ANTHROPIC LAUNCHES PROJECT GLASSWING, USING UNRELEASED CLAUDE MYTHOS TO HARDEN CRITICAL SOFTWARE WITH INDUSTRY PARTNERS
Anthropic unveiled Project Glasswing, a defense-focused program using its unreleased Claude Mythos model to find and fix critical software vulnerabilities with ...
Anthropic unveiled Project Glasswing, a defense-focused program using its unreleased Claude Mythos model to find and fix critical software vulnerabilities with major partners.
Anthropic announced Project Glasswing, a joint effort with AWS, Apple, Google, Microsoft, NVIDIA, Cisco, CrowdStrike, JPMorgan Chase, Palo Alto Networks, Broadcom, and the Linux Foundation to secure critical software using AI. The program centers on Claude Mythos Preview, an unreleased model Anthropic says can surpass most humans at finding and exploiting vulnerabilities across major operating systems and browsers. Project Glasswing
Anthropic is committing up to $100M in usage credits for Mythos, plus $4M to open-source security groups, and has opened access to 40+ orgs to scan first-party and open-source code. The company frames the effort as strictly defensive and plans to share learnings industry-wide. Project Glasswing
The model is not publicly released. Expect defensive workflows and guidance to emerge as partners operationalize scans and triage pipelines. Project Glasswing
AI-grade vuln discovery is moving faster than most security programs; defenders need to adapt workflows before attackers industrialize similar capabilities.
Partnering at this scale hints at forthcoming norms, guidance, and tools that could reshape secure SDLC and open-source maintenance.
-
terminal
Run a focused red-team sprint: use LLM-assisted prompts to hunt misconfigurations and injection paths in your top services; track net-new findings and fix time.
-
terminal
Compare your SAST/DAST output with an LLM-guided pass over code, IaC, and container manifests; measure precision, recall, and false-positive burn rate.
Legacy codebase integration strategies...
- 01.
Start with internet-facing services and data pipelines; add AI-assisted scanning to CI and weekly dependency audits, gating prod deploys on triaged severity.
- 02.
Establish a safe workflow: scrub secrets from prompts, use read-only prod snapshots, rate-limit tooling, and require human review before code changes land.
Fresh architecture paradigms...
- 01.
Design for security from day one: minimal blast radius, private networking, managed secrets, SBOMs, and reproducible builds.
- 02.
Automate continuous AI-guided scanning for code, IaC, and images with auto-generated PRs and prioritized triage queues.