Anthropic just announced Project Glasswing, and it’s not your typical industry partnership fluff. This is a serious, coordinated effort involving Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic themselves. The goal? Secure the world’s most critical software before AI-powered attackers do it for us.
The catalyst here is Claude Mythos Preview, an unreleased frontier model that Anthropic has been training. They claim it can already find and exploit software vulnerabilities better than all but the most elite human security researchers. That’s not hyperbole—they’ve tested it. Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and every major web browser. Think about that: bugs that survived decades of human review and millions of automated tests are now being surfaced by an AI.
This is the kind of capability that keeps CTOs up at night. Because once this tech is out in the wild—and it will be, given the pace of AI progress—it won’t just be the good guys using it. State-sponsored actors, cybercriminal gangs, anyone with enough compute and motivation could weaponize it. The financial costs of cybercrime are already estimated at around $500B annually. That number could skyrocket.
So what’s the plan? Project Glasswing is essentially a defensive countermeasure. The launch partners will use Mythos Preview to scan their own systems and critical open-source projects for vulnerabilities. Anthropic is putting up to $100M in usage credits for these efforts, plus $4M in direct donations to open-source security organizations. They’ve also extended access to over 40 additional organizations that build or maintain critical software infrastructure.
The idea is straightforward: use the same AI capability that could be used to break things to instead fix them. Find the flaws before the bad guys do, patch them, and make the whole ecosystem more resilient. It’s a race, and right now the defenders are getting a head start.
I’ve seen a lot of these “industry-wide initiatives” come and go. Most are long on press releases and short on actual impact. But this one feels different. The list of partners is genuinely impressive—you’ve got cloud providers, chipmakers, security firms, financial institutions, and the Linux Foundation all at the table. That’s not easy to coordinate. And the commitment of real resources—$100M in compute credits, direct funding, and access to a frontier model—suggests this isn’t just a PR play.
Still, I have some reservations. First, Mythos Preview is unreleased. We don’t know exactly how capable it is, or how it compares to other frontier models in this domain. Anthropic’s claims are strong, but we need independent verification. Second, even with the best AI, finding vulnerabilities is only half the battle. Fixing them, especially in large, complex codebases, takes time and human judgment. A model can point out a buffer overflow, but the developer still has to understand the context and deploy a safe patch.
Third, there’s the broader question of how this technology will be controlled. Anthropic says they’re committed to safe deployment, but once these capabilities are out there, they’re out there. Other companies, other countries, other actors will develop similar models. Glasswing might give defenders a temporary advantage, but it’s not a permanent solution.
That said, it’s a damn good start. The fact that they’re being transparent about the risks—acknowledging that AI progress could outpace defensive efforts within months—is refreshing. Most companies would downplay the danger. Anthropic is essentially saying, “We built something that could be very dangerous, so we’re going to use it for good and invite everyone to help.”
The article mentions that this is “an important security priority for democratic states.” That’s not just political window-dressing. If authoritarian regimes get this capability first, the balance of cyber power shifts dramatically. Project Glasswing is as much about strategic positioning as it is about technical security.
Bottom line: this is one of the most significant cybersecurity initiatives I’ve seen in years. The scope, the partners, the resources, and the urgency are all real. Whether it works depends on execution, but the direction is absolutely right. If you work in security, pay attention. If you use software—and you do—this matters to you.
Comments (0)
Login Log in to comment.
Be the first to comment!