Home
News
Details

Anthropic Launches $100M Project Glasswing with 12 Tech Giants to Address Global Software Vulnerabilities

iconTechFlow
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
Anthropic announced Project Glasswing, a $100 million initiative with AWS, Apple, Google, Microsoft, NVIDIA, and nine other technology leaders to address global software vulnerabilities. The project leverages Anthropic’s AI model, Claude Mythos Preview, to detect and remediate critical flaws before they can be exploited. The company is providing $100 million in model usage credits and $4 million in direct support to open-source security organizations. The model has already identified thousands of zero-day vulnerabilities in major operating systems and browsers, some dating back decades. The announcement underscores a broader effort to secure digital infrastructure, aligning with ongoing global discussions on cryptocurrency policy.

Author: Anthropic

Compiled by: DeepWave TechFlow

DeepChain Overview: Anthropic has released an unreleased cutting-edge model, Claude Mythos Preview, whose code auditing capabilities surpass those of the vast majority of human security experts and can autonomously discover zero-day vulnerabilities that have existed for decades.

Leveraging this capability, Anthropic has partnered with AWS, Apple, Google, Microsoft, NVIDIA, and 11 other tech giants to launch Project Glasswing, committing $100 million in credit to patch vulnerabilities in critical global software before attackers can gain equivalent capabilities.

Introduction

Today we announce Project Glasswing, a new initiative bringing together AWS, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks to secure the world’s most critical software.

We launched Project Glasswing because a new frontier model trained by Anthropic has demonstrated capabilities that we believe could reshape the landscape of cybersecurity. Claude Mythos Preview is a general-purpose, unreleased frontier model that reveals a sobering truth: AI models have reached a level of coding proficiency where they can outperform all but the most elite experts in discovering and exploiting software vulnerabilities.

Mythos Preview has already discovered thousands of critical vulnerabilities across every major operating system and every major browser. Given the pace of AI advancement, this capability will likely spread in the near future and may fall into the hands of irresponsible users. The impact on the economy, public safety, and national security could be severe. Project Glasswing is an urgent effort to prioritize these capabilities for defense.

As part of Project Glasswing, the above partners will use Mythos Preview in their defensive security efforts; Anthropic will share the lessons learned to benefit the entire industry. We have also granted access to more than 40 other organizations that build or maintain critical software infrastructure, enabling them to scan and harden their own systems and open-source systems. Anthropic is committing up to $100 million in Mythos Preview credits and $4 million in direct grants to open-source security organizations.

Project Glasswing is just the beginning. No single organization can solve cybersecurity challenges alone: frontier AI developers, other software companies, security researchers, open-source maintainers, and governments worldwide all play irreplaceable roles. Defending global cyber infrastructure may take years; while frontier AI capabilities could advance dramatically within the coming months. Cyber defenders must act now to stay ahead.

Cybersecurity in the AI Era

The software we rely on every day—running banking systems, storing medical records, connecting logistics networks, and keeping the power grid operational—has always had bugs. Most are inconsequential, but some are serious security flaws that, once discovered, allow attackers to hijack systems, disrupt operations, or steal data.

The destructive consequences of cyberattacks on enterprise networks, healthcare systems, energy infrastructure, transportation hubs, and various governmentagencies around the world are well documented. On a global scale, state-sponsored attacks from China, Iran, North Korea, and Russia have threatened the infrastructure that supports civilian life and military readiness. Even small-scale attacks targeting a single hospital or school can result in massive financial losses, exposure of sensitive data, and even loss of life. The annual global economic loss from cybercrime is difficult to estimate precisely but is likely around $500 billion.

In the past, many software flaws went undetected for years because finding and exploiting them required expertise possessed by only a handful of security specialists. But with the emergence of the latest frontier AI models, the cost, effort, and expertise needed to discover and exploit software vulnerabilities have been dramatically reduced. In the past year, AI models have grown increasingly adept at reading and reasoning about code, particularly in identifying vulnerabilities and constructing exploits. Claude Mythos Preview has made a leap forward in these cybersecurity skills—it has discovered vulnerabilities that survived decades of human review and millions of automated security tests, and its developed exploit code is becoming increasingly sophisticated.

A decade after the first DARPA Cyber Grand Challenge, cutting-edge AI models are approaching or even matching the top human capabilities in discovering and exploiting vulnerabilities. Without essential security measures, these powerful cyber capabilities could be used to exploit the vast number of existing flaws in the world’s most critical software. Cyberattacks will become more frequent and destructive, empowering adversaries of the United States and its allies. This is a security priority that democratic nations must take seriously.

The good news is that the very capabilities that make AI models dangerous in the wrong hands also make them invaluable for discovering and fixing critical software flaws—and for helping produce new software with fewer security bugs. Project Glasswing is a crucial step toward giving defenders a lasting advantage in the upcoming AI-driven cybersecurity era.

Claude Mythos Preview's ability to identify vulnerabilities and exploitation methods

Over the past few weeks, we used Claude Mythos Preview to discover thousands of zero-day vulnerabilities—previously unknown flaws to software developers—in every major operating system, every major browser, and a range of other critical software, many of which are classified as high severity.

On Frontier Red Team Blog, we disclosed technical details of some of the vulnerabilities that have been patched, along with the exploitation methods identified by Mythos Preview. The discovery of nearly all these vulnerabilities—and the development of many related exploits—was completed entirely autonomously by the model, without any human guidance. Here are three examples:

  • Mythos Preview discovered a 27-year-old vulnerability in OpenBSD. OpenBSD is renowned for its extremely high level of security hardening and is widely used in firewalls and other critical infrastructure. This vulnerability allows attackers to remotely crash a target machine simply by connecting to it.
  • It also discovered a 16-year-old vulnerability in FFmpeg, which is used by countless software applications for video encoding and decoding. The issue stemmed from a single line of code, and an automated testing tool had hit that line five million times without ever detecting the problem.
  • The model autonomously discovered and chained together several vulnerabilities in the Linux kernel (which powers the majority of servers worldwide) to achieve privilege escalation from standard user access to full machine control.

We have reported all of the above vulnerabilities to the relevant software maintainers, and all have been patched. For many other vulnerabilities, we are today providing cryptographic hashes (see the Red Team blog) and will disclose specific details only after patches are completed.

Evaluation benchmarks such as CyberGym also confirm the significant gap between Mythos Preview and our second-strongest model, Claude Opus 4.6:

CyberGym: Reproducing Network Security Vulnerabilities

image

In addition to our own work, many partners have been using Claude Mythos Preview for several weeks. Here is their feedback:

AI capabilities have crossed a threshold, fundamentally and irreversibly changing the urgency required to protect critical infrastructure from cyber threats. Our foundational work with these models demonstrates that security vulnerabilities in hardware and software can now be identified and remediated at an unprecedented speed and scale. This is a profound shift—and a clear signal: traditional approaches to system hardening are no longer sufficient. Technology providers must immediately adopt new methods proactively, and customers must prepare for deployment. That’s why Cisco is joining Project Glasswing—this work is too important and too urgent to tackle alone.

—— Anthony Grieco, Senior Vice President and Chief Security and Trust Officer at Cisco

At AWS, we build defenses before threats emerge, from custom chips to the entire technology stack. Security isn’t a phase—it’s continuous and embedded in everything we do. Our team analyzes over 400 trillion network events daily to detect threats, and AI is at the core of our scalable defense capabilities. We’ve been testing Claude Mythos Preview within our own security operations, applying it to critical codebases, and it’s already helping us harden our code. We’re bringing deep security expertise to our collaboration with Anthropic to help strengthen Claude Mythos Preview so more organizations can advance their work with the highest security standards.

—— Amy Herzog, Vice President and Chief Information Security Officer, Amazon Web Services

When cybersecurity is no longer limited by human capacity alone, the opportunity to responsibly use AI to scale security and reduce risk is unprecedented. By joining Project Glasswing and gaining access to Claude Mythos Preview, we are able to identify and mitigate risks earlier, enhancing our security and development solutions to better protect customers and Microsoft. When tested against our open-source security benchmark, CTI-REALM, Claude Mythos Preview demonstrated substantial improvements over previous models. We look forward to collaborating with Anthropic and the broader industry to improve security outcomes for everyone.

—— Igor Tsyganskiy, Executive Vice President of Cybersecurity and Microsoft Research at Microsoft

The window between vulnerability discovery and exploitation by attackers has collapsed—what once took months now takes minutes with AI. Claude Mythos Preview demonstrates the potential for defenders to act at scale, and adversaries will inevitably seek to leverage the same capabilities. This is not a reason to slow down, but a reason to accelerate together. Deploying AI requires security guarantees. That’s why CrowdStrike has been involved from day one.

—— Elia Zaitsev, Chief Technology Officer at CrowdStrike

In the past, security expertise was a luxury available only to organizations with large security teams. Open source software maintainers—whose software underpins most of the world’s critical infrastructure—have historically had to figure out security on their own. Open source software makes up the vast majority of code in modern systems, including the very systems that AI agents use to write new software. By giving maintainers of these critical open source codebases access to next-generation AI models capable of proactively identifying and fixing vulnerabilities at scale, Project Glasswing provides a tangible path to changing this reality. This is how AI-augmented security is transitioning from a tool exclusive to large teams into a reliable assistant for every maintainer.

—— Jim Zemlin, CEO of the Linux Foundation

Promoting cybersecurity and resilience in the financial system is central to JPMorgan Chase’s mission, and we believe the industry is strongest when leading institutions collaborate on shared challenges. Project Glasswing offers a unique early opportunity for us to evaluate the capabilities of next-generation AI tools in defensive cybersecurity for critical infrastructure, according to our own standards, while working alongside respected technology leaders. We will take a rigorous, independent approach to determine how to move forward and how best to contribute. Anthropic’s initiative embodies the forward-looking, collaborative approach this moment demands.

— Pat Opet, Chief Information Security Officer at JPMorgan Chase

Google is pleased to see the formation of this cross-industry cybersecurity initiative and is providing Mythos Preview to participants through Vertex AI. Collaboration across the industry on emerging security issues has always been critical—whether in post-quantum cryptography, responsible zero-day vulnerability disclosure, open-source software security, or defending against AI-based attacks. We have long believed that AI presents both new challenges and new opportunities in cyber defense, which is why we’ve built AI-driven tools like Big Sleep and CodeMender to discover and fix critical software vulnerabilities. We will continue investing in leading cybersecurity platforms and a culture centered on protecting users, customers, ecosystems, and national security.

— Heather Adkins, Vice President of Security Engineering at Google

Over the past few weeks, we’ve been using the Claude Mythos Preview model to identify complex vulnerabilities that previous-generation models completely missed. This has not only changed the game for uncovering hidden vulnerabilities, but also means attackers will soon be able to discover and exploit zero-day vulnerabilities faster and more frequently than ever before. Clearly, these models must be placed in the hands of open-source project owners and all defenders to find and patch vulnerabilities before attackers gain access. Perhaps even more importantly: everyone must prepare for AI-assisted attackers. Attacks will be more numerous, faster, and more complex. Now is the time to comprehensively upgrade our cybersecurity infrastructure. We commend Anthropic for collaborating with the industry to ensure these powerful capabilities are prioritized for defense.

—— Lee Klarich, Chief Product and Technology Officer at Palo Alto Networks

The Claude Mythos Preview boasts powerful cybersecurity capabilities, stemming from its exceptional agent coding and reasoning abilities. Evaluation results show that this model has achieved the highest scores among all known models on multiple software coding tasks.

Agent encoding

image

Reasoning

image

Agent search and computer usage

image

Note:

  • SWE-bench Verified, Pro, and Multilingual: Memorization screening flagged some questions. After excluding questions that may have been memorized, Mythos Preview's advantage over Opus 4.6 remains unchanged.
  • SWE-bench Multimodal: Uses internal implementation; scores cannot be directly compared with the public leaderboard.
  • Terminal-Bench 2.0: Using the Terminus-2 framework with adaptive reasoning mode, maximum effort per task with a total budget of 1 million tokens, 1x guarantee / 3x upper limit resource allocation, and averaging over 5 attempts per task. After increasing the timeout limit to 4 hours and applying the Terminal-Bench 2.1 update, the Mythos Preview score reached 92.1%.
  • BrowseComp: Claude Mythos Preview scores higher than Opus 4.6 while using only 1/4.9 of the tokens.
  • Humanity's Last Exam: Mythos performs well even in low-effort mode, suggesting a degree of memorization.

For more information on the model’s capabilities, security properties, and core features, see the Claude Mythos Preview System Card.

We do not plan to make Claude Mythos Preview available to the public, but our ultimate goal is to enable users to safely deploy Mythos-level models at scale—not only for cybersecurity, but also for the many other benefits these high-capability models will bring. To achieve this, we need to make progress in developing security measures for cybersecurity (and other) use cases that can detect and block the most dangerous outputs of these models. We plan to release new safety measures in the upcoming Claude Opus model, allowing us to refine and improve these protections using a model that does not carry the same risk level as Mythos Preview.

Next steps for Project Glasswing

Today's release is the beginning of a long-term effort. Success will require broad participation from both within and outside the technology industry.

Partners of Project Glasswing will gain access to Claude Mythos Preview to identify and remediate vulnerabilities and weaknesses in their underlying systems—systems that constitute a significant portion of the global shared attack surface. Expected areas of focus include local vulnerability detection, binary black-box testing, endpoint hardening, and system penetration testing.

Anthropic’s commitment of $100 million in model usage credits for Project Glasswing and other participants will cover extensive usage during the research preview period. Afterward, Claude Mythos Preview will be available to participants at a rate of $25 per million input tokens and $125 per million output tokens (participants can access the model via the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry).

In addition to model usage credits, we have donated $2.5 million to the Linux Foundation’s Alpha-Omega and OpenSSF, and $1.5 million to the Apache Software Foundation, to help open source maintainers navigate this shifting landscape (interested maintainers can apply for access through the Claude for Open Source program).

We plan to extend this effort over several months, sharing as much of our experience as possible so that other organizations can apply these lessons to their own security. Partners will share information and best practices with each other to the extent permitted; within 90 days, Anthropic will publicly report our findings, along with any disclosed and remediated vulnerabilities and improvements. We will also collaborate with leading security organizations to develop practical recommendations on the evolution of security practices in the AI era, potentially covering: vulnerability disclosure processes, software update procedures, open source and supply chain security, software development life cycle and secure design practices, regulated industry standards, triage scaling and automation, and patch automation.

Anthropic has also been engaging with U.S. government officials on the offensive and defensive cybersecurity capabilities of Claude Mythos Preview. Protecting critical infrastructure is a top national security priority for democratic nations—and the emergence of these cybersecurity capabilities underscores once again that the United States and its allies must maintain a decisive lead in AI technology. Governments play an indispensable role in helping sustain this leadership and in assessing and mitigating national security risks associated with AI models. We are eager to collaborate with government representatives at all levels to support these efforts.

We hope Project Glasswing will catalyze a broader, industry-wide and public-sector effort to collectively address the most pressing safety challenges posed by powerful models. We invite other members of the AI industry to join us in helping to establish industry standards. In the medium term, an independent third-party organization capable of bringing together private and public sector entities could serve as an ideal platform to carry forward these large-scale cybersecurity initiatives.

Note

  1. The project is named after the glasswing butterfly (Greta oto). This metaphor has two layers of meaning: the butterfly’s transparent wings allow it to blend into its surroundings, much like the vulnerabilities discussed in this article that hide within code; similarly, its transparent wings help it avoid harm, just as we advocate for a transparent approach.
  2. The term "Mythos" originates from Ancient Greek, meaning "narrative" or "story": the system of stories civilizations use to understand the world.
  3. Security professionals whose legitimate work is affected by these security measures can apply for the upcoming Cyber Verification Program.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.