Anthropic just announced Project Glasswing, and the list of partners is frankly ridiculous. We’re talking Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and of course Anthropic themselves. That’s not a consortium, that’s a who’s who of the tech industry.
The catalyst? A new, unreleased frontier model called Claude Mythos Preview. Anthropic is being unusually blunt here: this model can find and exploit software vulnerabilities better than all but the absolute best human security researchers. They’ve already run it against every major operating system and web browser and found thousands of high-severity zero-days. Some of these bugs had survived decades of human review and millions of automated tests. That should make you nervous.
The core premise of Project Glasswing is defensive. These partners will use Mythos Preview to scan their own software and critical open-source infrastructure. Anthropic is putting up to $100 million in usage credits and $4 million in direct donations to open-source security orgs. Over 40 additional organizations that build or maintain critical software are getting access too.
What’s interesting here is the timeline. Anthropic says the model’s capabilities are advancing so fast that waiting isn’t an option. They’re not wrong. The current global cost of cybercrime is estimated around $500 billion per year, and state-sponsored attacks from China, Iran, North Korea, and Russia are already a constant threat. If AI-augmented attacks become cheap and easy, that number could skyrocket.
The same capabilities that make AI dangerous for offense make it incredibly valuable for defense. Finding bugs before attackers do, writing more secure code from the start — that’s the bet Glasswing is making. It’s a smart one, but it’s also a race. Frontier AI capabilities will advance substantially over the next few months. Cyber defense takes years. Something has to give.
I’ve been watching AI security for a while, and this is the first time I’ve seen a coordinated effort of this scale. The cynic in me notes that every one of these companies has a vested interest in not having their software exploited. But the realist in me sees this as the only viable path forward. No single organization can solve this alone.
One detail that stood out: Anthropic explicitly mentions that these capabilities could “empower adversaries of the United States and its allies.” That’s not typical corporate language. They’re clearly thinking about geopolitical implications, and they should be.
Project Glasswing is a starting point, not a finish line. The real test will be whether these partners actually share what they learn and whether the open-source community benefits meaningfully. I’ll be watching closely.
Comments (0)
Login Log in to comment.
Be the first to comment!