What Project Glasswing Is and Why It Matters
Anthropic’s Project Glasswing is a collaborative program that gives selected organizations controlled access to Claude Mythos Preview so they can use frontier AI systems for large‑scale AI vulnerability detection across the software that powers critical infrastructure and financial services. Anthropic warns that its partners run codebases where a successful attack could be “catastrophic,” potentially affecting more than 100 million people and creating national and global security risks. Glasswing began in April with around 50 partners using Mythos Preview to scan their own code, discovering thousands of high‑severity flaws. Since then, those partners have collectively identified more than 10,000 high or critical software vulnerabilities. The initiative is designed to prove that advanced enterprise cybersecurity AI can be deployed defensively, under safeguards, before similar capabilities spread more widely to actors who may not share the same security goals.
Claude Mythos Preview: Frontier AI for Vulnerability Detection at Scale
Claude Mythos Preview is Anthropic’s family of security‑focused models, described as more powerful for code analysis than its Claude Opus line and capable of large‑scale software security scanning. Anthropic says these models have already found thousands of high‑severity vulnerabilities, including issues in every major operating system and web browser. Within Project Glasswing, partners point Mythos at their own repositories to flag exploitable bugs, misconfigurations, and design flaws before attackers do. According to Anthropic, “AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.” That same capability, when constrained and audited, turns Mythos into an enterprise cybersecurity AI system that can triage massive codebases much faster than human teams, helping security engineers and developers prioritize and remediate critical weaknesses.
From 50 to About 200 Partners: Bringing Critical Sectors into the Fold
Anthropic is expanding Project Glasswing from its original group of about 50 organizations to roughly 150 additional partners across more than 15 countries, though exact numbers are not disclosed. The first wave included cloud and security heavyweights as well as major financial and technology firms. The new cohort brings in sectors that had been under‑represented: power, water, healthcare, communications, and hardware infrastructure. Many of the new participants are vendors or nonprofits whose software is embedded deep inside global supply chains and public services. Anthropic stresses that each partner must meet strict security requirements before gaining access to Claude Mythos Preview. The goal is to seed AI‑driven vulnerability detection wherever a software compromise could cascade into systemic outages, financial instability, or loss of public trust, rather than keeping these capabilities limited to a small group of technology companies.
Banks, Regulators, and the Emerging AI Cybersecurity Arms Race
Project Glasswing sits within a broader AI security arms race, as banks, regulators, and critical‑infrastructure operators compete to secure access to frontier cyber models. Anthropic limits Mythos Preview to programs like Glasswing and a Cyber Verification Program, arguing that powerful offensive and defensive capabilities should remain controlled. That stance has frustrated some financial institutions that want direct access, even as Japanese banks reportedly join the new partner group and task forces form to study AI‑driven cyber risk. In parallel, OpenAI is giving major banks access to its GPT‑5.5 Cyber tool, while Microsoft is developing its MAI model family as it reduces reliance on OpenAI. According to the Bank of England’s Andrew Bailey, leading banks are racing to obtain advanced models from multiple providers, highlighting how AI vulnerability detection and attack simulation are becoming strategic priorities for the financial sector.
Democratizing AI Security: Skills, Education, and Safer Defaults
Beyond scanning code, Project Glasswing aims to raise the baseline of cybersecurity skills in organizations that operate critical infrastructure. Anthropic frames its role as helping the software industry adjust as AI changes core assumptions about how attackers and defenders work. By embedding Claude Mythos Preview into the workflows of cybersecurity teams, developers, and internal audit groups, partners can turn each vulnerability report into training material, closing knowledge gaps on secure coding patterns and threat models. Glasswing’s model access is paired with guidance on safe deployment, audit trails, and operational controls, encouraging security leaders to treat enterprise cybersecurity AI as a shared responsibility rather than a plug‑and‑play product. If Anthropic’s long‑term goal holds—that AI can make all software more secure—the combination of powerful scanning, curated access, and ongoing education may matter as much as the raw detection capabilities themselves.
