The offense-defense balance is shifting fast. If Claude Mythos can find thousands of zero-days in weeks of supervised use, an unaligned adversary with similar capability could compromise critical infrastructure at unprecedented speed. Project Glasswing is Anthropic's bet that getting frontier capability into defender hands first changes the equilibrium. The frontier model preview pattern is now established. Glasswing is the most visible example, but it's part of a broader pattern of frontier lab

Project Glasswing isn't the first AI-driven vulnerability research initiative. Here's how it stacks up against the alternatives: InitiativeOperatorApproachScaleFindings rate Project GlasswingAnthropic + 12 launch partners + 40+ orgsFrontier model preview to defendersCritical software broadlyThousands of zero-days in weeks Google Project ZeroGoogleElite human researchers + AI toolsCritical platforms (web, mobile, browsers)~50-100 zero-days/year Microsoft MSRCMicrosoftIn-house + bug bounty + AI as

Anthropic Project Glasswing Hands Claude Mythos to 12 Tech Giants

Anthropic just turned its unreleased frontier model loose on the world’s most critical infrastructure — under controlled access to 12 named tech giants and 40+ additional organizations. Project Glasswing, formally launched on April 9 and gaining momentum through May 2026, gives Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks early access to Claude Mythos Preview specifically to find and patch software vulnerabilities before malicious actors can exploit them. The early results are striking: Mythos Preview has already found thousands of zero-day vulnerabilities, including critical flaws in every major operating system and web browser. Project Glasswing is the most consequential AI-and-cybersecurity initiative of 2026.

What’s actually new in Project Glasswing

The structure is novel. Anthropic doesn’t publicly release Claude Mythos. Instead, the company grants preview access to a hand-selected group of partners under contractual terms that require coordinated disclosure of any vulnerabilities found. The partners use Mythos to scan their own software, third-party software they depend on, and broader critical infrastructure they have legitimate access to. Vulnerabilities are reported through standard responsible-disclosure channels to the affected vendors, with Anthropic’s involvement extending only to enabling the discovery — the patching and disclosure remain the partners’ responsibility.

The model itself, Claude Mythos Preview, represents a significant capability jump on the kinds of tasks that drive vulnerability research. It can read large codebases, reason about complex security properties, generate exploit proofs of concept, and propose fixes. The “preview” framing reflects that Mythos is unreleased — it sits ahead of Claude Opus 4.7 in capability and will likely become the next general-availability frontier model after additional safety work. Project Glasswing is simultaneously a public-good initiative and an extended capability evaluation that helps Anthropic decide when Mythos is ready for broader release.

The financial scaffolding is unusual for a security initiative. Anthropic is committing up to $100 million in usage credits to support Glasswing partners and an additional $4 million in donations to open-source security organizations. The funding signals that Anthropic considers vulnerability discovery a strategically important application — both for the immediate security wins and for what it teaches the company about Mythos’s capability and risk profile.

Why it matters

The offense-defense balance is shifting fast. If Claude Mythos can find thousands of zero-days in weeks of supervised use, an unaligned adversary with similar capability could compromise critical infrastructure at unprecedented speed. Project Glasswing is Anthropic’s bet that getting frontier capability into defender hands first changes the equilibrium.
The frontier model preview pattern is now established. Glasswing is the most visible example, but it’s part of a broader pattern of frontier labs giving select enterprise customers early access to unreleased models for specific high-value applications. Expect similar selective preview programs from OpenAI and Google in the next 6-12 months.
Coordinated disclosure infrastructure is being stress-tested. The traditional CVE disclosure pipeline was built for a world of dozens-to-hundreds of vulnerabilities reported per week. Mythos can find that volume in hours. The disclosure process, vendor patch cycles, and downstream user update mechanisms all need to scale up to handle the new throughput.
Open-source security is being directly funded. The $4M donation to open-source security organizations is small in dollar terms but symbolically important — it’s the first time a frontier AI lab has directly funded the open-source ecosystem at meaningful scale to support coordinated AI-driven vulnerability research.
Enterprise security teams need to recalibrate. Internal security operations that operated under the assumption of “obscurity is partial protection” need to reset. If Mythos and similar tools can audit any codebase that becomes accessible, every codebase needs to be assumed audited. The security implications cascade through procurement, vendor management, and incident response planning.
Regulatory attention will follow. The same capabilities that make Mythos useful for defenders make it dangerous in the wrong hands. CAISI, the EU AI Office, and several national security agencies have been engaged with Anthropic on Glasswing’s structure. Expect formal guidance on frontier AI access controls within 6-12 months, partly informed by lessons learned from Glasswing.

How to use Project Glasswing patterns today

Most organizations cannot directly access Claude Mythos through Glasswing — the program is restricted to the named launch partners and ~40 additional organizations Anthropic has approved. But the patterns Glasswing pioneered are immediately applicable to any security team using the publicly available Claude API or other frontier models. The adapted workflow:

Set up Claude API access through your enterprise plan if you don’t have it. For HIPAA / regulated workflows, use Azure OpenAI or AWS Bedrock with Claude rather than the direct Anthropic API.
```
export ANTHROPIC_API_KEY=sk-ant-...
pip install anthropic
```

Build a code-scanning workflow that feeds your codebase into Claude in chunks and asks for security analysis. Start with the highest-risk components: authentication, authorization, input validation, deserialization, file handling, network code.

from anthropic import Anthropic
import os

client = Anthropic()

def scan_file_for_vulns(file_path):
    with open(file_path, 'r') as f:
        code = f.read()
    response = client.messages.create(
        model="claude-opus-4-7",
        max_tokens=4096,
        system=(
            "You are a senior security engineer auditing code for vulnerabilities. "
            "Identify any security issues using OWASP and CWE references. "
            "For each finding: severity (CRITICAL/HIGH/MED/LOW), CWE ID, "
            "specific line numbers, and concrete remediation advice. "
            "Output structured JSON only."
        ),
        messages=[{
            "role": "user",
            "content": f"Audit this {file_path}:\\n\\n{code}"
        }],
    )
    return response.content[0].text

# Process target files
import glob
for path in glob.glob("src/**/auth*.py", recursive=True):
    print(f"\\nScanning {path}...")
    print(scan_file_for_vulns(path))

Set up coordinated-disclosure procedures internally before you start finding things. Mythos-style scanning will produce real findings. You need a written process for triaging, validating, prioritizing, and patching before findings start arriving. CVE coordination, vendor outreach, internal change management — all should be ready.
Validate findings before reporting. AI-generated vulnerability reports include false positives at non-trivial rates. A senior engineer must validate each finding manually — reproduce the issue, confirm the impact, develop the patch. Don’t submit unvalidated AI findings to upstream vendors; you’ll burn credibility quickly.
Audit your dependency graph. Most modern codebases have hundreds of direct dependencies and thousands of transitive ones. Use AI scanning on the open-source dependencies you depend on most heavily, especially if those projects don’t have active security audit programs of their own.
```
# Pull a list of high-risk dependencies and audit each
pip install pip-audit
pip-audit --format=json > deps.json

# Then have your AI scanner audit each high-severity dep
# (focus on the ones with the highest version-spread blast radius)
```
Donate the patches back upstream. If you find vulnerabilities in open-source dependencies, the responsible action is coordinated disclosure to the maintainers and (where possible) submitting the patch yourself. The AI security ecosystem will only thrive if findings flow back to the open-source maintainers who built the underlying software.
Track Project Glasswing’s published findings. Anthropic and the partners are publishing aggregate findings, novel vulnerability classes, and specific high-impact CVEs as they’re disclosed. Subscribe to the relevant threat intelligence feeds — your security team should know what Mythos has found in software you depend on.

How it compares

Project Glasswing isn’t the first AI-driven vulnerability research initiative. Here’s how it stacks up against the alternatives:

Initiative	Operator	Approach	Scale	Findings rate
Project Glasswing	Anthropic + 12 launch partners + 40+ orgs	Frontier model preview to defenders	Critical software broadly	Thousands of zero-days in weeks
Google Project Zero	Google	Elite human researchers + AI tools	Critical platforms (web, mobile, browsers)	~50-100 zero-days/year
Microsoft MSRC	Microsoft	In-house + bug bounty + AI assistance	Microsoft products + dependencies	~500-1000 reported issues/year
OSS-Fuzz	Google + open-source community	Continuous fuzzing of open-source projects	10,000+ open-source projects	~12,000 cumulative bugs found
HackerOne / Bugcrowd	Bug bounty platforms	Crowdsourced human researchers	Customer-defined scope	~500K reports/year across platforms
Synack Red Team	Synack	Curated researchers + AI augmentation	Enterprise + government	Comparable to bug bounty per-account
Internal AI red-teaming	Most major tech firms	Various — Claude/GPT API + custom tools	Internal codebases	Variable, growing rapidly

Glasswing’s distinctive feature isn’t the use of AI — every modern security operation uses AI in some form. The differentiator is access to a frontier model substantially ahead of generally-available alternatives. The thousands-of-zero-days output rate is roughly an order of magnitude faster than the closest comparable initiatives.

What’s next

Three threads will play out as Project Glasswing matures over the next 12-18 months.

Disclosure capacity will be the bottleneck. The vendors receiving thousands of new vulnerability reports need to triage, prioritize, patch, and ship updates. The CVE infrastructure, the National Vulnerability Database, and the patch-delivery pipelines were not built for this volume. Expect significant infrastructure investments and possibly new disclosure standards designed for AI-driven research scale.

Adversarial use will catch up. Whatever defenders can do with Mythos, sophisticated state-aligned attackers will eventually do with comparable models. The window during which Glasswing partners have a meaningful capability advantage is finite — possibly 12-24 months. The security infrastructure improvements that result need to be permanent because the offense capability will become widely available.

Frontier model access regimes will formalize. Glasswing is currently an Anthropic-controlled program with bilateral agreements between Anthropic and each partner. Expect this to evolve toward more formal access regimes — government-coordinated programs, standards bodies, and eventually contractual frameworks that other frontier labs adopt. The Center for AI Standards and Innovation has been engaged with Anthropic on Glasswing’s structure and is likely to develop guidance based on the experience.

Frequently Asked Questions

Can my organization apply to access Claude Mythos through Glasswing?

Anthropic has indicated that the program is open to organizations that build or maintain critical software infrastructure. The 40+ organizations beyond the 12 launch partners include national CERTs, major open-source projects, and select enterprise security operations. Apply through Anthropic’s Glasswing portal at red.anthropic.com — the bar is high but the program is expanding.

What stops Mythos from being misused by Glasswing partners?

Several controls. Each partner signed contractual terms that govern what Mythos can be used for, with audit rights for Anthropic. Partner organizations are vetted security operations with established disclosure track records. Findings flow through standard coordinated disclosure with public CVE assignment, which creates accountability. Misuse risks include immediate program termination plus reputational damage that’s substantial for the named partners.

How does Project Glasswing affect my company if we’re not a partner?

Two ways. First, the software you use is being audited by Glasswing partners. Vulnerabilities in your dependencies, your operating systems, your browsers, and your enterprise tools are being found and patched at unprecedented rates. Update aggressively and monitor your software bill of materials. Second, the techniques being developed by Glasswing partners flow into the broader security industry over 12-24 months. Build your security operations to integrate AI-driven vulnerability research as a standard capability rather than a specialized one.

Is this just bug bounty with AI?

No. Bug bounty platforms compensate human researchers per finding. Glasswing gives a frontier AI model directly to defender teams, who use it as part of their internal operations rather than as an external paid service. The economics, the scale, and the integration with existing security operations are all fundamentally different from bug bounty.

What about responsible AI concerns — isn’t releasing a model that finds zero-days dangerous?

That’s the central question Project Glasswing is testing. Anthropic’s bet is that getting frontier capability to defenders before adversaries have it produces a net safety improvement. The alternative — keep Mythos locked up indefinitely — doesn’t actually prevent adversaries from developing similar capabilities; it just denies defenders the same tools. The empirical question of whether Glasswing produces a net positive will be answered over the next 12-24 months as the security ecosystem absorbs the findings and adapts.

Will Claude Mythos be generally available to API customers?

Eventually, but not soon. Mythos’s release timeline depends on Anthropic’s safety case work — confirming the model can be deployed safely at scale. The Glasswing program partly serves as an extended capability evaluation that informs safety decisions. Expect Mythos to become Claude Opus 5 or similar as a general-availability product in late 2026 or early 2027, possibly with continuing access controls on the highest-capability tier.

What’s the practical takeaway for working security engineers?

Two actions. First, integrate frontier AI tools into your daily security operations now — Claude Opus 4.7, GPT-5.5, Gemini 3 are all capable enough to substantially improve vulnerability research, code review, and incident response when used correctly. Second, build your security infrastructure assuming AI-driven attacks will be widespread within 18-24 months. The window where AI-augmented defense outpaces AI-augmented offense is real but finite. Use it.