One of the world's most renowned AI labs is now taking action against a growing threat: that artificial intelligence could be used to hack critical software. The answer, according to Anthropic, is more AI — but used defensively, and in collaboration with competitors.
Glasswing Unites the Entire Industry
Project Glasswing was announced on April 7, 2026, and is structured as a broad industry collaboration. According to information from Wired and Anthropic's own channels, participants include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, among others.
The initiative is aimed at securing critical software by using Anthropic's yet-to-be-publicly-available frontier model, Claude Mythos Preview, to identify and remediate vulnerabilities at scale.
The Model That Finds Flaws No One Else Sees
At the core of the project is Claude Mythos Preview — a model Anthropic describes as capable of surpassing all but the most experienced human security experts in finding and exploiting software vulnerabilities.
The results presented so far are striking. The model is said to have uncovered thousands of high-risk vulnerabilities across all major operating systems and browsers. One concrete example is a 27-year-old vulnerability in OpenBSD and a 16-year-old flaw in FFmpeg — both overlooked by automated testing tools even after millions of runs.
A 27-year-old vulnerability in OpenBSD remained hidden until Claude Mythos Preview found it — after automated tools had run millions of tests without detecting it.
It is important to note that these claims currently originate from Anthropic itself. Claude Mythos Preview is not publicly available, and independent verification of the results is pending.
A Field with Many Players
Project Glasswing is far from the only initiative in AI-driven cybersecurity. A number of companies have for several years built their own platforms on similar technology.
Vectra AI was named a leader in Gartner's Magic Quadrant for Network Detection and Response in 2025. SentinelOne offers its Singularity platform with what they call “Purple AI” for automated threat hunting. Darktrace uses a self-learning system they call the “Enterprise Immune System,” while Proofpoint analyzes over 100 billion data points daily through its Nexus AI engine.
Check Point, Fortinet, and Mimecast are among other established players with AI-integrated security architectures.
Not a Threat to Ordinary Users — For Now
Daniel Blackford, VP of Threat Research at Proofpoint, has stated, according to research material, that average computer users do not need to fundamentally worry about what the Glasswing model can do. The defensively oriented purpose of the project is precisely to close gaps before they can be exploited — not to create new attack tools.
Nevertheless, the dual nature of such models is a persistent dilemma in the security community: an AI good enough to find critical vulnerabilities is, in principle, also good enough to exploit them.
How the project will practically handle responsible use and access control for Claude Mythos Preview are questions that Anthropic has not yet answered in detail.