Anthropic’s Project Glasswing

Anthropic has opened Project Glasswing, a cybersecurity program that gives Claude Mythos Preview to Apple, Google, and dozens of other organizations for defensive testing. (anthropic.com) Anthropic says the launch group includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The company also said more than 40 additional organizations that build or maintain critical software infrastructure received access. (anthropic.com) The model at the center of the project, Claude Mythos Preview, is not generally available. Anthropic said it is sharing the system inside Glasswing because the model has shown unusually strong performance on coding, reasoning, and security tasks. (anthropic.com) In plain terms, Glasswing is a bug-hunting program for software that other systems depend on. Anthropic said partners will use Mythos Preview to scan both their own systems and open-source code for vulnerabilities before attackers can exploit them. (anthropic.com) Anthropic said the model can identify and exploit “zero-day” flaws, meaning software bugs that defenders have not patched yet, across major operating systems and web browsers. The company said it is withholding most technical details because more than 99 percent of the vulnerabilities it found have not yet been patched. (anthropic.com) The company paired that warning with a containment plan. Anthropic said it is committing up to $100 million in usage credits and funding support for open-source security work tied to the program. (anthropic.com) WIRED reported on April 8 that Anthropic framed the effort as a way to test advanced language models in real security settings across vendors and partners, rather than inside one company’s lab. The publication said the coalition now spans more than 45 organizations. (wired.com) Outside coverage has emphasized the same tradeoff: a model that can help defenders patch software can also lower the barrier for offensive hacking if broadly released. Forbes reported on April 9 that Anthropic launched Glasswing instead of releasing Mythos widely because of those cybersecurity implications. (forbes.com) Anthropic said its longer-term goal is to let users deploy “Mythos-class” systems safely at scale. For now, Glasswing is the company’s answer to a narrower question: who gets access to a model that can find dangerous bugs first. (anthropic.com)