Anthropic Launches AI Project Glasswing to Detect Software Vulnerabilities
Anthropic on Tuesday introduced Project Glasswing, a cybersecurity initiative built around its most advanced AI model, Claude Mythos Preview. Notably, the company partnered with major technology players to identify and fix software vulnerabilities before attackers can exploit them.
Moreover, the initiative brings together organizations such as Amazon Web Services, Apple, Microsoft, and Linux Foundation to strengthen global software infrastructure. Instead of releasing the model publicly, the company restricted access to selected partners that maintain widely used platforms and codebases.
“Our assessment was that this model is the first time a model is this good that we decided to approach release in a very different way,” Logan Graham said. He added that Claude Mythos Preview has already identified “tens of thousands” of high-risk vulnerabilities across major operating systems and web browsers.
Although developers did not specifically train the model for cybersecurity, it demonstrates strong performance in that area. “We trained it to be good at code, but as a side effect of being good at code, it’s also good at cyber,” Graham said. As a result, the model can chain multiple vulnerabilities into complex exploit sequences, similar to what a skilled human researcher might achieve over an entire day.
Decades-Old Bugs Unearthed
Furthermore, the model has already uncovered critical vulnerabilities, including a 27-year-old flaw in the OpenBSD operating system. This bug could crash servers using only a small number of data packets. In addition, the system identified weaknesses in Linux that allowed unprivileged users to gain administrator access.
Importantly, researchers reported all discovered issues to maintainers, and fixes were implemented before public disclosure. Consequently, the process ensured that users remained protected while improvements were made.
“I found more bugs in the last couple of weeks than I found in the rest of my life combined,” one researcher said.
Limited Release Amid Security Concerns
However, the company chose not to release Claude Mythos Preview broadly due to concerns about misuse. Instead, it limited access to prevent potential weaponization of the technology. At the same time, it has briefed U.S. government officials on the cybersecurity risks associated with such advanced models.
Meanwhile, reports suggest that similar technologies could enable hackers to locate security weaknesses much faster than before. Therefore, discussions are ongoing with federal agencies about using the system to protect critical infrastructure.
This launch also comes as concerns grow over AI-driven cyberattacks. For instance, a recent Iranian-linked attack on a U.S. medical technology company disrupted healthcare systems, highlighting the urgency of stronger defenses.
