Table Of Contents

Have you ever worried about a hidden bug in your banking app or favorite shopping website that could let hackers sneak in?

You are not alone.

On April 7, 2026, Anthropic launched Project Glasswing to tackle exactly that problem.

It is a smart, careful team effort that leverages advanced AI to scan critical software and quickly fix weaknesses.

Instead of rushing a super-powerful tool to the public, Anthropic prioritized responsibility.

They are working with trusted partners to strengthen the digital world we all rely on.

What Is Project Glasswing?

Project Glasswing is a private consortium organized by Anthropic.

It gives 12 major organizations early access to a cutting-edge AI model, enabling them to scan their own products and the open-source software they depend on.

The launch partners are Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic itself.

IBM joined shortly after. An additional 40 organizations have also been granted access to check critical infrastructure.

Anthropic provides the AI power.

The partners supply their engineering teams and codebases.

To support the work, Anthropic committed up to $100 million in usage credits plus $4 million in direct cash donations to open-source security groups, including Alpha-Omega, OpenSSF through the Linux Foundation, and the Apache Software Foundation.

The focus is purely defensive: find bugs, create patches, and share the lessons so the whole industry benefits.

The Powerful AI Behind It: Claude Mythos Preview

The star of the show is Claude Mythos Preview, Anthropic’s unreleased frontier AI model.

It is designed to understand code at a whole new level.

Anthropic has been clear from the start: this model is too capable at finding and exploiting security flaws to release publicly right now.

It can autonomously spot weaknesses, build working exploits, and even chain multiple issues together, all at machine speed.

That power is amazing for defense, but risky if it fell into the wrong hands.

That is why access is limited and strictly controlled.

Newton Cheng, who leads Anthropic’s Frontier Red Team, explained that the decision is about keeping the internet safer while the technology is still so new.

Real Bugs It Has Already Helped Fix

The results so far are impressive and very real.

In just the first month, Claude Mythos Preview helped uncover thousands of previously unknown vulnerabilities across more than 1,000 open-source projects, with a 90.6 percent true-positive rate.

Here are a few standout examples:

A 27-year-old integer overflow in OpenBSD’s TCP stack could crash servers with only two packets.
A 16-year-old flaw in FFmpeg’s H.264 decoder that survived five million automated fuzzing tests.
Complex chains in the Linux kernel that let a regular user gain full root control.
A 17-year-old remote code execution bug in FreeBSD (now tracked as CVE-2026-4747).

Partners have already put the findings to work.

Cloudflare fixed over 2,000 bugs. Mozilla shipped patches for 271 issues in Firefox 150.

Even projects like wolfSSL addressed flaws that could have affected billions of devices.

These fixes are now live, making real software noticeably stronger.

Why Working With Big Companies Makes Sense

Some people ask why small open-source teams did not get the model first.

The answer is practical and focused on speed.

The big partners run the cloud platforms, operating systems, browsers, payment systems, and networks that everything else depends on.

Fixing issues at this level creates a ripple effect that instantly protects millions of users.

The Linux Foundation’s involvement ensures smaller maintainers still benefit through coordinated reports and patches.

Most small teams lack the extensive computing resources or the strict safety protocols required to run a model this advanced without risk.

This approach delivers results faster and more safely for everyone.

The Big Challenge: Balancing Risk And Reward

Anthropic is open about the dual-use dilemma.

A tool that finds zero-days for under $50 and scans entire codebases for pennies could accelerate attacks if released too soon.

By keeping it controlled, they are giving defenders a valuable head start.

Of course, even with AI help, the teams fixing these bugs still face a big challenge; there are more discoveries than patches right now. Technology spreads eventually.

However, acting now with trusted partners buys precious time to harden critical systems before the offensive side fully catches up.

It is a thoughtful middle path between total secrecy and reckless openness.

Vulnerability Discovery: Then vs Now

Advanced AI has completely changed the economics of cybersecurity.

Here is a simple side-by-side look:

Aspect	Before Advanced AI	With Claude Mythos Preview
Time to find a zero-day	Months of expert human work	Minutes to a few hours
Cost per discovery	Hundreds of thousands of dollars	Under $50
Success rate on tough bugs	Very low	Dramatically higher (up to 90%+)

This shift is one of the biggest changes in cybersecurity history.

What used to be rare and expensive is now faster and cheaper, making Project Glasswing’s defensive focus even more important.

Interesting Trivia

Did you know the oldest bug found by Mythos dated back to 1996 in OpenBSD? That is nearly three decades of the same tiny flaw hiding in code that powers banks, hospitals, and governments worldwide, until AI finally spotted it.

What This Means For You

For everyday people, the wins are quiet but meaningful.

Your banking apps, web browsers, cloud services, and favorite apps are getting safer behind the scenes.

Fewer surprise breach notifications, stronger protection against ransomware, and more reliable digital life overall.

No single project can solve every risk, so keep these easy habits: always install software updates, use a password manager with unique, strong passwords, and turn on two-factor authentication everywhere you can.