Project Glasswing explained: Anthropic and tech giants join forces against AI cyber threats
Claude Mythos Preview autonomously found a 27-year-old vulnerability in OpenBSD
Anthropic has developed Claude Mythos Preview, a frontier model with unprecedented capabilities in finding and exploiting software vulnerabilities.
It is no mistake to say that humanity has entered an AI-powered era where AI models equipped with a high level of coding can overshadow skilled humans at discovering these vulnerabilities.
However, such immense capability exhibited by AI models is not bereft of potential challenges. It could cause catastrophic results if used maliciously.
Given the possibilities of misuse, Anthropic has launched “Project Glasswing” in collaboration with major tech giants and organizations, aiming to use Mythos Preview for defensive purposes, scanning critical infrastructure and open-source code to patch flaws before adversaries can exploit them.
‘Mythos’ breakthrough
In a recent breakthrough, Claude Mythos Preview is found to outperform previous models, including Claude Opus 4.6 in agentic coding and reasoning.
The model autonomously found a 27-year-old vulnerability in OpenBSD and a 16-year-old flaw in FFmpeg that had been overlooked in millions of automated tests.
However, the model can also discover and chain multiple vulnerabilities together to gain full system control without human intervention, leading to autonomous exploitation.
Benchmarking the shift
Evaluation benchmarks highlight stark differences between Mythos Preview and our next-best model, Claude Opus 4.6.
Cybersecurity Vulnerability Reproduction
- Mythos model: 83.1 percent
- Claude Opus 4.6: 66.6 percent
SWE-bench Verified (Coding)
- Mythos model: 93.9 percent
- Claude Opus 4.6: 80.8 percent
GPQA Diamond (Expert Reasoning)
- Mythos model: 94.6 percent
- Claude Opus 4.6: 91.3 percent
OSWorld-Verified (Computer Use)
- Mythos model: 79.6 percent
- Claude Opus 4.6: 72.7 percent
‘Project Glasswing’: A leap towards AI-driven cybersecurity
It is hard to rule out this possibility that such unprecedented capabilities of Mythos model cannot be misused by rogue actors. Therefore, Anthropic announced to create an industry consortium to tackle the cybersecurity implications stemming from the new model.
The group includes Microsoft, Apple, Google, Amazon Web Services, the Linux Foundation, Cisco, Nvidia, Broadcom, and more than 40 other tech, cybersecurity and financial organizations.
The consortium will have private access to the model, which has not been released yet.
The objectives of Project Glasswing include defensive priority, ensuring defenders have the strongest tools first.
Under this project, the partners will gain access to the model to find critical vulnerabilities and secure operating systems, financial systems, and web browsers.
Anthropic is also committing $100M in usage credits to help partners and open-source maintainers run these high-cost scans.
Claude Mythos Preview will be accessible through the Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry.
According to Logan Graham, the company's frontier red team lead, reported by Wired, “The real message is that this is not about the model or Anthropic. We need to prepare now for a world where these capabilities are broadly available in 6, 12, 24 months. Many of the assumptions that we’ve built the modern security paradigms on might break.”
“We have seen Mythos Preview accomplish things that a senior security researcher would be able to accomplish. This has very big implications then for how capabilities like this should be released. If done carefully, this could be a meaningful accelerant for attackers,” Graham said.
