Project Glasswing: Anthropic Unites Tech Giants to Secure the World's Software
Anthropic just unveiled Project Glasswing, and this isn’t just another product launch. It’s a security coalition bringing together AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks with a single goal: find and fix vulnerabilities in the world’s most critical software before anyone can exploit them.
At the heart of the project is Claude Mythos Preview, a frontier model from Anthropic that isn’t publicly available yet but is already delivering remarkable results.
What Mythos Preview Found
The model works entirely autonomously, with no human steering, analyzing codebases for security flaws. It found thousands of high-severity vulnerabilities, including some in every major operating system and web browser.
A few standout discoveries:
- A 27-year-old vulnerability in OpenBSD that allows remote system crashes. Three decades of human review missed it.
- A 16-year-old FFmpeg vulnerability that survived over 5 million automated test iterations.
- Multiple chained vulnerabilities in the Linux kernel enabling privilege escalation.
These aren’t trivial bugs. They’re flaws that survived decades of manual review and millions of automated tests.
The Numbers: Mythos Preview vs Opus 4.6
To put the model’s capabilities in context, here are the benchmarks compared against Claude Opus 4.6 (the most capable publicly available model):
| Benchmark | Mythos Preview | Opus 4.6 |
|---|---|---|
| CyberGym (vulnerability reproduction) | 83.1% | 66.6% |
| SWE-bench Pro | 77.8% | 53.4% |
| Terminal-Bench 2.0 | 82.0% | 65.4% |
The improvements are substantial. On SWE-bench Pro, Mythos Preview beats Opus 4.6 by over 24 percentage points. This implies significantly stronger agentic coding and reasoning capabilities.
How Access Works
Glasswing is not a consumer product. Access is limited to launch partner organizations plus around 40 additional critical infrastructure maintainers. The model is available through:
- Claude API
- Amazon Bedrock
- Google Cloud Vertex AI
- Microsoft Foundry
When access eventually opens up, planned pricing is $25 per million input tokens and $125 per million output tokens.
The Investment Behind It
Anthropic didn’t just bring a model to the table. The financial commitment includes:
- $100 million in model usage credits
- $2.5 million to Alpha-Omega and OpenSSF (via the Linux Foundation)
- $1.5 million to the Apache Software Foundation
- A “Claude for Open Source” program that open-source maintainers can apply to
It’s a significant bet on securing the open-source ecosystem, which is the foundation virtually all software in the world runs on.
The Elephant in the Room: Dual Use
Anthropic openly acknowledges that a model capable of finding vulnerabilities is also capable of exploiting them. That’s why Glasswing comes with deliberate restrictions:
- The model is not publicly available
- Anthropic plans to implement new safeguards before any broader deployment
- Safeguards will be tested on less risky Opus models first before being enabled on Mythos-class models
Within the next 90 days, Anthropic will publish reports on the project’s learnings. The initiative is designed to span many months.
Why This Matters
Project Glasswing marks a turning point in how AI can be applied to cybersecurity. This isn’t just another scanner. It’s a model that reasons about software behavior, identifies attack vectors, and develops working exploits autonomously.
The fact that 12 of the world’s largest companies agreed to a joint security initiative says a lot about the scale of the problem and the potential of these models to address it. The question is no longer whether AI will transform cybersecurity, but how fast.