Project Glasswing: Anthropic’s Plan to Use AI to Defend the World’s Critical Software
Alongside the Claude Mythos Preview announcement, Anthropic launched Project Glasswing — a coordinated initiative to deploy Mythos’ security capabilities defensively before models with similar capabilities become broadly available. This post explains what Project Glasswing is, how it works, and what it means for software security.
What Project Glasswing Is
Project Glasswing is Anthropic’s structured response to the security implications of Claude Mythos Preview’s capabilities. The core insight driving it: Mythos Preview can find and exploit zero-day vulnerabilities in major operating systems and browsers. This capability will eventually be available in broadly released AI models — either from Anthropic or from others. The window between now and that broader availability is the opportunity to use Mythos defensively — finding and patching the vulnerabilities before attackers with access to similar tools can find and exploit them.
Anthropic’s approach is explicitly modelled on the trajectory of earlier security tools like fuzzers (automated software testing tools). When large-scale fuzzers were first deployed, there were legitimate concerns that they would help attackers find vulnerabilities faster. They did. But modern fuzzers like AFL are now critical components of the defensive security ecosystem — used by projects like OSS-Fuzz to systematically secure open source software. Project Glasswing aims to accelerate this same transition to the defensive equilibrium for AI-powered vulnerability discovery.
How Project Glasswing Works
Limited partner access
Rather than releasing Mythos Preview broadly, Anthropic is initially deploying it to a limited group of vetted partners: critical infrastructure operators, open source security teams, and select industry partners with the expertise and accountability structures to use the tool responsibly for defensive purposes. This approach allows the defensive patching work to begin immediately while maintaining control over who has access to the most capable version of the tool.
Coordinated vulnerability disclosure
The vulnerabilities Mythos finds through Project Glasswing are handled through coordinated disclosure — the standard security industry practice where vulnerabilities are reported to the affected software maintainers and given time to patch before public disclosure. Anthropic’s technical disclosure explicitly notes that over 99% of the vulnerabilities found in their testing have not yet been patched, which is why they cannot publish details about most of them. The coordinated process protects users during the patching window.
Industry preparation
Beyond the direct vulnerability patching work, Project Glasswing includes a public communication component — the technical disclosure that Anthropic published alongside the Mythos Preview announcement. By sharing what they have found and what the model is capable of, Anthropic aims to prepare the broader security industry for the practices that will be needed when models with similar capabilities become widely available. The message: the transition period requires urgent coordinated defensive action, not a wait-and-see approach.
The Security Vulnerabilities Found During Testing
Zero-day vulnerabilities across major platforms
In testing, Mythos Preview identified zero-day vulnerabilities — previously undiscovered vulnerabilities — in every major operating system and every major web browser. Anthropic cannot disclose specifics about the vast majority of these because they have not yet been patched. The ones they can discuss (patched vulnerabilities, including the now-patched 27-year-old OpenBSD bug) demonstrate the depth and breadth of what the model found.
The complexity of the exploits
The exploits Mythos constructed were not simple: one web browser exploit chained four separate vulnerabilities, writing a complex JIT heap spray that escaped both the renderer and OS sandboxes. Local privilege escalation exploits were obtained by exploiting subtle race conditions and kernel address space layout randomisation (KASLR) bypasses. A remote code execution exploit on FreeBSD’s NFS server granted full root access to unauthenticated users by splitting a 20-gadget return-oriented programming chain across multiple packets.
The accessibility of the capability
One of the most significant findings in Anthropic’s disclosure: non-experts can also leverage Mythos Preview to find and exploit sophisticated vulnerabilities. Anthropic engineers with no formal security training asked Mythos Preview to find remote code execution vulnerabilities overnight and woke up the following morning to a complete, working exploit. This democratisation of advanced security capability — both for defenders and potential attackers — is the core reason Project Glasswing exists.
📌 The 99% disclosure constraint is significant: Anthropic states that over 99% of the vulnerabilities found during testing have not yet been patched, making it irresponsible to disclose details. This means that even Anthropic’s public technical disclosure — which describes capabilities that are genuinely striking — represents only the tip of what Mythos Preview found. The full scope of the vulnerability discovery work is being managed through coordinated disclosure with affected software maintainers.
How can my organisation get involved with Project Glasswing?
As of the April 7, 2026 announcement, Project Glasswing is deploying to a limited group of critical industry partners and open source developers. For organisations that operate critical infrastructure or maintain significant open source software, monitoring Anthropic’s official channels (anthropic.com) for application processes or partnership opportunities is the recommended starting point. Anthropic has not yet announced broad public access to the programme.
What should software development teams do now in response to Mythos’s capabilities?
Anthropic’s technical disclosure includes guidance for cyber defenders. The immediate priorities: ensure your software dependencies are up to date and known vulnerabilities are patched (Mythos demonstrates that N-day vulnerabilities — known but unpatched — can be rapidly weaponised), invest in automated vulnerability scanning of your codebase, participate in bug bounty programmes if you operate significant software, and follow Anthropic’s Project Glasswing communications for updated guidance as the programme develops.
Want to Understand AI’s Impact on Your Technology Security?
SA Solutions helps businesses navigate the AI landscape — including understanding the security implications of frontier AI advances and how to prepare your technology stack.
