Project Glasswing

What is Project Glasswing?

Project Glasswing is a controlled-access cybersecurity initiative launched by Anthropic on April 7, 2026, designed to deploy its most capable and restricted frontier model, Claude Mythos Preview, exclusively to a vetted consortium of organizations responsible for critical global infrastructure. Rather than releasing Mythos through the public Claude API, Anthropic structured Project Glasswing as a purpose-gated program where access requires meeting specific security requirements and committing to using the model solely for defensive purposes. The initiative's stated goal is to secure the world's critical software for the AI era while preventing the model's offensive capabilities from being misused. Anthropic Mythos is the foundation model underpinning the entire program.

Description

Project Glasswing launched with twelve founding partners: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The program provides partners with access to Claude Mythos Preview, up to $100 million in usage credits, and $4 million in donations to open-source security organizations. Anthropic structured the program as a deliberate inversion of its standard release approach: for the first time, the company gated a frontier model behind a vetted consortium rather than releasing it through the public API. The reason is dual-use risk — Mythos Preview can autonomously discover and weaponize zero-day vulnerabilities, and Anthropic privately briefed senior U.S. officials that uncontrolled release could make large-scale cyberattacks significantly more likely in 2026. By June 2, 2026, Anthropic expanded Project Glasswing to approximately 150 additional organizations across more than 15 countries, including sectors not represented in the initial launch: power, water, healthcare, communications, and hardware. NATO and the EU's ENISA cybersecurity agency also received access. Within the program's first weeks, Project Glasswing partners reported more than 23,000 vulnerabilities identified by Claude Mythos Preview, with over a quarter rated high-severity or critical. Anthropic's manual review of a sample found that 90.6% of those high-severity ratings were accurate. Partners are using the model not only to find vulnerabilities but to write patches — deploying AI for the full vulnerability lifecycle from discovery to remediation. Project Glasswing is intentionally temporary in its restricted form: Anthropic has stated its long-term goal is to enable Mythos-class models to be safely deployed at scale, contingent on developing cybersecurity safeguards robust enough to block the model's most dangerous outputs. OpenAI Daybreak is the most direct competitive response to Project Glasswing, launched by OpenAI on May 11, 2026.

Usage and Examples

A mid-sized software company responsible for an open-source networking library used by millions of systems globally receives a Project Glasswing invitation after Anthropic's review determines that a successful attack against their codebase could affect more than 100 million people — the threshold Anthropic uses to qualify organizations for expanded access. After meeting security requirements and signing the program agreement, the company points Claude Mythos Preview at their codebase. Within 72 hours, the model surfaces 47 previously unknown vulnerabilities — three rated critical, including a memory corruption issue in the TLS implementation that had existed undetected for six years. The model also drafts patches for each finding. The company's security team reviews, tests, and ships the patches within two weeks. This workflow — AI-accelerated discovery and remediation for critical infrastructure software — is precisely what Project Glasswing was designed to enable. Smaller organizations participating in the program can also benefit from vulnerability intelligence that would otherwise require a dedicated red team of expert human security researchers to generate.

How Does This Relate to Penetration Testing?

Project Glasswing is relevant to penetration testing in two ways. First, the model's autonomous vulnerability discovery capabilities — finding and exploiting zero-days across major operating systems and browsers — represent the most advanced AI-assisted offensive security capability demonstrated publicly as of 2026. Understanding how AI-augmented attack tools are evolving is essential context for organizations evaluating their security posture and for penetration testers planning engagements that reflect real-world adversary capability. Second, Project Glasswing's defensive application — using the same AI model to find and fix vulnerabilities before attackers do — is the most ambitious implementation of the offensive-informs-defensive security model to date. Red Team engagements and Advisory services from Evolve Security apply this same philosophy at the organizational level: using attacker-perspective methodology to generate actionable defensive improvements before real adversaries find the same vulnerabilities. Evolve Security's Red Team and Advisory services apply the same offensive-informs-defensive principle as Project Glasswing — using attacker-perspective testing to find and prioritize vulnerabilities before adversaries do.