What Is Project Glasswing? Inside Anthropic’s Next AI Initiative

Project Glasswing is Anthropic's coordinated response to a problem that has no clean solution: what do you do when you have built an AI model capable enough to find and exploit critical software vulnerabilities at a scale no human team could match?

Announced April 7, 2026, Project Glasswing brings together 12 of the world's most important technology companies to use that capability for defence before attackers get access to anything equivalent. This article explains what it is, why it exists, and what it means.

‍

Key Takeaways

• Coordinated cybersecurity initiative: Project Glasswing launched April 7, 2026, bringing 12 major technology partners together to use AI for defensive vulnerability discovery at unprecedented scale.
• Powered by Claude Mythos Preview: Anthropic's most capable model to date, restricted from public access and deployed exclusively for defensive security work through this initiative.
• Significant financial commitment: Anthropic is contributing up to $100 million in usage credits and $4 million in direct donations to open-source security organisations.
• Named after a butterfly: The glasswing butterfly's transparent wings make it difficult to see, mirroring how software vulnerabilities remain hidden in plain sight for years or decades.
• Urgency is explicitly stated: Anthropic warns that similar AI capabilities will proliferate to actors who may not deploy them responsibly, making the current defensive window short.
• A starting point, not a solution: Anthropic frames Project Glasswing as the beginning of an industry-wide response, not a complete answer to the threat.

‍

What Is Project Glasswing?

Project Glasswing is a cybersecurity initiative launched by Anthropic on April 7, 2026. It gives a coalition of major technology companies access to Claude Mythos Preview, a model not available to the public, specifically for defensive security work: finding and fixing critical vulnerabilities in the world's most important software before attackers can exploit them.

The initiative is built around a single core idea. AI models have reached a capability level where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.

That capability carries dual-use risk. Project Glasswing is Anthropic's attempt to put it to work for defence before offence gains access to anything equivalent.

• Access as the mechanism: Partners receive Claude Mythos Preview specifically for scanning and securing their own first-party systems and the open-source software they build or maintain.
• The name origin: Anthropic employees chose the glasswing butterfly as a metaphor. Its transparent wings make it nearly invisible in flight, just as software vulnerabilities are present in code for years or decades without being detected.
• The urgency framing: Anthropic describes the initiative as "an urgent attempt to put these capabilities to work for defensive purposes," signalling that the timing of this deployment is not incidental.

Project Glasswing is distinct from Claude Mythos Preview itself. Mythos is the model. Glasswing is the initiative structured around controlled deployment of that model for a specific defensive purpose.

‍

Why Did Anthropic Launch Project Glasswing?

The answer starts with what Claude Mythos Preview can do that previous models could not.

Previous AI models could identify vulnerabilities in code. What they could not do reliably was convert those vulnerabilities into working exploits.

Mythos Preview can. On Firefox's JavaScript shell, it converts 72.4% of identified vulnerabilities into successful exploits. That single capability change shifts the risk calculation significantly.

• The dual-use problem: The same reasoning that finds vulnerabilities for defensive purposes finds them for offensive ones. There is no version of this capability that is useful only to defenders.
• The expertise cost has collapsed: Finding and exploiting critical vulnerabilities previously required a team of elite security researchers working for weeks or months. Mythos changes that equation dramatically for anyone with access to the model.
• The threat landscape is already accelerating: CrowdStrike's 2026 Global Threat Report found an 89% year-over-year increase in attacks by adversaries using AI, making the urgency of a coordinated defensive response concrete rather than theoretical.
• The window is narrow: Anthropic explicitly states that similar capabilities will "proliferate, potentially beyond actors who are committed to deploying them safely" within a short period. Project Glasswing is an attempt to use the current window productively.

The defenders-first logic is straightforward. By giving defenders access to Mythos Preview before the model is publicly released, Anthropic creates a window for closing critical vulnerabilities while attackers still lack the equivalent tool.

For a full account of what Claude Mythos Preview can do and how its capabilities compare to previous models, the Claude Mythos breakdown covers the technical details and benchmark numbers.

‍

Who Is in the Project Glasswing Coalition?

The coalition has two tiers. Twelve organisations are publicly named as launch partners. Approximately 40 additional organisations have been granted access but have not been publicly disclosed. All participants build or maintain critical software infrastructure.

The 12 named partners are: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.

‍

• Partner voices on the initiative: Microsoft's EVP of Cybersecurity confirmed Mythos Preview showed "substantial improvements compared to previous models" on CTI-REALM, Microsoft's open-source security benchmark.
• AWS on real-world impact: AWS's CISO confirmed the model is "already helping us strengthen our code" in critical codebases before any public deployment.
• Cisco on the collaborative imperative: Cisco's Chief Security Officer called AI capabilities in cybersecurity "too important and too urgent to do alone," framing the coalition structure as a necessity, not a preference.

Partners are sharing what they learn through the initiative so the broader industry can benefit. The explicit goal is to raise the defensive baseline across the entire software ecosystem, not give a competitive advantage to coalition members.

‍

What Is Anthropic Contributing to Project Glasswing?

Anthropic's contribution goes beyond providing model access. The financial commitment, knowledge sharing obligations, and government engagement are all part of the structure.

The primary contribution is the model itself. Claude Mythos Preview is not available commercially. Providing access to it, specifically for defensive security work, is the foundation of the entire initiative.

• Usage credits: Up to $100 million in usage credits for Mythos Preview across all Project Glasswing participants. Partners pay for usage beyond that threshold. This removes the cost barrier for defensive security work at scale.
• Direct donations: $4 million in direct donations to open-source security organisations, recognising that open-source maintainers, whose software underpins much of the world's critical infrastructure, have historically operated without the security resources available to large enterprises.
• Knowledge sharing: Anthropic has committed to publishing what it and its partners learn through Project Glasswing, including Frontier Red Team blog posts, technical disclosures, and industry communications.
• Government engagement: Anthropic is in ongoing discussions with US government officials including the Cybersecurity and Infrastructure Security Agency and the Center for AI Standards and Innovation about Mythos Preview's specific capabilities.

The $4 million donation to open-source security organisations is significant in context.

Open-source software runs the majority of the world's critical infrastructure but has historically been maintained by small teams with limited security resources.

Project Glasswing's model is being applied to that software directly through the Linux Foundation partnership.

‍

How Does Project Glasswing Actually Work?

The mechanics matter here. "AI finds vulnerabilities" is a broad description. The actual process Anthropic uses with Mythos Preview is more specific, and the specificity is what makes the validation results credible.

Anthropic runs Mythos Preview via Claude Code in isolated containers. The model is given the source code of the project under test and a prompt asking it to find security vulnerabilities.

• The discovery process: Mythos reads the code, hypothesises vulnerabilities, runs the project to confirm or reject each hypothesis, and outputs either a "no bug found" verdict or a detailed bug report with a proof-of-concept exploit and reproduction steps.
• The prioritisation mechanism: Rather than processing every file in a codebase linearly, Mythos first ranks each file by likelihood of containing interesting bugs on a scale of 1 to 5, then works through files in priority order.
• The validation layer: A final agent validates each bug report, filtering out minor or obscure issues before reports are sent to maintainers. In 89% of the 198 manually reviewed reports, expert security contractors agreed exactly with the severity assessment Mythos assigned. 98% of assessments were within one severity level.
• Responsible disclosure process: Anthropic works with professional security contractors to manually validate every report before it is sent to open-source maintainers or closed-source vendors. For patched vulnerabilities, full technical details are published. For others, cryptographic hashes are published now with full disclosure to follow.

The 89%/98% validator agreement figure is important. It establishes that the model's severity judgements are reliable enough to act on, not just voluminous.

A model that finds thousands of vulnerabilities but ranks them poorly creates as much noise as signal. Mythos Preview's accuracy on severity assessment is what makes the scale of output useful rather than overwhelming.

‍

What Has Project Glasswing Found So Far?

Anthropic has used Mythos Preview to identify thousands of zero-day vulnerabilities across every major operating system and every major web browser. A zero-day is a vulnerability unknown to the software's developers, meaning there is no fix available when it is discovered.

Three specific examples have been patched and publicly disclosed.

• OpenBSD, 27 years old: OpenBSD is one of the most security-hardened operating systems in the world, used to run firewalls and critical infrastructure globally. Mythos found a vulnerability that allowed an attacker to remotely crash any OpenBSD machine simply by connecting to it. It had been present in the codebase for 27 years.
• FFmpeg, 16 years old: FFmpeg is the video encoding and decoding library embedded in countless applications, from media players to content platforms. Mythos found a flaw in a single line of code that automated testing tools had processed five million times without detecting it. The flaw was 16 years old.
• Linux kernel chain: Mythos autonomously identified and chained multiple Linux kernel vulnerabilities together to escalate from ordinary user access to complete machine control, demonstrating multi-step autonomous reasoning across a large, complex codebase.

All three have been patched. Thousands of additional high- and critical-severity vulnerabilities remain in the responsible disclosure process. Anthropic has contracted professional security researchers to validate each report before it is sent to the relevant maintainer or vendor.

‍

What Does Project Glasswing Mean for the Future of Cybersecurity?

Project Glasswing does not solve the dual-use problem. It manages it, for a window of time, by ensuring that defenders get access to a specific capability before attackers do. What it means for the broader field depends on how that window is used.

Jim Zemlin of the Linux Foundation articulated the opportunity clearly: security expertise "was historically something large enterprises could afford but remained out of reach for smaller companies and open-source projects."

AI-assisted vulnerability discovery at the scale Project Glasswing is operating changes who can access elite-level security capability.

• The scale shift: Finding critical vulnerabilities in large, complex codebases previously required teams of highly specialised humans working for weeks. The same work can now be done faster, at greater scale, and across more projects simultaneously.
• The precedent being set: Restricted preview to a defensive coalition, with active knowledge sharing and government engagement, represents a new model for managing dual-use AI capability. Whether it works and what scaling it looks like will inform how the industry handles the next generation of capable models.
• What it means outside the coalition: The vulnerabilities being found and patched through Project Glasswing affect software that almost every organisation runs. The patches produced through this initiative will reach most organisations through normal software update processes. The security improvement is not limited to coalition members.
• The timeline warning: Anthropic is explicit that the window is short. Similar capabilities will become available through other labs and potentially through public releases. The goal of Project Glasswing is to close as many critical vulnerabilities as possible before that happens.

LowCode Agency joined the Anthropic Claude Partner Network because we believe the trajectory of frontier model capability matters for every business making AI infrastructure decisions. Project Glasswing is the clearest evidence yet of why that trajectory requires active attention, not passive observation.

‍

Conclusion

Project Glasswing is Anthropic's answer to a question that has no clean solution: what do you do with a capability too valuable not to deploy and too dangerous to release openly?

The answer they have chosen is to deploy it defensively, in coalition, with transparency about what is being learned and why. Whether that answer proves sufficient depends on how quickly the vulnerabilities being found can be patched, and how long the window between defenders and attackers actually lasts. Project Glasswing does not guarantee that window. It uses it.

For technical details on how Mythos Preview finds and validates vulnerabilities, Anthropic's Frontier Red Team blog at red.anthropic.com/2026/mythos-preview provides full methodology and specific case studies.

‍

What Project Glasswing Means for Businesses Building on AI

Project Glasswing is a signal, not just a security initiative. It confirms that AI capability has crossed a threshold that changes the risk profile of software systems, the economics of vulnerability discovery, and the timeline pressure on anyone making AI infrastructure decisions today.

At LowCode Agency, we are a strategic product team, not a dev shop. We help organisations understand where AI capability is heading and build systems designed for that trajectory, not just for today's baseline.

• Frontier model awareness: We track developments like Project Glasswing and translate them into concrete implications for the AI-powered products our clients build and maintain.
• AI-powered product development: We build custom tools on Bubble, FlutterFlow, and Webflow that are designed to integrate current and future AI capabilities as they become available.
• AI agent development: We design and build custom AI agents for business workflows, scoped to the specific tasks and capability levels that produce measurable returns.
• Security-aware architecture: We build AI-powered systems with data handling, access controls, and audit trails designed in from day one, not retrofitted after deployment.
• Workflow automation: We deploy automation systems using Make, n8n, and Zapier built on current model capabilities with architecture that scales as those capabilities improve.
• AI consulting: We help leadership teams make AI infrastructure decisions based on an accurate picture of where frontier capability actually is, not where vendor marketing says it is.
• Full product team: Strategy, design, development, and QA from a single team invested in your outcome across the full product lifecycle.

We have built 350+ products for clients including Coca-Cola, American Express, and Medtronic. We are an Anthropic Claude Partner Network member and follow frontier AI development as a core part of how we serve our clients.

If you want to make sure your AI infrastructure decisions are built on a clear understanding of where this technology is heading, let's start that conversation.