Anthropic launches ‘Project Glasswing’ after its new AI model finds thousands of zero-day flaws

Anthropic has launched Project Glasswing, a cross-industry initiative to secure critical software systems against a new class of AI-driven cyber threats powered by its unreleased Claude Mythos Preview model.

The company warns that frontier AI systems can now identify and exploit vulnerabilities at a scale that rivals or exceeds top human experts.

The initiative brings together major players, including Amazon Web Services, Apple, Google, Microsoft, NVIDIA, Cisco, CrowdStrike, Palo Alto Networks, and the Linux Foundation, alongside JPMorganChase. Participants are being granted controlled access to the Claude Mythos Preview to strengthen defenses across widely used software and infrastructure.

Mythos uncovered zero-days everywhere

Anthropic says the model has already identified thousands of high-severity vulnerabilities, including zero-day flaws affecting all major operating systems and web browsers. Some of these issues had remained undiscovered for decades. Examples include a 27-year-old vulnerability in OpenBSD that allowed remote system crashes, and a long-standing FFmpeg flaw missed by millions of automated tests. The model also demonstrated the ability to chain multiple Linux kernel bugs to gain full system control.

Due to concerns about misuse, the company is not releasing Mythos Preview publicly, limiting access to a vetted group of over 40 organizations. Chief science officer Jared Kaplan said the goal is to give defenders a head start as similar capabilities emerge elsewhere.

Project Glasswing participants are using the model for tasks such as vulnerability discovery, penetration testing, and auditing both proprietary and open-source code. Anthropic has committed up to $100 million in usage credits and an additional $4 million in funding for open-source security efforts, including support for the Apache Software Foundation and Linux Foundation initiatives.

According to benchmark results shared by Anthropic, Mythos Preview scored 83.1% on the CyberGym vulnerability reproduction test, outperforming Claude Opus 4.6. It also achieved strong results across software engineering benchmarks, demonstrating advanced reasoning and autonomous code analysis. Among early adopters, AWS has used the model to analyze critical codebases, while Microsoft observed improved vulnerability detection using its CTI-REALM benchmark.

Anthropic plans to publish findings from Project Glasswing within 90 days, including details on patched vulnerabilities and updated security practices. Focus areas will include disclosure processes, automated patching, supply chain security, and secure-by-design development standards.

Although Mythos Preview will remain restricted, Anthropic aims to deploy similar models with stronger safeguards in the future. The company is also working with government agencies, as AI-driven cyber capabilities become an increasing national security concern.