Anthropic has unveiled Project Glasswing, a cross-industry cybersecurity initiative involving 12 organizations, including Microsoft, Google, Amazon Web Services, NVIDIA, Apple and JPMorganChase, to test a powerful unreleased AI model the company developed to identify software vulnerabilities, with a further 40 being given extended access.
The initiative follows reports that Anthropic’s upcoming Claude Mythos model (briefly exposed via an internal content management system error weeks ago) can detect critical security flaws at a level approaching top human researchers.
According to the company, early testing uncovered “thousands of high-severity vulnerabilities,” including weaknesses affecting major Operating Systems (OS) and web browsers.
Participants in Project Glasswing will gain limited access to “Mythos Preview,” enabling them to assess their own infrastructure for risks. The controlled rollout mirrors coordinated vulnerability disclosure practices, giving organizations time to fix issues before broader exposure.
AI Vulnerability Discovery Accelerates Security Arms Race
Anthropic claimed Mythos identified a decades-old flaw in OpenBSD and demonstrated exploit chains in Linux environments that could enable full system compromise.
The new AI model can also reportedly conduct penetration testing scenarios, detect misconfigurations, and analyze compiled binaries without source code.
Igor Tsyganskiy, Chief Information Security Officer at Microsoft, told Anthropic that early access to the model enables security teams “to identify and mitigate risk early” while strengthening defenses at scale.
“When tested against CTI-REALM, our open-source security benchmark, Claude Mythos Preview showed substantial improvements compared to previous models,” Tsyganskiy added. CTI-REALM evaluates AI agents on cybersecurity detection engineering tasks, including parsing threat intelligence and generating detection rules.
However, the move highlights a broader concern: the same capabilities that help defenders could also be used by threat actors. Anthropic has acknowledged this risk, opting not to release Mythos publicly due to its potential for misuse.
The launch confirms a known trend that is seeing AI transform cybersecurity operations. While tools such as Mythos may improve detection and response, they also lower the barrier to complex attacks, intensifying the long-standing cat-and-mouse dynamic between attackers and defenders.
