Anthropic launches Project Glasswing to defend critical software

TL;DR: Anthropic has announced Project Glasswing, a cybersecurity initiative deploying its unreleased Claude Mythos model to find and fix vulnerabilities in critical software. The coalition includes AWS, Apple, Google, Microsoft, Nvidia, and others. Anthropic says Mythos has already uncovered thousands of high-severity flaws — including some in every major operating system and browser — raising the stakes for both cyber defence and the responsible deployment of frontier AI capabilities.

Anthropic revealed that Claude Mythos, a general-purpose frontier model still in preview, has reached a point where it can surpass most skilled humans at identifying and exploiting software vulnerabilities. Rather than releasing the model publicly, the company has formed a defensive coalition of 12 named partners and extended access to over 40 additional organisations that build or maintain critical software infrastructure.

The scale of the initiative

The company is committing up to $100 million in Mythos usage credits across participating organisations, alongside $4 million in direct donations to open-source security projects. Partners will use the model to scan and stress-test their systems, while Anthropic says it will share findings to benefit the wider industry.

The announcement arrives at a moment when state-sponsored cyberattacks and ransomware campaigns have caused notable damage to healthcare systems, energy infrastructure, and government agencies globally. Anthropic estimates the annual global cost of cybercrime at around $500 billion, and argues that AI-augmented attacks will make existing software flaws far more dangerous as frontier model capabilities continue to advance.

The staged approach — releasing to defenders before general availability — has already drawn EU regulatory approval. The European Commission publicly welcomed Anthropic’s decision, stating it supports the principle of staged rollout for models with significant cyber risk potential.

Looking forward

Project Glasswing represents a test case for how frontier AI labs handle dual-use capabilities. The model’s ability to find decades-old vulnerabilities that survived millions of automated security tests suggests a step change in offensive and defensive cyber tooling. For UK businesses and public sector bodies reliant on the same operating systems and browsers, the implications are immediate: the window between vulnerability discovery and exploitation is narrowing, and defensive adoption of AI may become a competitive necessity.