Project Glasswing: How Anthropic Is Using Claude Mythos to Secure the Internet

For years, the cybersecurity community has operated under an uncomfortable truth: the attackers are winning. Frontier AI models can now identify and exploit software vulnerabilities faster than any human team can find and patch them. The asymmetry between offense and defense has never been more pronounced.

Project Glasswing is Anthropic's answer. Rather than allowing those same AI capabilities to become a weapon of mass compromise, Anthropic is redirecting its most powerful unreleased model — Claude Mythos Preview — toward defense. The initiative pairs Mythos with a consortium of twelve of the world's most consequential technology organizations and grants early access to over 40 critical infrastructure operators across energy, telecommunications, finance, and government sectors.

The name Glasswing — a reference to the glasswing butterfly, whose transparent wings make it nearly invisible to predators — reflects the initiative's philosophy: building security that works quietly, continuously, and at a scale no human team could match. Where attackers probe in the dark, Glasswing is already looking.

The mechanics are straightforward but the ambition is extraordinary. Claude Mythos Preview autonomously scans codebases, binaries, and running systems for previously unknown vulnerabilities. When it finds one, it develops a proof-of-concept exploit to confirm exploitability, then routes the finding to the responsible maintainer — all before any public disclosure. Maintainers receive a 90-day remediation window, after which Anthropic publishes full technical details along with the fix.

Project Glasswing launches with an unprecedented consortium of technology leaders spanning cloud infrastructure, cybersecurity, hardware, financial services, and open-source software. Each partner contributes both access to their production codebases and domain expertise that shapes how Mythos prioritizes its analysis.

Claude Mythos Preview is Anthropic's most capable unreleased model — a system built specifically for agentic, long-horizon tasks that require sustained reasoning over complex technical material. In the context of Project Glasswing, it operates as an autonomous security researcher that never sleeps, never gets tired, and can hold an entire large codebase in context simultaneously.

Mythos Preview's core security capabilities are formidable:

• Autonomous zero-day identification — the model can identify classes of vulnerabilities that have no existing CVE or known exploit pattern, reasoning from first principles about how a system could be made to behave unexpectedly.
• Exploit development — rather than flagging theoretical issues, Mythos develops working proof-of-concept exploits to confirm that a vulnerability is genuinely exploitable, dramatically reducing false-positive noise for maintainers.
• 83.1% vulnerability reproduction accuracy — on standardized benchmarks, Mythos correctly reproduces and validates reported vulnerabilities in over four out of five cases, far surpassing previous-generation models.

The results in early deployment speak for themselves. Mythos has already found thousands of critical vulnerabilities in every major operating system and browser. Notable findings include previously unknown flaws in the OpenBSD codebase (27 years old), multiple vulnerability chains in FFmpeg (16 years old), and memory-safety issues in the Linux kernel that had persisted through decades of intensive human review.

These are not obscure packages with limited users. They are the foundational software on which modern civilization runs — and they had been considered well-audited. Mythos found gaps that thousands of expert human eyes had missed.

Project Glasswing follows a rigorous four-stage pipeline designed to maximize the signal-to-noise ratio for maintainers while ensuring that no vulnerability is disclosed publicly before a fix is available.

The urgency behind Project Glasswing is not coming from Anthropic alone. The 12 launch partners have been explicit about why they signed on — and what they believe is now at stake.

Claude Mythos Preview will be available through the standard Anthropic distribution channels once it exits the Glasswing preview phase. Organizations can access it via:

• Claude API — direct integration for teams building security tooling
• Amazon Bedrock — fully managed deployment within AWS environments
• Google Cloud Vertex AI — integrated into existing GCP security workflows
• Microsoft Azure AI Foundry — available within Azure-native security pipelines

Post-preview pricing has been set at $25 per million input tokens and $125 per million output tokens — positioning Mythos as a professional-grade tool for organizations with serious security mandates.

Two additional access pathways are worth noting. Open-source maintainers can apply for subsidized access through the Claude for Open Source program, which specifically targets security research on public-benefit codebases. Security professionals and researchers can apply for the Cyber Verification Program, which provides credentialed access at reduced cost in exchange for structured reporting of findings.

Many AI models can write code or answer questions about software. Fewer are suited to the specific demands of high-stakes security work, where a single incorrect conclusion can either leave a critical vulnerability unpatched or trigger a costly false-alarm response. Claude's architecture offers several characteristics that make it distinctively well-suited for this domain:

Instruction Fidelity

Security workflows require precise adherence to constraints — scanning only permitted systems, following specific disclosure timelines, respecting scope boundaries. Claude consistently follows complex, multi-part instructions without drift, a property that is non-trivial in long agentic runs.

1M Token Context (Opus 4.6)

Meaningful vulnerability analysis often requires holding an entire large codebase — not just a file or a function — in context simultaneously. Claude Opus 4.6's one-million-token context window makes this possible for codebases that would overwhelm smaller context models.

MCP Integrations

The Model Context Protocol allows Claude to connect directly to version control systems, CI/CD pipelines, vulnerability databases, and ticketing systems — creating fully automated security workflows without manual handoffs.

Safety-by-Design and Constitutional AI

Anthropic built Claude around a Constitutional AI framework that encodes values and constraints at the model level, not just at the system-prompt level. For security applications where the model is handling sensitive exploit code, this architectural approach to safety provides meaningful guarantees that prompt-level guardrails cannot.

Project Glasswing represents a genuine inflection point. For the first time, the same AI capabilities that have shifted the offense-defense balance toward attackers are being systematically turned toward protection — and at a scale that no prior security initiative has matched. The 83.1% vulnerability reproduction accuracy, the thousands of critical findings already delivered to maintainers, the 40+ critical infrastructure organizations now operating with Mythos's assistance: these are not theoretical numbers. They describe a system that is, right now, making the software the world runs on measurably safer.

The window for organizations to get ahead of this shift is open — but it will not stay open indefinitely. As AI-powered attacks become more prevalent and more automated, having AI-powered defense in place before an incident, not after, will increasingly define the difference between organizations that weather the next wave of cyber threats and those that do not. Project Glasswing has drawn that line in the sand. The question for every organization is which side of it they intend to be on.