“Mythos Preview has already found thousands of high-severity vulnerabilities,” Anthropic said, adding that many of them had gone undetected for years despite extensive testing. Some vulnerabilities persisted for decades or survived millions of automated checks.
Project Glasswing brings together a cross-industry group spanning cloud providers, chipmakers, financial institutions, cybersecurity firms, and open-source organizations. In addition to the core partners, more than 40 other organizations maintaining critical infrastructure have been granted access to the model to scan and secure their systems.
The initiative is backed by up to $100 million in AI usage credits and $4 million in direct funding for open-source security efforts. Anthropic said it will share findings from the project with the broader industry, with an initial public update expected within 90 days.
The effort reflects growing concern that advances in AI are compressing the timeline between vulnerability discovery and exploitation. “The window between a vulnerability being discovered and being exploited by an adversary has collapsed,” said CrowdStrike CTO Elia Zaitsev. “What once took months now happens in minutes with AI."
Participants described the shift as a turning point for cybersecurity. Cisco’s Anthony Grieco said, “AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back.”
Anthropic said it does not plan to release Mythos Preview broadly, citing the risk that its capabilities could be used offensively. The company acknowledged it has discussed both defensive and offensive implications of the model with U.S. government officials.
The project is also focused on remediation, particularly in open-source software that underpins much of global infrastructure. Funding is being directed through organizations such as the Linux Foundation, OpenSSF, and the Apache Software Foundation to help maintainers identify and fix vulnerabilities at scale.
“No one organization can solve these cybersecurity problems alone,” the group said, emphasizing the need for coordination across industry, research, and government.
Project Glasswing positions AI as both the source of new cybersecurity risks and a potential solution. As models become more capable of identifying and exploiting weaknesses, the initiative aims to use those same capabilities to close gaps in the software systems that support global infrastructure.
This analysis is based on reporting from Anthropic and ZDNET.
Image courtesy of Anthropic.
This article was generated with AI assistance and reviewed for accuracy and quality.
