Anthropic Unveils Project Glasswing to Find Software Bugs

San Francisco: Anthropic has introduced Project Glasswing, a new cybersecurity initiative that makes use of its unreleased Claude Mythos Preview model to find and fix software bugs before hackers can exploit them. 

The goal is to protect critical software by scanning code for vulnerabilities. This builds on Anthropic’s broader efforts to integrate AI into software security, including tools like Claude Code Security that focus on identifying vulnerabilities directly within development workflows. The model has already discovered thousands of hidden bugs in widely used systems like operating systems and web browsers. 

For the unversed, Project Glasswing is a collaboration among top tech firms and organisations. Partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, along with over 40 more. 

Anthropic is supporting the project with up to USD 100 million in usage credits and USD 4 million in donations to open-source security groups. 

The Claude Mythos Preview model has identified some especially surprising bugs. These include a 27-year-old flaw in OpenBSD and a 16-year-old vulnerability in FFmpeg, which had gone unnoticed by other tools. 

These vulnerabilities were found in old or well-reviewed code that had been tested many times, showcasing how AI tools are now equipped to spot deep, hidden flaws that human teams and automated systems often miss.  

Anthropic is treating the “Mythos” model as risky, and is not making it available to the public. This is because the same capabilities could be misused by attackers if released widely. 

The model is currently accessible only to Project Glasswing partners under strict controls. These groups are testing it inside their own systems to find and patch flaws safely. 

Industry experts say Project Glasswing marks a shift in cybersecurity strategy. Instead of reacting to threats, experts aim to get ahead by finding problems before they can be exploited. 

This shift comes as enterprises face growing exposure from interconnected systems, particularly in cases where unauthorized SaaS integrations create hidden security gaps.

This effort also shows how fast AI is changing the game. What once took weeks of expert work can now be done in hours by AI. While the technology is impressive, it raises questions over how to use such powerful tools responsibly. Anthropic says it will share discoveries and patches with the broader ecosystem once validated, helping improve global software safety. 

The collaboration is expected to span months or years, as AI scanning becomes part of defending critical digital infrastructure.