts: thousands of high-severity vulnerabilities found already, including some in places that have been audited by humans for decades and survived millions of automated tests. That’s not just a demo; that’s a real capability shift.
Here’s the thing that actually matters: we’ve been living in a world where most software has bugs, and most of those bugs are harmless. But the serious ones—the zero-days that let attackers hijack systems, steal data, or shut down power grids—have historically required rare expertise to find and exploit. That barrier is now collapsing. Mythos Preview makes finding those flaws cheap and fast. The cost, effort, and skill required have all dropped dramatically. And that cuts both ways: defenders can use it to patch things, but so can attackers once this capability proliferates.
Anthropic is betting that proliferation is inevitable. They’re not wrong. Given the rate of AI progress, it’s not hard to imagine a world where every state-sponsored hacking group has access to something like this. The question is whether defenders can get ahead before that happens.
Project Glasswing is their attempt to do exactly that. The launch partners will use Mythos Preview for defensive security work—scanning their own systems, finding flaws before attackers do. Anthropic is also extending access to over 40 organizations that build or maintain critical infrastructure, including open-source projects. They’re committing up to $100M in usage credits and $4M in direct donations to open-source security organizations. That’s real money, and it’s smart: open-source maintainers are chronically under-resourced, and they’re the ones keeping the internet running on a shoestring.
The scale of the problem is hard to overstate. The article cites global cybercrime costs at around $500B per year, and that’s probably an underestimate. We’ve seen attacks on hospitals, schools, energy grids, and government agencies. State-sponsored actors from China, Iran, North Korea, and Russia are actively probing infrastructure. The software running banking systems, medical records, and logistics networks is full of flaws that have been sitting there for years, unnoticed. Mythos Preview is finding them in weeks.
I’ve been watching AI cybersecurity for a while, and this feels different. Previous models could help with basic vulnerability scanning, but they weren’t competitive with expert humans. Mythos Preview apparently is. That’s a line crossed. The DARPA Cyber Grand Challenge was ten years ago, and back then, automated systems were still playing catch-up. Now we’re here.
What I appreciate about this announcement is that Anthropic isn’t pretending this is all good news. They’re upfront about the risks: “Without the necessary safeguards, these powerful cyber capabilities could be used to exploit the many existing flaws in the world’s most important software.” That’s refreshingly honest for a press release. They’re also framing this as a starting point, not a solution. No single company or government can fix this alone. It’s going to take years of coordinated work, and AI capabilities will advance substantially in just the next few months.
There’s a strategic angle here that’s worth noting. Anthropic is positioning itself as the responsible actor, the one that’s thinking about safety before deployment. That’s good for their brand, but it’s also genuinely necessary. If they’re right about what Mythos Preview can do, then keeping it locked up while selectively sharing it with defenders is probably the right call. But let’s be real: that won’t last forever. Models leak. Capabilities get replicated. The question is whether the defensive infrastructure built through Project Glasswing will be enough to absorb the shock when that happens.
The coalition is impressive. You’ve got cloud providers (AWS, Google, Microsoft), hardware vendors (Apple, Broadcom, Cisco, NVIDIA), security specialists (CrowdStrike, Palo Alto Networks), financial institutions (JPMorganChase), and the Linux Foundation representing the open-source world. That’s a broad enough base to actually move the needle. But coalitions like this have a history of being slow and bureaucratic. The question is whether they can move fast enough.
I also wonder about the open-source side. $4M in donations is a start, but the open-source security ecosystem needs way more than that. Projects like OpenSSL, OpenSSH, and the Linux kernel itself are maintained by tiny teams relative to their importance. If Mythos Preview can find vulnerabilities in those codebases—which it apparently can—then those maintainers need more than credits; they need people who can triage and fix the issues. Credits don’t write patches.
Still, this is better than nothing. And honestly, it’s better than what most AI companies are doing, which is shipping models and hoping for the best. Anthropic is at least trying to build a defensive framework before the offensive capabilities become widespread. That’s more than I expected.
The bottom line: AI-driven cybersecurity is here, and it’s going to change the game for both attackers and defenders. Project Glasswing is a serious attempt to give defenders a head start. Whether it’s enough depends on how fast the other side moves. But for now, it’s the most credible effort I’ve seen.
Comments (0)
Login Log in to comment.
Be the first to comment!