Image source: Martin Leber, Shutterstock
A who’s who of the tech industry has rallied behind Anthropic’s plan to use a powerful, unreleased AI model to hunt down dangerous software flaws. Here’s what they’re doing.
Project Glasswing, launched on April 9, 2026, is a new, high-profile cybersecurity initiative that brings together major technology companies to explore how advanced artificial intelligence can be used to find and fix software vulnerabilities before attackers exploit them.
The project is backed by Anthropic and supported by a broad coalition of industry leaders. It reflects growing urgency—and concern—around the role AI will play, both as a defensive tool and a potential threat. The following FAQ breaks down what the project is, who’s involved, and why it matters.
What exactly is Project Glasswing?
Think of it as a kind of neighborhood watch program for the Internet, except instead of volunteers with flashlights, it’s some of the biggest names in tech using cutting-edge AI to hunt down and fix hidden dangers in the software the world runs on. The name, incidentally, comes from the Greta Oto, or glasswing, butterfly, whose transparent wings let it hide in plain sight, –like all the invisible vulnerabilities the project is trying to surface.
Although the risks from AI-augmented cyberattacks are serious, there is reason for optimism: the same capabilities that make AI models dangerous in the wrong hands make them invaluable for finding and fixing flaws in important software—and for producing new software with far fewer security bugs. Project Glasswing is an important step toward giving defenders a durable advantage in the coming AI-driven era of cybersecurity—Anthrophic
Who’s involved?
A pretty impressive lineup actually, for a brand-new project. Project Glasswing is Anthropic’s brainchild. The initial group includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, Palo Alto Networks, and the Linux Foundation. More than 40 other organizations responsible for critical software infrastructure are also participating. Funded by $100 million in model usage credits and $4 million in donations to open-source security organizations, the initiative is Anthropic’s attempt to give defenders a meaningful head start in what it describes as an urgent and rapidly narrowing race.What‘s the goal?
What’s the goal?
Project Glasswing gives select organizations early, controlled access to Anthropic’s Claude Mythos Preview, an unreleased frontier AI model with supposedly exceptional agentic coding and reasoning capabilities. The goal is to give participating organizations a way to proactively identify and fix vulnerabilities before attackers can exploit them. The project positions AI as a defensive tool in cybersecurity rather than a threat.
The goal is to use the Claude Mythos’ advanced agentic coding and reasoning capabilities to proactively find and fix high-severity zero-day vulnerabilities in operating systems, browsers, open-source components, and proprietary code before attackers can exploit them, while sharing key learnings with the broader industry.
But haven’t these vendors been doing this sort of threat hunting for ages?
Indeed, they have. The difference with Project Glasswing is they will leverage AI smarts to assist their vulnerability hunting. Claude Mythos Preview has already demonstrated the ability to autonomously discover thousands of serious flaws — including decades-old vulnerabilities in every major operating system and web browser. Examples include a remotely executable flaw that had remained undetected for 27 years in OpenBSD, one of the most security-hardened operating systems in the world, and a bug in the FFmpeg library for encoding and decoding video/audio that had gone undetected for 16 years and through five million automated tests previously.
What happens next?
Anthropic will publish a public report within 90 days that will describe all the bugs that the participating entities have found and fixed in their products as part of Project Glasswing. Participating companies will share learnings with each other, and Anthropic will work with leading security organizations to produce practical guidance on how the industry needs to evolve their practices around vulnerability disclosures, patching and building secure code from the ground up.
What does this mean for cybersecurity going forward?
Potentially a lot. Security work that used to require expensive, hard-to-find specialists can now be done faster and more thoroughly than ever before. That’s particularly meaningful for the people who maintain open-source software, which quietly powers a huge chunk of the world’s digital infrastructure but has historically been managed by small teams with little dedicated security support. Project Glasswing is specifically designed to get these tools into their hands.
What about the flip side? Could bad actors use the same technology?
Absolutely, and that is a big concern. The same capabilities that make Mythos Preview a powerful defensive tool make it a potentially dangerous offensive one especially in the hands of sophisticated state-sponsored actors and advanced persistent threat groups. AI is already enabling bad actors to find and exploit vulnerabilities far more easily than before and the broad availability of models like Mythos could significantly worsen the situation. There is a very real fear that tools like Mythos will allow adversaries to develop entirely new attack tactics that humans cannot come up with on their own. That is the main reason Anthropic won’t release the model publicly till it is able to implement at least some kind of safeguards.
Recommended reading: Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic