HomeArtificial IntelligenceProject Glasswing: Anthropic's $100M Cyber Defense Push

Project Glasswing: Anthropic’s $100M Cyber Defense Push

Last updated: April 2026 · By DecodeTheFuture.org

Project Glasswing is an industry-wide cybersecurity initiative announced by Anthropic in April 2026, uniting AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Partners get access to Claude Mythos Preview — an unreleased frontier model that has already found thousands of zero-day vulnerabilities across every major OS and browser — to harden critical software before attackers catch up. Anthropic is committing up to $100M in model usage credits plus $4M in donations to open-source security.

Project Glasswing Claude Mythos AI Cybersecurity Zero-day

On April 8, 2026, Anthropic unveiled Project Glasswing — a coalition of twelve of the most influential names in technology, finance, and open-source software, all aligned around a single thesis: AI has crossed a threshold where it can find software vulnerabilities faster than human experts, and the only way to keep defenders ahead is to deploy those same capabilities collaboratively. The catalyst is a model most of the world has never used: Claude Mythos Preview, which Anthropic describes as a general-purpose frontier system whose coding and reasoning abilities translate directly into elite-level offensive security skills.

This article walks through what Glasswing actually is, what Mythos Preview can do that prior models couldn’t, why eleven competing companies agreed to share the same tool, and what it means for anyone who builds, ships, or depends on software — which is essentially everyone.

What is Project Glasswing?

Project Glasswing is a defensive cybersecurity initiative launched and funded by Anthropic, with the explicit goal of using a single frontier model — Claude Mythos Preview — to find and patch vulnerabilities in the most critical software in the world before adversaries can exploit them. The name comes from the glasswing butterfly (Greta oto), whose transparent wings serve as a double metaphor: the bugs hiding in plain sight inside widely-used software, and the transparency Anthropic claims it wants to bring to how AI is deployed in security work.

The structure has three layers:

  • Twelve launch partners — AWS, Apple, Anthropic, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks — get direct access to Mythos Preview for hardening their own products and infrastructure.
  • 40+ additional organizations that maintain critical software (operating systems, browsers, kernels, key open-source libraries) get access through the same program to scan their codebases.
  • Open-source maintainers can apply through the Claude for Open Source program; Anthropic is donating $2.5M to Alpha-Omega and OpenSSF via the Linux Foundation, and $1.5M to the Apache Software Foundation.

Anthropic has earmarked up to $100 million in model usage credits for Glasswing participants during the research preview. After that, Mythos Preview will be priced at $25 per million input tokens and $125 per million output tokens — roughly an order of magnitude above current Claude Opus pricing, reflecting both compute cost and the model’s status as a controlled-access system.

⚠️ Why this matters now

Anthropic estimates that global cybercrime currently costs around $500 billion per year. State-sponsored attacks from China, Iran, North Korea, and Russia routinely target civilian infrastructure. Glasswing’s premise is that the window before offensive AI capabilities proliferate is narrowing — and the only viable defense is to give the same capabilities to defenders first.

What is Claude Mythos Preview, the model behind it all?

Claude Mythos Preview is an unreleased frontier model trained by Anthropic. The name “Mythos” comes from the Ancient Greek word for “utterance” or “narrative” — the system of stories civilizations once used to make sense of the world. It will not be made generally available; Anthropic has explicitly said the model is too capable in offensive security contexts to release without first developing and validating new safeguards. Those safeguards are slated to launch with an upcoming Claude Opus model, where the risk profile is more manageable.

For deeper context on the model’s development arc, see our earlier analysis: What is Claude Mythos? Anthropic’s Most Capable Model Explained.

What makes Mythos Preview unusual is the gap between it and the next-best model (Claude Opus 4.6) on benchmarks that measure exactly the skills relevant to vulnerability research. The cybersecurity-specific results are striking, but so are the general agentic coding scores — because finding zero-days at scale requires both deep code reasoning and the ability to drive long-horizon, autonomous workflows.

BenchmarkClaude Mythos PreviewClaude Opus 4.6Gap
CyberGym (vuln reproduction)83.1%66.6%+16.5 pp
SWE-bench Verified93.9%80.8%+13.1 pp
SWE-bench Pro77.8%53.4%+24.4 pp
SWE-bench Multilingual87.3%77.8%+9.5 pp
Terminal-Bench 2.082.0%65.4%+16.6 pp
GPQA Diamond94.6%91.3%+3.3 pp
Humanity’s Last Exam (with tools)64.7%53.1%+11.6 pp
OSWorld-Verified79.6%72.7%+6.9 pp

The +24.4 percentage-point lead on SWE-bench Pro is the number that should make security teams pay attention. Pro is the harder, more realistic version of SWE-bench — closer to the day-to-day work of resolving complex bugs in real codebases. Anthropic also notes that on Terminal-Bench 2.0, Mythos Preview reaches 92.1% when timeout limits are extended to four hours, indicating the model can sustain coherent multi-hour reasoning across long agentic workflows.

What has Mythos Preview actually found?

Anthropic and its launch partners have been running Mythos Preview against real codebases for several weeks. The headline claim is that the model has identified thousands of high-severity zero-day vulnerabilities, including bugs in every major operating system and every major web browser. Three examples are particularly telling because they show the model finding flaws that survived decades of human review and millions of automated test runs:

Three vulnerabilities found by Claude Mythos Preview OpenBSD: 27-year-old remote crash bug. FFmpeg: 16-year-old bug missed by 5 million automated test runs. Linux kernel: chained privilege escalation found autonomously. Mythos Preview vulnerabilities DecodeTheFuture.org Project Glasswing, Claude Mythos, zero-day, AI cybersecurity Three example zero-day vulnerabilities discovered autonomously by Claude Mythos Preview during Project Glasswing testing. Diagram image/svg+xml en © DecodeTheFuture.org Zero-days found by Mythos Preview OpenBSD 27 years old One of the most security-hardened OSes in the world. Used to run firewalls and critical infrastructure. Impact: remote crash via network connection FFmpeg 16 years old Encodes/decodes video for countless apps worldwide. 5,000,000 automated test hits — none caught it. Mythos Preview found it on inspection. Linux kernel runs most of the web Mythos Preview autonomously chained multiple bugs into a privilege escalation exploit — without any human steering. Impact: ordinary user → full machine control All three vulnerabilities have been reported and patched.

Two details from these examples deserve emphasis. First, the FFmpeg flaw lived inside a code path that automated fuzzing tools had executed roughly five million times without triggering the bug. Second, the Linux kernel exploit was constructed without human guidance — Mythos Preview chained primitives together on its own, which is qualitatively different from a tool that flags suspicious code and waits for a human to interpret it.

For vulnerabilities that are not yet patched, Anthropic has published cryptographic hashes of the technical details on the Frontier Red Team blog and committed to disclosing the specifics once fixes are in place. This is a coordinated-disclosure pattern, but at a scale that previously belonged only to large security teams at Google Project Zero or similar.

Who joined Project Glasswing — and why these eleven companies?

The launch partners are not random. Each represents a different layer of the global software stack that any successful cyberattack has to traverse:

LayerPartner(s)Role in Glasswing
Cloud / hyperscale infrastructureAWS, Google, MicrosoftHarden cloud platforms; offer Mythos Preview via Bedrock, Vertex AI, Foundry
Endpoint & network securityCrowdStrike, Palo Alto Networks, CiscoApply Mythos to threat detection and endpoint defense
Hardware / siliconNVIDIA, Broadcom, AppleSecure firmware, drivers, custom silicon stacks
Open sourceThe Linux FoundationDistribute access to maintainers of critical OSS
Financial servicesJPMorganChaseIndependent evaluation in regulated finance
Frontier AI labAnthropicProvide Mythos Preview, fund credits, coordinate disclosure

Several quotes from partner CISOs are worth noting. Anthony Grieco, Cisco’s Chief Security & Trust Officer, framed the moment as a discontinuous shift: AI has crossed a threshold “and there is no going back.” Elia Zaitsev, CrowdStrike’s CTO, said the window between vulnerability discovery and exploitation has collapsed from months to minutes. Pat Opet, JPMorganChase’s CISO, took a more measured tone, describing the bank’s involvement as “a unique, early stage opportunity to evaluate next-generation AI tools” — financial regulators are watching, and JPMC is signaling it will keep an independent evaluation posture rather than wholesale endorse the tool.

Heather Adkins from Google noted that Google has been investing in adjacent AI security tools (Big Sleep, CodeMender) and will offer Mythos Preview through Vertex AI. Microsoft’s Igor Tsyganskiy reported that the model showed substantial improvements over previous models when tested against CTI-REALM, Microsoft’s open-source security benchmark.

Why give the same model to eleven competitors?

This is the most counterintuitive part of Glasswing. AWS, Google, and Microsoft compete intensely in cloud and AI. CrowdStrike and Palo Alto Networks compete in security. Cisco competes with all of them. Anthropic is asking each of them to use the same model — funded by Anthropic — to harden their own systems and share what they learn.

The explicit logic is that no single company can patch the world’s critical software alone, and the cyberattack surface is shared. A zero-day in the Linux kernel hurts every cloud provider. A vulnerability in a popular open-source library hurts every company that depends on it. The implicit logic is that Anthropic is taking a position: if frontier AI capabilities are going to reshape cybersecurity, the lab that supplies the model wants to be the one that defines the disclosure norms and the safety practices that surround it. Glasswing is partly a security project and partly a governance bid.

💡 Practical signal for builders

If your stack depends on open-source components — and almost every modern stack does — Glasswing matters because the maintainers of those libraries can now apply for access to a model that finds bugs faster than any prior tool. Expect a wave of patches over the next 90 days. Update aggressively.

What does this mean for developers and security engineers in practice?

Three concrete shifts are coming, and they are already underway for organizations inside the program.

1. Patch cadence is going to accelerate

Anthropic has committed to publishing a public report within 90 days summarizing what Glasswing has fixed and what the industry has learned. That report is going to land in early July 2026, and it is going to be followed by months of high-volume patch releases across operating systems, browsers, and major libraries. If your organization has a slow patching process, the half-life of unpatched vulnerabilities is about to get shorter.

2. The economics of vulnerability research are flipping

Until now, finding a critical zero-day in a hardened codebase like OpenBSD was the kind of work only a small number of elite researchers could do. Mythos Preview is doing it autonomously. If you charge per zero-day in a bug bounty program, expect both supply and competition to increase. If you depend on the obscurity of legacy code paths for security, that defense is gone.

3. Defensive deployment requires new tooling

Mythos Preview is priced at $25/$125 per million tokens, which is roughly 5× current Opus pricing. For most organizations, the model is not going to be used directly — it will be used through agentic workflows that combine it with static analysis, fuzzing, and human review. The teams that are going to extract the most value are the ones that already have AI agent infrastructure in place.

Here’s a minimal pattern for what that workflow looks like in practice — using the standard Anthropic SDK against a fictional Mythos endpoint:

Python · Mythos Preview defensive scan
from anthropic import Anthropic

client = Anthropic()

# Defensive workflow: feed the model a target file plus
# context about the codebase, ask it to enumerate plausible
# vulnerability classes and produce minimal proofs-of-concept
# that the security team can verify.

response = client.messages.create(
    model="claude-mythos-preview",  # restricted access
    max_tokens=8000,
    system=(
        "You are a defensive security analyst. "
        "Identify vulnerabilities in the provided code and "
        "explain exploit conditions. Do not produce weaponized "
        "exploit code. Output JSON with fields: "
        "severity, cwe_id, description, suggested_patch."
    ),
    messages=[{
        "role": "user",
        "content": (
            "Here is parser.c from our internal video pipeline. "
            "Identify any memory safety, integer overflow, or "
            "logic bugs that could be triggered by a malformed "
            "input file.\n\n[file contents...]"
        )
    }]
)

print(response.content[0].text)

The pattern that matters is not the API call — it’s the discipline around it: scoped system prompt, structured output, explicit refusal to produce weaponized exploits, and a human-in-the-loop verification step before any finding becomes a confirmed vulnerability. Glasswing partners are building exactly this kind of harness around Mythos Preview, which is one reason Anthropic is comfortable releasing it to a controlled group.

How does this fit into the broader AI safety picture?

Anthropic frames Glasswing as a deliberate sequencing decision: deploy a dangerous-in-the-wrong-hands capability for defensive purposes first, build the safeguards that make general release possible, then ship those safeguards with a less-risky model. The next Claude Opus model will reportedly launch with the cybersecurity safeguards developed during Glasswing — meaning the model that the public eventually uses will have been hardened by lessons learned from a program that ran on a much more capable system.

For context on how Anthropic thinks about model behavior and policy in general, see our walkthrough of the OpenAI Model Spec for a comparable framework from a different lab.

The Glasswing announcement also confirms that Anthropic has been in ongoing discussions with US government officials about Mythos Preview’s offensive and defensive cyber capabilities. The framing — “a top national security priority for democratic countries” — is consistent with Anthropic’s broader public position that maintaining a US/allied lead in frontier AI is itself a security imperative. Whether you find that framing persuasive or not, it is clearly shaping how the company chooses to release its most capable models.

What happens next?

The most concrete near-term commitments from Anthropic are:

  • Within 90 days: A public report on what Glasswing has fixed and what the program has learned, with as much specificity as coordinated disclosure allows.
  • Ongoing: A set of practical recommendations developed with leading security organizations, covering vulnerability disclosure processes, software update workflows, open-source and supply-chain security, secure-by-design practices, standards for regulated industries, triage automation, and patching automation.
  • Medium term: Anthropic has floated the idea of an independent third-party body to host continued cross-industry work on AI-augmented cybersecurity, bringing together private-sector and public-sector organizations.
  • Cyber Verification Program: When the next Opus model ships with the new safeguards, security professionals whose legitimate work is affected by those safeguards will be able to apply for verified access.

The bigger question Glasswing raises is not about any one model. It is about whether the security industry can shift from a reactive posture — patch after disclosure, investigate after breach — to a proactive one where AI systems continuously surface vulnerabilities before adversaries can find them. Mythos Preview is the first model that makes this question feel urgent rather than theoretical. The next twelve months will determine whether the answer is yes.

FAQ

What exactly is Project Glasswing?

Project Glasswing is a defensive cybersecurity initiative launched by Anthropic in April 2026, bringing together twelve major technology, security, and financial companies — plus the Linux Foundation and over 40 critical-software maintainers — to use Claude Mythos Preview, an unreleased frontier AI model, to find and patch vulnerabilities in the world’s most important software before adversaries can exploit them.

Can I use Claude Mythos Preview today?

No. Mythos Preview is restricted to Project Glasswing partners and approved organizations that maintain critical software infrastructure. Anthropic has stated it does not plan to make the model generally available. Open-source maintainers can apply through the Claude for Open Source program. The cybersecurity safeguards developed during Glasswing will eventually ship with a future Claude Opus model that will be more broadly accessible.

How much money is Anthropic putting into Glasswing?

Anthropic is committing up to $100 million in Claude Mythos Preview usage credits to participants during the research preview, plus $4 million in direct donations: $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5 million to the Apache Software Foundation. After the preview ends, Mythos Preview will be priced at $25 per million input tokens and $125 per million output tokens.

What kinds of vulnerabilities has Mythos Preview found?

Anthropic reports that Mythos Preview has identified thousands of zero-day vulnerabilities, including bugs in every major operating system and every major web browser. Three patched examples include a 27-year-old remote crash vulnerability in OpenBSD, a 16-year-old bug in FFmpeg that survived five million automated test runs, and a chained privilege escalation in the Linux kernel discovered fully autonomously without human guidance.

Why are competing companies sharing the same AI model?

The cyberattack surface is shared. A zero-day in the Linux kernel or a popular open-source library hurts every cloud provider, every enterprise, and every end user. Glasswing’s premise is that no single company can patch the world’s critical software alone, so coordinating around a single highly capable model — and sharing what each partner learns — produces faster, more comprehensive coverage than competing efforts working in isolation.

How does Mythos Preview compare to Claude Opus 4.6 on benchmarks?

Mythos Preview substantially outperforms Opus 4.6 across every published benchmark. The biggest gaps are on SWE-bench Pro (+24.4 percentage points), CyberGym vulnerability reproduction (+16.5 pp), Terminal-Bench 2.0 (+16.6 pp), and SWE-bench Verified (+13.1 pp). The pattern is consistent: Mythos Preview is dramatically stronger at the long-horizon agentic coding and reasoning tasks that vulnerability research requires.

When will Anthropic publish results from Project Glasswing?

Anthropic has committed to publishing a public report within 90 days of the launch — landing in early July 2026 — covering what Glasswing has fixed, what the participants have learned, and which vulnerabilities can be disclosed. The company has also committed to producing a longer set of practical recommendations for how security practices should evolve in the AI era, developed in collaboration with leading security organizations.

Sources & further reading

RELATED ARTICLES

3 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Recent Comments