Definition: What Is Project Glasswing?
Project Glasswing is Anthropic's large-scale cybersecurity initiative, announced on April 7, 2026 alongside Claude Mythos Preview. It is the first program of its kind: a major AI lab partnering directly with the world's largest technology companies to use an AI system — Claude Mythos — to autonomously find and patch zero-day vulnerabilities in critical software infrastructure.
The name is a reference to the glasswing butterfly — whose transparent wings make every internal structure visible. The metaphor is deliberate: Project Glasswing's goal is to make software infrastructure transparent, eliminating the hidden vulnerabilities that attackers exploit before defenders even know they exist.
Critical software has thousands of unknown vulnerabilities. Attackers find them faster than defenders. Human security teams cannot scale to audit millions of lines of code.
Use Claude Mythos — capable of autonomous, expert-level vulnerability discovery — to scan partner codebases at machine speed, 24/7, across the entire attack surface.
$100M in usage credits + $4M to open-source foundations + 50+ screened partners covering cloud, networking, semiconductor, finance, and operating systems.
Key distinction from traditional bug bounty programs: Bug bounties pay individual researchers to find bugs in publicly accessible systems. Project Glasswing gives partners an AI system that autonomously hunts for vulnerabilities inside their private codebases — without waiting for a human researcher to discover and submit each one. It is a force multiplier: the equivalent of hundreds of elite penetration testers working simultaneously, continuously.
What: The Partners, Funding, and Scope
Named Project Glasswing Partners
Why this partner list matters: Amazon Web Services, Google, and Microsoft collectively run the cloud infrastructure that most of the internet depends on. Apple ships operating systems on 2 billion active devices. Cisco and Broadcom build the physical network stack. NVIDIA hardware runs AI workloads globally. JPMorganChase represents the financial sector. The Linux Foundation oversees thousands of open-source projects. Together, Project Glasswing partners account for a significant portion of the software infrastructure that global digital commerce, communication, and government depends on.
Funding Breakdown
Alpha-Omega (part of OpenSSF) funds security improvements in critical open-source projects like Python, Node.js, and jQuery. The Apache Software Foundation runs thousands of open-source projects. Anthropic's $4M in direct donations targets the open-source ecosystem that underpins most enterprise software.
What Has Mythos Found? The 2,000+ Zero-Days Explained
In the first 7 weeks of Project Glasswing, Claude Mythos found over 2,000 previously unknown vulnerabilities. These are not theoretical or low-severity findings — these are security issues that could be exploited by a skilled attacker to compromise systems, steal data, or disrupt service.
Estimated breakdown by vulnerability class. Exact figures withheld pending patch disclosure.
The Firefox Zero-Days
Among the confirmed public findings: Claude Mythos discovered real, previously unknown vulnerabilities in Firefox — the browser used by hundreds of millions of people worldwide. These vulnerabilities were responsibly disclosed to Mozilla through a coordinated disclosure process before any public announcement. Mozilla patched the issues. This is exactly the model Project Glasswing is built on: find before attackers do, fix before exploit.
When: Project Glasswing Timeline
Anthropic announces Claude Mythos Preview and Project Glasswing simultaneously
$100M usage credits committed; $4M direct donations announced ($2.5M OpenSSF, $1.5M Apache)
First 7 weeks: 2,000+ zero-day vulnerabilities found across partner codebases
Firefox zero-day vulnerabilities found and responsibly disclosed to Mozilla
UK government enters discussions for access to Mythos via Project Glasswing
Google Cloud Vertex AI begins hosting Mythos in private preview for Glasswing partners
Mythos continues scanning partner infrastructure; most findings embargoed pending patches
How Project Glasswing Works: The 5-Step Process
Project Glasswing is not a bug bounty program — it is an AI-driven continuous security audit. Here is how a typical engagement works:
Codebase ingestion
Partner provides their critical codebase to Mythos via a secure, air-gapped environment. Mythos reads the entire source tree — millions of lines across hundreds of files — building a full semantic model of the software.
Autonomous vulnerability hunting
Mythos systematically analyzes code paths, data flows, and API boundaries. It reasons about how an attacker could chain inputs, trigger edge cases, or exploit trust assumptions — the same reasoning an elite penetration tester applies, but at machine speed across the entire codebase simultaneously.
Proof-of-concept generation
For each vulnerability found, Mythos generates a minimal proof-of-concept (PoC) — code that demonstrates the exploit in a controlled environment. This turns theoretical findings into confirmed, reproducible issues that developers can immediately verify.
Patch generation and validation
Mythos does not just find the problem — it proposes a secure fix. Each patch is checked against the original test suite and reasoning about security implications. Partners receive a findings report with both the vulnerability details and a recommended remediation.
Responsible disclosure
Findings that affect open-source projects are disclosed to maintainers through coordinated vulnerability disclosure (CVD) processes. The Firefox zero-days discovered in the first 7 weeks were reported directly to Mozilla through this pipeline before any public announcement.
How Partners Access Mythos
Partner access to Claude Mythos is hosted on Google Cloud Vertex AI in private preview. This means partners do not receive the model weights — they access Mythos via secure API calls through Vertex AI's enterprise infrastructure, with data residency controls, audit logging, and access restrictions enforced at the cloud level.
Anthropic screens all Glasswing partners. To qualify, organizations must have a legitimate use case (defensive security research on their own infrastructure), agree to responsible disclosure terms, and accept audit requirements. The UK government is currently in discussions for a national-level access agreement, which would make it the first sovereign state to use Mythos under Glasswing.
Why Project Glasswing — and Why Now?
Understanding Project Glasswing requires understanding the asymmetry at the heart of modern cybersecurity: attackers only need to find one vulnerability to succeed; defenders need to find all of them. Traditional approaches — manual code review, periodic pen tests, bug bounty programs — simply do not scale to the billions of lines of code that modern infrastructure depends on.
| Approach | Speed | Coverage | Cost | Result |
|---|---|---|---|---|
| Manual code review | Slow | Partial | High | Misses most |
| Bug bounty programs | Variable | Attack surface only | Variable | Reactive |
| Static analysis tools | Fast | Pattern-based only | Low | High false positive rate |
| Claude Mythos / Glasswing | Machine speed | Full codebase | $100M total | 2,000+ in 7 weeks |
The Dual-Use Problem: Why Access Is Restricted
A system capable of finding 2,000+ real zero-days in 7 weeks is extraordinarily powerful in the wrong hands. An attacker with access to Mythos could scan any codebase — not their own — for exploitable vulnerabilities and use them offensively. This is why Anthropic has taken the unprecedented step of not releasing Mythos as a public API.
The Project Glasswing structure is Anthropic's answer to the dual-use problem: deploy the capability only to defenders, only on their own infrastructure, with contractual and technical controls preventing offensive use. It is an attempt to extract the societal benefit of the technology while managing the risk — but it requires trusting that the access controls hold.
Why Project Glasswing Is Important
- • 2,000+ zero-days found = 2,000+ exploits attackers can no longer use
- • First time AI has autonomously found real Firefox vulnerabilities at scale
- • Covers software that billions of people depend on daily
- • $4M to open-source security funds infrastructure everyone uses for free
- • Sets industry precedent: AI labs taking responsibility for dual-use models
- • Enables defenders to move faster than attackers for the first time at scale
Legitimate Concerns
- • Access controls may fail — insiders could misuse Mythos
- • Competitors will develop similar systems without the restrictions
- • >99% of findings still unpatched — large exposure window
- • Nation-state access (UK discussions) raises geopolitical questions
- • Small companies and individuals cannot access Glasswing defenses
- • Opaque partner selection process with no independent oversight
The 244-Page System Card: Unprecedented Safety Documentation
Alongside the Project Glasswing announcement, Anthropic released a 244-page system card for Claude Mythos — the longest and most detailed safety document any AI lab has ever published. It introduces novel safety evaluation methods developed specifically because Mythos's capabilities exceeded existing evaluation frameworks:
Emotion probes
Linear probes trained to detect internal model representations associated with deceptive or manipulative intent — a step toward interpretability-based safety evaluation.
Clinical psychiatrist sessions
Over 20 hours of structured adversarial sessions conducted by clinical psychiatrists, designed to test whether Mythos could be pressured into misaligned behavior under sustained human interaction.
Offensive capability evals
Structured tests measuring whether Mythos can autonomously develop cyberweapons, guide mass-casualty attacks, or undermine oversight — scored against a defined danger threshold.
Dual-use containment testing
Red-team attempts to use Project Glasswing access patterns for offensive purposes — to verify that the access control model holds under adversarial misuse.
Frequently Asked Questions
Can my company apply to Project Glasswing?
There is no public application form. Anthropic selects partners through a private screening process based on the security value of the partnership, the legitimacy of the use case, and the organization's ability to responsibly handle the findings. The current partner list is dominated by organizations with critical infrastructure at scale. Smaller companies are not likely candidates for the current phase.
Are the 2,000+ vulnerabilities a risk right now?
Yes, but the risk is managed. Over 99% of the vulnerabilities found have not yet been publicly disclosed because they have not yet been patched. Anthropic and partners are working through patching timelines. The responsible disclosure model means that findings are shared with maintainers before any public announcement, giving developers time to release fixes before attackers learn the details.
How is Project Glasswing different from AI-powered security tools like GitHub Copilot security features?
GitHub Copilot security features scan code for known vulnerability patterns using static analysis. Claude Mythos in Project Glasswing performs autonomous reasoning about novel attack paths — it can chain exploits, reason about complex interactions, and find vulnerabilities that pattern-matching tools will never catch. The 2,000+ zero-days found are by definition novel — not in any database of known patterns.
Why is the UK government in discussions for access?
Governments have critical national infrastructure — defense systems, energy grids, financial systems, healthcare networks — that are high-value targets for nation-state attackers. A national-level Project Glasswing agreement would give UK government agencies access to Mythos to audit their own critical systems. The discussions reflect a shift in government thinking about AI as a tool for national cyber defense, not just a consumer technology.
What happens when Mythos finds a vulnerability in open-source software?
The finding is reported through coordinated vulnerability disclosure (CVD) to the relevant maintainer — Mozilla for Firefox, Apache for its projects, etc. The maintainer receives technical details, a proof-of-concept, and a proposed patch. They have a defined window to release a fix before any public disclosure. The $4M donation to OpenSSF and the Apache Software Foundation also funds the maintainer capacity needed to process these reports at scale.
Related Articles
Share this article with Your Friends, Collegue and Team mates
Stay Updated
Get the latest tool updates, new features, and developer tips delivered to your inbox.
Occasional useful updates only. Unsubscribe in one click — we never sell your email.
Share Your Feedback
Tell us what's working, what's broken, or what you wish we built next — it directly shapes our roadmap.
Good feedback is gold — a rough edge you hit today could be smoother for everyone tomorrow.
- Feature ideas often jump the queue when lots of you ask.
- Bug reports with steps get fixed faster — paste URLs or examples if you can.
- Name and email are optional; we won't use them for anything except replying if needed.