Project Glasswing is an industry-wide cybersecurity initiative announced by Anthropic in April 2026, uniting AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Partners get access to Claude Mythos Preview — an unreleased frontier model that has already found thousands of zero-day vulnerabilities across every major OS and browser — to harden critical software before attackers catch up. Anthropic is committing up to $100M in model usage credits plus $4M in donations to open-source security.
On April 8, 2026, Anthropic unveiled Project Glasswing — a coalition of twelve of the most influential names in technology, finance, and open-source software, all aligned around a single thesis: AI has crossed a threshold where it can find software vulnerabilities faster than human experts, and the only way to keep defenders ahead is to deploy those same capabilities collaboratively. The catalyst is a model most of the world has never used: Claude Mythos Preview, which Anthropic describes as a general-purpose frontier system whose coding and reasoning abilities translate directly into elite-level offensive security skills.
This article walks through what Glasswing actually is, what Mythos Preview can do that prior models couldn’t, why eleven competing companies agreed to share the same tool, and what it means for anyone who builds, ships, or depends on software — which is essentially everyone.
What is Project Glasswing?
Project Glasswing is a defensive cybersecurity initiative launched and funded by Anthropic, with the explicit goal of using a single frontier model — Claude Mythos Preview — to find and patch vulnerabilities in the most critical software in the world before adversaries can exploit them. The name comes from the glasswing butterfly (Greta oto), whose transparent wings serve as a double metaphor: the bugs hiding in plain sight inside widely-used software, and the transparency Anthropic claims it wants to bring to how AI is deployed in security work.
The structure has three layers:
- Twelve launch partners — AWS, Apple, Anthropic, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks — get direct access to Mythos Preview for hardening their own products and infrastructure.
- 40+ additional organizations that maintain critical software (operating systems, browsers, kernels, key open-source libraries) get access through the same program to scan their codebases.
- Open-source maintainers can apply through the Claude for Open Source program; Anthropic is donating $2.5M to Alpha-Omega and OpenSSF via the Linux Foundation, and $1.5M to the Apache Software Foundation.
Anthropic has earmarked up to $100 million in model usage credits for Glasswing participants during the research preview. After that, Mythos Preview will be priced at $25 per million input tokens and $125 per million output tokens — roughly an order of magnitude above current Claude Opus pricing, reflecting both compute cost and the model’s status as a controlled-access system.
Anthropic estimates that global cybercrime currently costs around $500 billion per year. State-sponsored attacks from China, Iran, North Korea, and Russia routinely target civilian infrastructure. Glasswing’s premise is that the window before offensive AI capabilities proliferate is narrowing — and the only viable defense is to give the same capabilities to defenders first.
What is Claude Mythos Preview, the model behind it all?
Claude Mythos Preview is an unreleased frontier model trained by Anthropic. The name “Mythos” comes from the Ancient Greek word for “utterance” or “narrative” — the system of stories civilizations once used to make sense of the world. It will not be made generally available; Anthropic has explicitly said the model is too capable in offensive security contexts to release without first developing and validating new safeguards. Those safeguards are slated to launch with an upcoming Claude Opus model, where the risk profile is more manageable.
For deeper context on the model’s development arc, see our earlier analysis: What is Claude Mythos? Anthropic’s Most Capable Model Explained.
What makes Mythos Preview unusual is the gap between it and the next-best model (Claude Opus 4.6) on benchmarks that measure exactly the skills relevant to vulnerability research. The cybersecurity-specific results are striking, but so are the general agentic coding scores — because finding zero-days at scale requires both deep code reasoning and the ability to drive long-horizon, autonomous workflows.
| Benchmark | Claude Mythos Preview | Claude Opus 4.6 | Gap |
|---|---|---|---|
| CyberGym (vuln reproduction) | 83.1% | 66.6% | +16.5 pp |
| SWE-bench Verified | 93.9% | 80.8% | +13.1 pp |
| SWE-bench Pro | 77.8% | 53.4% | +24.4 pp |
| SWE-bench Multilingual | 87.3% | 77.8% | +9.5 pp |
| Terminal-Bench 2.0 | 82.0% | 65.4% | +16.6 pp |
| GPQA Diamond | 94.6% | 91.3% | +3.3 pp |
| Humanity’s Last Exam (with tools) | 64.7% | 53.1% | +11.6 pp |
| OSWorld-Verified | 79.6% | 72.7% | +6.9 pp |
The +24.4 percentage-point lead on SWE-bench Pro is the number that should make security teams pay attention. Pro is the harder, more realistic version of SWE-bench — closer to the day-to-day work of resolving complex bugs in real codebases. Anthropic also notes that on Terminal-Bench 2.0, Mythos Preview reaches 92.1% when timeout limits are extended to four hours, indicating the model can sustain coherent multi-hour reasoning across long agentic workflows.
What has Mythos Preview actually found?
Anthropic and its launch partners have been running Mythos Preview against real codebases for several weeks. The headline claim is that the model has identified thousands of high-severity zero-day vulnerabilities, including bugs in every major operating system and every major web browser. Three examples are particularly telling because they show the model finding flaws that survived decades of human review and millions of automated test runs:
Two details from these examples deserve emphasis. First, the FFmpeg flaw lived inside a code path that automated fuzzing tools had executed roughly five million times without triggering the bug. Second, the Linux kernel exploit was constructed without human guidance — Mythos Preview chained primitives together on its own, which is qualitatively different from a tool that flags suspicious code and waits for a human to interpret it.
For vulnerabilities that are not yet patched, Anthropic has published cryptographic hashes of the technical details on the Frontier Red Team blog and committed to disclosing the specifics once fixes are in place. This is a coordinated-disclosure pattern, but at a scale that previously belonged only to large security teams at Google Project Zero or similar.
Who joined Project Glasswing — and why these eleven companies?
The launch partners are not random. Each represents a different layer of the global software stack that any successful cyberattack has to traverse:
| Layer | Partner(s) | Role in Glasswing |
|---|---|---|
| Cloud / hyperscale infrastructure | AWS, Google, Microsoft | Harden cloud platforms; offer Mythos Preview via Bedrock, Vertex AI, Foundry |
| Endpoint & network security | CrowdStrike, Palo Alto Networks, Cisco | Apply Mythos to threat detection and endpoint defense |
| Hardware / silicon | NVIDIA, Broadcom, Apple | Secure firmware, drivers, custom silicon stacks |
| Open source | The Linux Foundation | Distribute access to maintainers of critical OSS |
| Financial services | JPMorganChase | Independent evaluation in regulated finance |
| Frontier AI lab | Anthropic | Provide Mythos Preview, fund credits, coordinate disclosure |
Several quotes from partner CISOs are worth noting. Anthony Grieco, Cisco’s Chief Security & Trust Officer, framed the moment as a discontinuous shift: AI has crossed a threshold “and there is no going back.” Elia Zaitsev, CrowdStrike’s CTO, said the window between vulnerability discovery and exploitation has collapsed from months to minutes. Pat Opet, JPMorganChase’s CISO, took a more measured tone, describing the bank’s involvement as “a unique, early stage opportunity to evaluate next-generation AI tools” — financial regulators are watching, and JPMC is signaling it will keep an independent evaluation posture rather than wholesale endorse the tool.
Heather Adkins from Google noted that Google has been investing in adjacent AI security tools (Big Sleep, CodeMender) and will offer Mythos Preview through Vertex AI. Microsoft’s Igor Tsyganskiy reported that the model showed substantial improvements over previous models when tested against CTI-REALM, Microsoft’s open-source security benchmark.
Why give the same model to eleven competitors?
This is the most counterintuitive part of Glasswing. AWS, Google, and Microsoft compete intensely in cloud and AI. CrowdStrike and Palo Alto Networks compete in security. Cisco competes with all of them. Anthropic is asking each of them to use the same model — funded by Anthropic — to harden their own systems and share what they learn.
The explicit logic is that no single company can patch the world’s critical software alone, and the cyberattack surface is shared. A zero-day in the Linux kernel hurts every cloud provider. A vulnerability in a popular open-source library hurts every company that depends on it. The implicit logic is that Anthropic is taking a position: if frontier AI capabilities are going to reshape cybersecurity, the lab that supplies the model wants to be the one that defines the disclosure norms and the safety practices that surround it. Glasswing is partly a security project and partly a governance bid.
If your stack depends on open-source components — and almost every modern stack does — Glasswing matters because the maintainers of those libraries can now apply for access to a model that finds bugs faster than any prior tool. Expect a wave of patches over the next 90 days. Update aggressively.
What does this mean for developers and security engineers in practice?
Three concrete shifts are coming, and they are already underway for organizations inside the program.
1. Patch cadence is going to accelerate
Anthropic has committed to publishing a public report within 90 days summarizing what Glasswing has fixed and what the industry has learned. That report is going to land in early July 2026, and it is going to be followed by months of high-volume patch releases across operating systems, browsers, and major libraries. If your organization has a slow patching process, the half-life of unpatched vulnerabilities is about to get shorter.
2. The economics of vulnerability research are flipping
Until now, finding a critical zero-day in a hardened codebase like OpenBSD was the kind of work only a small number of elite researchers could do. Mythos Preview is doing it autonomously. If you charge per zero-day in a bug bounty program, expect both supply and competition to increase. If you depend on the obscurity of legacy code paths for security, that defense is gone.
3. Defensive deployment requires new tooling
Mythos Preview is priced at $25/$125 per million tokens, which is roughly 5× current Opus pricing. For most organizations, the model is not going to be used directly — it will be used through agentic workflows that combine it with static analysis, fuzzing, and human review. The teams that are going to extract the most value are the ones that already have AI agent infrastructure in place.
Here’s a minimal pattern for what that workflow looks like in practice — using the standard Anthropic SDK against a fictional Mythos endpoint:
from anthropic import Anthropic
client = Anthropic()
# Defensive workflow: feed the model a target file plus
# context about the codebase, ask it to enumerate plausible
# vulnerability classes and produce minimal proofs-of-concept
# that the security team can verify.
response = client.messages.create(
model="claude-mythos-preview", # restricted access
max_tokens=8000,
system=(
"You are a defensive security analyst. "
"Identify vulnerabilities in the provided code and "
"explain exploit conditions. Do not produce weaponized "
"exploit code. Output JSON with fields: "
"severity, cwe_id, description, suggested_patch."
),
messages=[{
"role": "user",
"content": (
"Here is parser.c from our internal video pipeline. "
"Identify any memory safety, integer overflow, or "
"logic bugs that could be triggered by a malformed "
"input file.\n\n[file contents...]"
)
}]
)
print(response.content[0].text)
The pattern that matters is not the API call — it’s the discipline around it: scoped system prompt, structured output, explicit refusal to produce weaponized exploits, and a human-in-the-loop verification step before any finding becomes a confirmed vulnerability. Glasswing partners are building exactly this kind of harness around Mythos Preview, which is one reason Anthropic is comfortable releasing it to a controlled group.
How does this fit into the broader AI safety picture?
Anthropic frames Glasswing as a deliberate sequencing decision: deploy a dangerous-in-the-wrong-hands capability for defensive purposes first, build the safeguards that make general release possible, then ship those safeguards with a less-risky model. The next Claude Opus model will reportedly launch with the cybersecurity safeguards developed during Glasswing — meaning the model that the public eventually uses will have been hardened by lessons learned from a program that ran on a much more capable system.
For context on how Anthropic thinks about model behavior and policy in general, see our walkthrough of the OpenAI Model Spec for a comparable framework from a different lab.
The Glasswing announcement also confirms that Anthropic has been in ongoing discussions with US government officials about Mythos Preview’s offensive and defensive cyber capabilities. The framing — “a top national security priority for democratic countries” — is consistent with Anthropic’s broader public position that maintaining a US/allied lead in frontier AI is itself a security imperative. Whether you find that framing persuasive or not, it is clearly shaping how the company chooses to release its most capable models.
What happens next?
The most concrete near-term commitments from Anthropic are:
- Within 90 days: A public report on what Glasswing has fixed and what the program has learned, with as much specificity as coordinated disclosure allows.
- Ongoing: A set of practical recommendations developed with leading security organizations, covering vulnerability disclosure processes, software update workflows, open-source and supply-chain security, secure-by-design practices, standards for regulated industries, triage automation, and patching automation.
- Medium term: Anthropic has floated the idea of an independent third-party body to host continued cross-industry work on AI-augmented cybersecurity, bringing together private-sector and public-sector organizations.
- Cyber Verification Program: When the next Opus model ships with the new safeguards, security professionals whose legitimate work is affected by those safeguards will be able to apply for verified access.
The bigger question Glasswing raises is not about any one model. It is about whether the security industry can shift from a reactive posture — patch after disclosure, investigate after breach — to a proactive one where AI systems continuously surface vulnerabilities before adversaries can find them. Mythos Preview is the first model that makes this question feel urgent rather than theoretical. The next twelve months will determine whether the answer is yes.
FAQ
What exactly is Project Glasswing?
Project Glasswing is a defensive cybersecurity initiative launched by Anthropic in April 2026, bringing together twelve major technology, security, and financial companies — plus the Linux Foundation and over 40 critical-software maintainers — to use Claude Mythos Preview, an unreleased frontier AI model, to find and patch vulnerabilities in the world’s most important software before adversaries can exploit them.
Can I use Claude Mythos Preview today?
No. Mythos Preview is restricted to Project Glasswing partners and approved organizations that maintain critical software infrastructure. Anthropic has stated it does not plan to make the model generally available. Open-source maintainers can apply through the Claude for Open Source program. The cybersecurity safeguards developed during Glasswing will eventually ship with a future Claude Opus model that will be more broadly accessible.
How much money is Anthropic putting into Glasswing?
Anthropic is committing up to $100 million in Claude Mythos Preview usage credits to participants during the research preview, plus $4 million in direct donations: $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5 million to the Apache Software Foundation. After the preview ends, Mythos Preview will be priced at $25 per million input tokens and $125 per million output tokens.
What kinds of vulnerabilities has Mythos Preview found?
Anthropic reports that Mythos Preview has identified thousands of zero-day vulnerabilities, including bugs in every major operating system and every major web browser. Three patched examples include a 27-year-old remote crash vulnerability in OpenBSD, a 16-year-old bug in FFmpeg that survived five million automated test runs, and a chained privilege escalation in the Linux kernel discovered fully autonomously without human guidance.
Why are competing companies sharing the same AI model?
The cyberattack surface is shared. A zero-day in the Linux kernel or a popular open-source library hurts every cloud provider, every enterprise, and every end user. Glasswing’s premise is that no single company can patch the world’s critical software alone, so coordinating around a single highly capable model — and sharing what each partner learns — produces faster, more comprehensive coverage than competing efforts working in isolation.
How does Mythos Preview compare to Claude Opus 4.6 on benchmarks?
Mythos Preview substantially outperforms Opus 4.6 across every published benchmark. The biggest gaps are on SWE-bench Pro (+24.4 percentage points), CyberGym vulnerability reproduction (+16.5 pp), Terminal-Bench 2.0 (+16.6 pp), and SWE-bench Verified (+13.1 pp). The pattern is consistent: Mythos Preview is dramatically stronger at the long-horizon agentic coding and reasoning tasks that vulnerability research requires.
When will Anthropic publish results from Project Glasswing?
Anthropic has committed to publishing a public report within 90 days of the launch — landing in early July 2026 — covering what Glasswing has fixed, what the participants have learned, and which vulnerabilities can be disclosed. The company has also committed to producing a longer set of practical recommendations for how security practices should evolve in the AI era, developed in collaboration with leading security organizations.
Sources & further reading
- Anthropic — Project Glasswing announcement
- Anthropic Frontier Red Team — Claude Mythos Preview technical post
- Anthropic — Claude Mythos Preview System Card
- The Linux Foundation — Glasswing for OSS maintainers
- Google Cloud — Mythos Preview on Vertex AI
- Microsoft MSRC — MSRC on Glasswing
- AWS Security — Building AI defenses at scale
- CrowdStrike — Founding member announcement
- Cisco — Rising to the era of AI-powered cyber defense
- Palo Alto Networks — Weaponized Intelligence
- GovAI — Global yearly cybercrime damage estimates
- DARPA — Cyber Grand Challenge (2016)

[…] If you want background on Anthropic’s broader infrastructure footprint, our coverage of Project Glasswing and the Capybara/Mythos model roadmap sets the broader […]
[…] decodethefuture.org — Project Glasswing: Anthropic's $100M Cyber Defense Push […]
[…] Project Glasswing: Anthropic’s $100M Cyber Defense Push(外部)2026年4月8日のProject Glasswing発表と参加12社、Claude Mythos Previewの価格構造(100万トークンあたり25ドル/125ドル)を報じている。 […]