ANTHROPIC LAUNCHES PROJECT GLASSWING, GIVING CONTROLLED ACCESS TO CLAUDE MYTHOS FOR VULNERABILITY DISCOVERY
Anthropic formed Project Glasswing and is withholding its Claude Mythos Preview model for controlled, defensive use after it found thousands of high‑severity bu...
Anthropic formed Project Glasswing and is withholding its Claude Mythos Preview model for controlled, defensive use after it found thousands of high‑severity bugs.
Anthropic’s new coalition, Project Glasswing, includes AWS, Apple, Google, Microsoft, NVIDIA, JPMorganChase, and others using the unreleased Mythos Preview to harden critical software. Anthropic says Mythos has already uncovered thousands of severe vulnerabilities across every major OS and browser, with a limited rollout to 12 anchor partners and 40+ orgs, plus $100M in credits and $4M to open‑source security.
In parallel, Anthropic detailed practices for trustworthy agents that emphasize human control, secure tool use, transparent actions, and prompt‑injection defenses—useful patterns if your internal agents can read code, run tools, or touch prod.
Community coverage like this newsletter deep dive and YouTube explainers (video 1, video 2) discuss early benchmark chatter, but Anthropic’s official post focuses on controlled, defensive use.
If large models can reliably find novel vulns at scale, engineering orgs will face faster zero‑day discovery and tighter patch timelines.
Agent patterns and guardrails are moving from nice‑to‑have to mandatory as automated systems gain real execution power.
-
terminal
Run a focused red‑team on a representative service: combine existing scanners (e.g., SAST/DAST) with an LLM code reviewer (e.g., Claude Code) to measure triage throughput and false positives.
-
terminal
Build a prompt‑injection gauntlet for internal agents (repo bots, ops assistants): least‑privilege credentials, allowlisted tools, sandboxing, and audit logs; track blocked vs successful unsafe actions.
Legacy codebase integration strategies...
- 01.
Centralize SBOMs and dependency inventories; auto‑open vulnerability tickets per service and expect a spike if Glasswing access surfaces latent issues.
- 02.
Pre‑define emergency patch paths: feature flags, hotfix branches, maintenance windows, and rollback playbooks for zero‑days found by third parties.
Fresh architecture paradigms...
- 01.
Design for rapid patchability: config‑driven rollouts, kill switches, canaries, and egress filters on new services.
- 02.
Build agents with explicit tool contracts, sandboxed execution, read‑only defaults, and human approval for state‑changing actions.