Project Glasswing: Anthropic's AI Cybersecurity Program (2026)
Anthropic's Project Glasswing uses Claude Mythos Preview to find zero-day exploits at scale. $100M committed. Not public. Full breakdown.
TL;DR
| Detail | Project Glasswing |
|---|---|
| What | Anthropic's defensive cybersecurity initiative |
| Powered by | Claude Mythos Preview — Anthropic's most capable model |
| Core capability | Autonomously discovers and exploits zero-day vulnerabilities |
| Scope | Found thousands of zero-days across every major OS and browser |
| Public access | None — first Anthropic model never released for general availability |
| Partners | AWS, Apple, Microsoft, Google, NVIDIA, Cisco, CrowdStrike, JPMorgan Chase, Broadcom, Palo Alto Networks, Linux Foundation |
| Financial commitment | $100M in usage credits + $4M in open-source security donations |
| Announced | April 7, 2026 |
What Is Project Glasswing?
Project Glasswing is Anthropic's initiative to use AI for identifying and fixing undiscovered cybersecurity vulnerabilities in critical software — at a scale no human team could match.
Named after the glasswing butterfly (known for its transparent wings, symbolizing transparency in security), the project is built on Claude Mythos Preview, a frontier model that Anthropic considers too powerful for public release.
The premise is straightforward: if next-generation AI models can find and exploit security holes autonomously, defenders need access to those same capabilities before attackers build their own. Rather than release Mythos Preview to the world and hope for the best, Anthropic chose to deploy it as a defensive tool for organizations that maintain the software the world depends on.
This makes Project Glasswing a first-of-its-kind program — an AI company deliberately restricting access to its most advanced model and channeling its capabilities toward a specific defensive mission.
Why Does Project Glasswing Exist?
During internal testing, Anthropic discovered that Claude Mythos Preview could do something no prior AI model had demonstrated: autonomously discover and exploit zero-day vulnerabilities in real-world production software.
From the 244-page system card published on April 7, 2026:
"Claude Mythos Preview demonstrated a striking leap in cyber capabilities relative to prior models, including the ability to autonomously discover and exploit zero-day vulnerabilities in major operating systems and web browsers."
The key word is "autonomously." Previous AI models could assist with vulnerability research when guided by experts. Mythos Preview can run the entire process itself — reading source code, forming hypotheses about potential flaws, writing proof-of-concept exploits, and producing complete bug reports with reproduction steps.
Anthropic realized that if their model could do this, it was only a matter of time before similar capabilities appeared elsewhere. The question became: do we give defenders a head start, or do we wait and hope?
They chose the head start.
The Cyber Capabilities: What Mythos Preview Can Actually Do
The results from Anthropic's testing are remarkable in both breadth and depth.
Thousands of Zero-Days Across Critical Infrastructure
Over a period of weeks, Claude Mythos Preview identified thousands of previously unknown vulnerabilities — many rated critical — in:
- Every major operating system (Windows, macOS, Linux, FreeBSD, OpenBSD)
- Every major web browser (Chrome, Firefox, Safari, Edge)
- Other critical software infrastructure components
Specific Disclosed Vulnerabilities
Among the bugs that have been patched and can be discussed publicly:
- CVE-2026-4747 — A 17-year-old remote code execution vulnerability in FreeBSD. The flaw existed in the NFS implementation and allowed an unauthenticated attacker from anywhere on the internet to gain root access. Mythos Preview found it and built a working exploit fully autonomously.
- A 27-year-old bug in OpenBSD — notable because OpenBSD is a system whose entire identity is built around security. This is the oldest vulnerability the model discovered.
- A 16-year-old vulnerability in FFmpeg's H.264 codec — affecting one of the most widely deployed multimedia processing libraries in the world.
Advanced Exploit Development
Mythos Preview doesn't just find bugs. It chains them together into sophisticated attack sequences:
- In one case, it wrote a web browser exploit chaining four separate vulnerabilities, including a JIT heap spray that escaped both the renderer sandbox and the OS sandbox.
- It autonomously developed local privilege escalation exploits on Linux by exploiting subtle race conditions and KASLR bypasses.
- It generates complete proof-of-concept exploits with reproduction steps, formatted as professional bug reports ready for developer triage.
How It Works Technically
Anthropic runs Mythos Preview through Claude Code — their agentic coding environment. The model is prompted to find security vulnerabilities, and then agentically:
- Reads source code to understand the attack surface
- Hypothesizes about potential vulnerabilities based on code patterns
- Writes test harnesses and exploit code to confirm its hypotheses
- Produces structured bug reports with working proof-of-concept exploits
Who Are the Partners?
Project Glasswing launched with 12 founding partners and has since expanded to over 40 organizations.
Founding Partners
| Organization | Role |
|---|---|
| Amazon Web Services | Cloud infrastructure provider |
| Apple | OS and browser vendor |
| Broadcom | Semiconductor and infrastructure software |
| Cisco | Networking and security infrastructure |
| CrowdStrike | Endpoint security platform |
| OS, browser, and cloud vendor | |
| JPMorgan Chase | Financial infrastructure |
| Linux Foundation | Open-source software ecosystem steward |
| Microsoft | OS, browser, and cloud vendor |
| NVIDIA | GPU and AI infrastructure |
| Palo Alto Networks | Network and cloud security |
The partner list is notable for its breadth. It spans operating system vendors (Apple, Microsoft, Google), cloud providers (AWS, Google, Microsoft), security companies (CrowdStrike, Palo Alto Networks), financial infrastructure (JPMorgan Chase), and the open-source ecosystem (Linux Foundation).
Open-Source Funding
Anthropic committed $4M in direct donations to open-source security organizations:
- $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation
- $1.5M to the Apache Software Foundation
The $100M Commitment
Anthropic is committing up to $100 million in usage credits for Mythos Preview across Project Glasswing.
That number reflects the compute-intensive nature of autonomous vulnerability discovery. Running Mythos Preview across millions of lines of code in every major software project is expensive. By providing credits rather than charging partners, Anthropic removes the cost barrier that would otherwise slow down defensive work.
For context, $100M in credits likely represents tens of thousands of GPU-hours dedicated purely to finding and documenting security flaws before attackers can exploit them.
Why Not Release the Model Publicly?
This is the question everyone asks. Anthropic's reasoning has three layers:
1. Dual-use risk is extreme. The exact capability that makes Mythos Preview valuable for defense — autonomously finding and exploiting zero-days — would make it equally valuable for offense. Releasing it publicly would give every attacker in the world access to a tool that can find exploitable vulnerabilities faster than any human team can patch them. 2. The asymmetry favors attackers. Attackers need to find one vulnerability. Defenders need to patch all of them. A publicly available vulnerability-finding AI would tilt this asymmetry further toward attackers, even if defenders also had access. 3. Controlled deployment works. By limiting access to organizations that maintain critical infrastructure, Anthropic ensures the model's output goes directly into the patch pipeline. Vulnerabilities get found, reported through coordinated disclosure, and fixed — without exploit code leaking into the wild.This makes Claude Mythos Preview the first Anthropic model never released for general availability. The system card was published in full (all 244 pages), but the model itself remains restricted.
Industry Reactions and Concerns
Project Glasswing has drawn significant attention across the technology and policy landscape.
Positive Reception
Security researchers and industry leaders have broadly praised the initiative. Simon Willison noted that restricting Mythos to security researchers "sounds necessary" given the capabilities described. The initiative was discussed between Federal Reserve Chair Powell, Treasury Secretary Bessent, and major U.S. bank CEOs, according to CNBC, reflecting the systemic importance of AI-driven vulnerability discovery.
Skepticism and Concerns
Not everyone is convinced. Some industry veterans argue that finding vulnerabilities has never been the bottleneck — the real problem is getting organizations to actually fix them. As Fortune reported, the gap between discovery and remediation remains the weakest link in the security chain.
Others worry about the precedent of an AI company deciding which organizations get access to powerful capabilities and which don't. The UK's AI Safety Institute (AISI) published its own evaluation of Mythos Preview's cyber capabilities, providing an independent assessment of the claims.
What Happens Next?
Is this the new normal for frontier AI?
Likely yes. As AI models become more capable, the practice of restricting access to models with extreme dual-use capabilities will probably become standard. Project Glasswing is a template for how this can work: publish the system card transparently, restrict the model itself, channel capabilities toward defense.
Will other AI companies follow?
OpenAI is already pursuing its own cybersecurity initiatives, creating what Crypto News described as a "race" between AI companies on defensive cyber capabilities.
When will the vulnerabilities be disclosed?
Anthropic is following standard coordinated vulnerability disclosure processes. As patches are released by affected vendors, the corresponding vulnerability details will become public. Given the volume — thousands of zero-days — this process will take months or longer.
Frequently Asked Questions
What does "Glasswing" mean?
The name comes from the glasswing butterfly (Greta oto), whose wings are nearly transparent. The metaphor is transparency — both in Anthropic's approach to publishing the full system card and in the goal of making software infrastructure more visible and secure.
Can I use Claude Mythos Preview?
Not unless you work at one of the 40+ partner organizations in the Project Glasswing consortium. Anthropic has no announced plans to release Mythos Preview for general availability.
Is Project Glasswing related to Claude Opus 4.6 or Claude Sonnet?
No. Mythos Preview is a separate, more capable model. Claude Opus 4.6 and Sonnet 4.6 remain available through the Anthropic API and consumer products. Project Glasswing specifically uses Mythos Preview for its superior cybersecurity capabilities.
How does Mythos Preview compare to other models on cybersecurity tasks?
No other publicly known model has demonstrated the ability to autonomously discover and exploit zero-day vulnerabilities at this scale. The system card describes capabilities that represent, in Anthropic's words, a "striking leap" beyond all prior models.
Does this mean AI will replace human security researchers?
No. The model produces vulnerability reports and proof-of-concept exploits, but human security engineers are still needed to validate findings, develop patches, test fixes, and coordinate disclosure. Think of it as a force multiplier that dramatically expands the scope of what a security team can cover.
What about the risk of the model being stolen or leaked?
This is a legitimate concern that Anthropic has addressed in the system card. The restricted deployment model — where partner organizations access Mythos Preview through controlled infrastructure rather than downloading model weights — is designed to minimize this risk.
The Bottom Line
Project Glasswing represents a turning point in how frontier AI capabilities are deployed. Instead of the default approach — release broadly and deal with consequences later — Anthropic chose targeted deployment for a specific defensive mission.
Whether you view this as responsible AI governance or a dangerous precedent where a private company gatekeeps powerful technology, the results are hard to argue with: thousands of critical vulnerabilities in the world's most important software, discovered and entering the patch pipeline before attackers found them.
The cybersecurity implications are immediate. The governance implications will take years to fully play out.
At Y Build, we track the frontier of AI capabilities and how they reshape software development and security. While Project Glasswing focuses on cybersecurity, the underlying trend — AI models becoming capable enough to require restricted deployment — will shape how every builder works with AI in the years ahead.
Sources:
- Project Glasswing: Securing critical software for the AI era — Anthropic
- Claude Mythos Preview System Card — red.anthropic.com
- Anthropic debuts preview of powerful new AI model Mythos — TechCrunch
- Anthropic says its most powerful AI cyber model is too dangerous to release — VentureBeat
- Simon Willison on Project Glasswing
- Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks — CNBC
- AISI evaluation of Claude Mythos Preview's cyber capabilities
- Anthropic caused panic that Mythos will expose cybersecurity weak spots — Fortune
- Introducing Project Glasswing — Linux Foundation
- The Vulnpocalypse: Why experts fear AI could tip the scales toward hackers — NBC News