What do you do when you build something powerful enough to break the internet? That was the challenge for Anthropic when they realised the capabilities of their latest frontier AI release, Claude Mythos Preview. Their response was Project Glasswing.
Here are the essential Project Glasswing and Mythos facts, plus four key considerations for the internet infrastructure industry.
What is Project Glasswing?
Named after the glasswing butterfly—a creature famous for its transparent wings that reveal rather than conceal—Project Glasswing is Anthropic’s attempt to use one of the most capable AI systems ever built to improve cybersecurity before threat actors get their hands on it.
At the centre of the initiative sits Claude Mythos Preview, a general-purpose frontier model that Anthropic describes as its most capable yet for coding and agentic tasks. The cybersecurity capabilities aren’t a bolt-on feature—they’re the natural result of a model that can deeply understand and modify complex software at scale. That same ability to reason through intricate codebases and chain logical steps together is what makes it extraordinary at finding the cracks in them.
The results are seismic. Anthropic used Mythos Preview to identify thousands of zero-day vulnerabilities—previously unknown flaws—across every major operating system and every major web browser.
Some of these bugs had survived decades of human audits, aggressive fuzzing, and open-source scrutiny. One had been sitting quietly in OpenBSD—widely regarded as one of the world’s most hardened operating systems—for 27 years.
“I’ve found more bugs in the last couple of weeks than I’ve found in the rest of my life…”
Nicholas Carlini, Research Scientist, Anthropic
Project Glasswing is born
Anthropic realised that cybercriminals would be able to use Mythos to catastrophically attack countless interconnected and critical systems. Their response was to create Project Glasswing: a sweeping, coalition-backed cybersecurity initiative to tackle the threat Mythos posed.
The launch coalition reads like a who’s who of the internet’s backbone:
- Amazon Web Services
- Apple
- Broadcom
- Cisco
- CrowdStrike
- JPMorganChase
- The Linux Foundation
- Microsoft
- NVIDIA
- Palo Alto Networks
Beyond the headline partners, Anthropic has extended access to more than 40 additional organizations that build or maintain critical software infrastructure. The financial commitment is gigantic: up to $100 million in Mythos Preview usage credits, plus $4 million in direct donations to open-source security organisations to support patching work.
AWS has already been testing Mythos Preview in its own security operations. Google is making the model available to Glasswing participants via Vertex AI.
Why Claude Mythos Preview Is Locked Away
Anthropic is not naïve about the harm its model could do. Mythos Preview is not publicly available. Access is gated, controlled, and limited to the Glasswing coalition for now; because the same capabilities that make this model so powerful in finding and fixing vulnerabilities make it extraordinarily dangerous in the wrong hands.
Anthropic has already seen this play out—the company disclosed in November 2025 that a Chinese state-sponsored group achieved 80 to 90 percent autonomous tactical execution using Claude across approximately 30 targets. That was with a public model. Mythos is massively more capable.
For those in the Cloud infrastructure business, the question of containment is not academic. Indeed, Bloomberg reported that Mythos has already been accessed by unauthorized users. Whether it can stay out of the hands of bad actors remains to be seen.
Meanwhile, Anthropic has committed to publish findings publicly within 90 days and is exploring the creation of an independent third-party body to govern large-scale cybersecurity AI work.
“We’ll share as much as we can so that other organizations can apply the lessons to their own security,” said an Anthropic spokesperson. “Partners will, to the extent they’re able, share information and best practices with each other.
“We will also collaborate with leading security organizations to produce a set of practical recommendations for how security practices should evolve in the AI era. This will potentially include: Vulnerability disclosure processes; Software update processes; Open-source and supply-chain security; Software development lifecycle and secure-by-design practices; Standards for regulated industries; Triage scaling and automation; and Patching automation.”
What Glasswing Means for Cybersecurity Vulnerabilities
What Glasswing changes: the scale and speed at which software vulnerabilities can be identified.
If you operate critical infrastructure, this is the first credible technology that could systematically scan the open-source dependencies your stack is built on at a pace and depth no human team could match.
Open-source software constitutes the vast majority of code in modern systems. As Anthropic put it in the announcement: “Open source maintainers—whose software underpins much of the world’s critical infrastructure—have historically been left to figure out security on their own.”
Glasswing is, at minimum, an attempt to change that equation. A model that can proactively identify and fix vulnerabilities at scale is the kind of tool that was needed a long time ago (as pointed out in this interview with internet security legend Dr Whitfield Diffie).
What Glasswing doesn’t change—yet: the ability of organisations to absorb what AI finds.
This is the uncomfortable truth sitting underneath the Glasswing announcement. Fewer than 1% of the vulnerabilities identified by Mythos were patched. Not because the patches are impossible, but because the existing ecosystem—the patch cycles, the human verification processes, the change management workflows—wasn’t built for a world where vulnerabilities arrive in a tsunami rather than a trickle.
Defenders still operate on calendar speed. A typical remediation cycle involves triaging a finding, verifying it’s exploitable in your specific environment, getting sign-off, deploying a patch, and validating the fix. That normally takes days, and when thousands of findings land simultaneously, multiple days per finding is not a pace anyone can sustain.
The cybersecurity industry has been circling this structural problem for years. Glasswing just made it impossible to ignore.
The Implications for Cloud Service Providers
For those running Cloud infrastructure at scale, Project Glasswing raises several issues.
1. Your open-source dependencies are now a known attack surface—at AI scale and speed
Every library your platform relies on, every open-source component in your stack, can now be scanned at a depth and speed that exceeds traditional tooling. This is good news for defenders who have access to these capabilities. It’s a more complex picture as Mythos-class models eventually proliferate more broadly.
2. The asymmetry between finding and fixing is the next frontier
Glasswing solved the discovery problem. What it revealed is that the industry lacks the remediation infrastructure to match. Cloud providers are uniquely positioned—and uniquely pressured—to build that infrastructure. Automated patch validation, AI-assisted fix generation, and machine-speed deployment pipelines are no longer aspirational R&D projects. They’re competitive necessities.
3. Coalition models are becoming the new standard
Glasswing’s structure—a core group of trusted partners with controlled access, governed by a shared mission—is a template that the industry should expect to see replicated. The days of “we’ll handle security internally” are being replaced by something more collaborative and more honest about the scale of the challenge. For CSPs, this means the security partnerships you’re building today matter in ways they didn’t three years ago.
4. The regulatory dimension is coming
Anthropic has already floated the idea of an independent third-party body governing AI-driven cybersecurity capabilities. Governments across the world are watching Glasswing closely. For an industry that’s spent years navigating evolving data sovereignty rules, AI-specific security governance frameworks are likely the next chapter—and Cloud providers will be at the centre of those conversations.
5. Threat actors are watching too
The window between Anthropic’s controlled preview and broader availability of Mythos-class capabilities—from Anthropic or from other labs—is not infinite. The organizations that use this period to fundamentally rethink their security architecture will be in a materially different position from those that treat Glasswing as a news story rather than a starting gun.
Project Glasswing: an “Urgent Attempt”
Anthropic’s own language around Glasswing is striking in its candour. The company describes it as “an urgent attempt” to put frontier AI capabilities to work for defensive purposes before they proliferate to hostile actors. That phrase—urgent attempt—doesn’t promise success. It acknowledges that failure is very possible.
Glasswing’s coalition partners sound cautiously optimistic. The glasswing butterfly’s transparency is its strength. You can see right through its wings—there’s no pretence of opacity. Anthropic claims to have chosen the same posture here: publishing technical details on vulnerabilities already patched, committing to public reporting, and openly acknowledging both the power and the risk of what it has built.
For an industry that has historically preferred to keep its security problems quietly in-house, that level of transparency is itself notable.
The work of defending the world’s cyber infrastructure might take years. Frontier AI capabilities are advancing in months. Project Glasswing is not the final answer—but it is, for now, the most serious and promising game in town.
For the Cloud infrastructure community, the question is no longer whether AI will reshape cybersecurity. It already has. The question is whether the industry will evolve rapidly or, possibly, face extinction.
For technical details on the vulnerabilities identified by Claude Mythos Preview, including those already patched, Anthropic has published a detailed breakdown on its Frontier Red Team blog.
Access to Mythos Preview for Project Glasswing participants is available via the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.
Image credit: ScottWylie
