Project Glasswing: Securing Critical Software in the AI Era

When Anthropic’s Claude Mythos Preview revealed thousands of high-severity vulnerabilities in every major operating system, it didn’t take long for the industry to understand the implication. 

The superior vulnerability detection capability of AI can sow unprecedented destruction in the hands of bad actors. 

Hence, alighting firmly on the side of the defenders, Anthropic has pulled back the curtain on Project Glasswing – an ambitious effort to protect critical software from a new generation of cyber risks driven by AI. 

This coalition brings together major industry players including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks in an effort to secure critical software.  

The move reflects a growing urgency across the tech sector. As AI systems become more capable, they are not only strengthening defences but also lowering the barrier for sophisticated cyber attacks. Project Glasswing aims to tip that balance back in favour of defenders by finding weaknesses early and at scale.

“Glasswing is built around Claude Mythos Preview, our new limited-release frontier model, which has so far found thousands of zero-day vulnerabilities – including some that survived decades of human review – spanning every major operating system and browser,” writes Daniela Amodei, President at Anthropic, on LinkedIn. 

“AI cyber capabilities at this level will proliferate over the coming months, and not every actor who gets access to them will be focused on defense. That's the gap Glasswing is built to close.

“Cyber defence at this scale is a team effort. Frontier labs, software companies, security researchers, open-source maintainers and governments all working together is how defenders will stay ahead.”

Claude Mythos Preview

At the core of Glasswing is the vulnerability discovery capabilities of Claude Mythos Preview. 

A testament to its effectiveness is its uncovering of a 27-year-old vulnerability in OpenBSD – an operating system used to run firewalls and other critical infrastructure due to its reputation of being the most security-hardened OS in the world. 

Worryingly, the bug allowed an attacker to remotely crash any machine running OpenBSD simply by connecting to it. 

Another major vulnerability was discovered in FFmpeg – which is used to encode and decode videos. 

Linux kernel, which is used to run ‘most of the world’s servers’ also had flaws that would enable an attacker to take complete control over the machine. 

“The more capable AI becomes, the more security it needs,” notes George Kurtz, President , CEO and Founder of CrowdStrike. That’s why Anthropic chose CrowdStrike as a founding member of their security coalition for Claude Mythos Preview.

“AI is creating the largest security demand driver since the enterprises moved to the cloud. Claude Code is changing how people use computers. OpenClaw is set to reshape how enterprises automate. Mythos may be the most capable frontier model yet. It won’t be the last.

“All of these AI innovations meet enterprises at the endpoint. That’s where they access data, make decisions and also create risk.”

Durable defender advantage 

Anthropic has committed US$100m in model usage credits to Project Glasswing and additional participants in the effort to secure critical software from threats of the future. 

The AI giant is also donating US$4m to open-source security organisations to support the cause.

Anthropic notes: "Although the risks from AI-augmented cyber attacks are serious, there is reason for optimism: the same capabilities that make AI models dangerous in the wrong hands make them invaluable for finding and fixing flaws in important software.

"Project Glasswing is an important step toward giving defenders a durable advantage in the coming AI-driven era of cybersecurity."

AI as a defence mechanism

In truth, Project Glasswing is as much about preparation as it is about prevention.

By giving organisations early access to advanced tools like Claude Mythos Preview, Anthropic is creating a window to identify and fix vulnerabilities before similar capabilities become widely available.

“AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats and there is no going back,” says Anthony Grieco, SVP & Chief Security & Trust Officer at Cisco. 

“Our foundational work with these models has shown we can identify and fix security vulnerabilities across hardware and software at a pace and scale previously impossible. That is a profound shift and a clear signal that the old ways of hardening systems are no longer sufficient. 

“Providers of technology must aggressively adopt new approaches now and customers need to be ready to deploy. That is why Cisco joined Project Glasswing – this work is too important and too urgent to do alone.”

Through collaboration, controlled deployment and sustained investment, Anthropic is betting that the best defence against powerful AI is, quite simply, better AI.