Project Glasswing

Background ― Why a Consortium Is Needed

As AI has dramatically enhanced the ability to discover software vulnerabilities, it is becoming a security concern whether offensive or defensive actors will be the first to leverage that capability. Claude Mythos Preview, developed by Anthropic, has discovered thousands of zero-day vulnerabilities spanning major operating systems and web browsers, including a remote crash bug that had lurked in OpenBSD for 27 years and a 16-year-old bug in FFmpeg that evaded 5 million automated tests.

Rather than a single company monopolizing this capability, Project Glasswing was launched as a framework for the entire industry to use it defensively.

Participating Organizations and Scale

The consortium includes AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Defensive access to Claude Mythos is also being extended to more than 40 OSS maintenance organizations.

Anthropic's financial commitment is substantial. In addition to up to $100 million in model usage credits, the company has announced $4 million in direct grants to OSS security organizations. Many OSS projects operate on a volunteer basis and lack sufficient resources to dedicate to security audits. How effective this funding will prove in practice depends on future operations, but it appears to be the largest AI security investment in the OSS ecosystem to date.

Technical Approach

The core of Glasswing is "defensive scanning," but its methodology is fundamentally different from conventional static analysis tools or fuzzing. Claude Mythos can read large codebases with full context, and is capable not only of discovering vulnerabilities, but also of generating exploit code that actually abuses them, and of producing remediation patches — all in an end-to-end workflow.

While the shift-left principle in DevSecOps aims to "eliminate vulnerabilities early in development," Glasswing takes a complementary approach: "retroactively and comprehensively identifying vulnerabilities in already-deployed code." If AI red-teaming is an attack simulation conducted by a human team, Glasswing can be understood as an attempt by defenders to get ahead of the curve through continuous, large-scale AI-driven attack simulation.

On the CyberGym benchmark, Mythos scores 83.1% (compared to 66.6% for Opus 4.6), and also achieves top-tier results on SWE-bench Prop and Terminal-Bench 2.0, suggesting it can address not only known categories as classified by OWASP, but also unclassified attack surfaces.

Connection to Supply Chain Defense

Discovered vulnerabilities are handled in accordance with Responsible Disclosure principles: details are made public only after the relevant projects have been notified and patches have been confirmed. Unpatched vulnerabilities are disclosed only by hash. By using AI to accelerate this "discovery → reporting → remediation → disclosure" cycle, there is potential to shorten the window of exposure for supply chain attacks.

Anthropic positions Glasswing as a "starting point," stating that as frontier AI capabilities continue to advance, ongoing coordination among AI developers, security vendors, OSS maintainers, and governments will be essential.