Industrial building on the outskirts with power lines and surveillance camera, symbolic of unprotected digital infrastructure

Project Glasswing: What Anthropic's AI Security Initiative Means for Your Business

AI Cybersecurity 2026

Claude Mythos autonomously finds thousands of zero-day vulnerabilities across all major operating systems. 12 tech giants sit at the table. What happens to everyone else?

Summary

Anthropic launched Project Glasswing on 7 April 2026, a cybersecurity initiative with Apple, Google, Microsoft, AWS, and CrowdStrike. Claude Mythos Preview autonomously identifies thousands of zero-day vulnerabilities across all major operating systems and browsers, scoring 83.1 percent on the CyberGym benchmark. For organisations outside the consortium, the threat intensifies: AI-driven vulnerability scanning will soon be available to attackers as well, while the median time from disclosure to exploitation has dropped to hours. European businesses, which on average meet only 56 percent of basic IT security requirements, need to strengthen their defences now.

What Project Glasswing Is

Project Glasswing is the largest corporate AI cybersecurity programme to date. On 7 April 2026, Anthropic announced a consortium of twelve technology companies dedicated to using AI for autonomous zero-day vulnerability discovery. Anthropic is providing USD 100 million in API credits and access to Claude Mythos Preview, a model specifically trained for security research.

Project Glasswing is Anthropic's AI cybersecurity initiative, launched on 7 April 2026. A consortium of twelve technology companies uses Claude Mythos Preview to autonomously discover zero-day vulnerabilities across operating systems, browsers, and infrastructure software. Vulnerabilities are disclosed to consortium members before public release.

The twelve founding members span operating system vendors, cloud providers, and cybersecurity firms: Apple, Google, Microsoft, Amazon Web Services (AWS), CrowdStrike, Palo Alto Networks, Cisco, Fortinet, Cloudflare, Elastic, Trail of Bits, and the Linux Foundation. Each receives early vulnerability disclosures and access to Claude Mythos scanning capabilities. Dario Amodei, Anthropic's CEO, framed the initiative as "the most important thing we can do with AI right now."

12
Founding consortium members
$100M
API credits provided by Anthropic
83.1%
CyberGym benchmark score

The consortium operates on an exclusive disclosure model. Claude Mythos scans member software continuously and reports vulnerabilities to the affected vendor first, then to all consortium partners, and finally to the public after a coordinated disclosure period. Companies outside the consortium receive no advance notice.

What Claude Mythos Can Do

Claude Mythos Preview is Anthropic's specialised cybersecurity model, and its capabilities exceed anything previously demonstrated by AI in security research. It scores 83.1 percent on the CyberGym benchmark, a standardised test for zero-day discovery across real-world codebases. The previous best score by any AI system was 47.2 percent.

Zero-Day Vulnerability is a software security flaw unknown to the vendor and for which no patch exists. The term "zero-day" refers to the fact that the developer has had zero days to fix the issue since its discovery. These vulnerabilities are particularly dangerous because attackers can exploit them before any defence is available.

The headline findings during the Glasswing preview period are concrete. Claude Mythos found a 27-year-old memory corruption bug in the OpenBSD kernel that had survived decades of manual code review. It identified a browser exploit chain in Chromium, later assigned CVE-2026-3192, that combined three separate weaknesses into a single attack path. In FreeBSD, it discovered a remote code execution vulnerability in the network stack. When tested against Firefox in controlled conditions, Claude Mythos achieved a 72.4 percent success rate for sandbox escapes.

83.1%
CyberGym benchmark score
27 years
Age of OpenBSD kernel bug found
72.4%
Firefox sandbox escape rate
CVE-2026-3192
Chromium exploit chain discovered

The scale matters. Human security researchers typically find individual vulnerabilities. Claude Mythos identifies thousands, across multiple operating systems and codebases simultaneously, and it does so autonomously. It analyses source code, binary executables, network protocols, and browser engines without requiring manual guidance. Daniel Stenberg, the creator of curl, described the model's output as "terrifyingly competent" after reviewing its analysis of network stack vulnerabilities.

"Terrifyingly competent."
Daniel Stenberg, creator of curl, on Claude Mythos' network vulnerability analysis
Strategic Implications

The Glasswing Paradox

Project Glasswing creates a two-tier security system. The twelve consortium members receive vulnerability information before anyone else. Everyone else, including their customers, partners, and competitors, learns about the same vulnerabilities later. This is the Glasswing Paradox, as identified by Picus Security : the programme that improves security for some simultaneously increases risk for the rest.

Inside the Consortium
Early access to zero-day disclosures
Continuous Claude Mythos scanning of own products
Coordinated patch development before public disclosure
Direct line to Anthropic's security research team
Outside the Consortium
Vulnerability information arrives after consortium members have patched
No access to Claude Mythos scanning capabilities
Attackers may obtain AI scanning tools before defenders do
Median time from disclosure to exploitation: now measured in hours

The numbers underline the urgency. According to Picus Security's analysis, fewer than 1 percent of disclosed vulnerabilities are patched within the first 24 hours by organisations outside coordinated disclosure programmes. Meanwhile, the median time from public disclosure to active exploitation has compressed from weeks to hours. In a recent incident, over 2,500 organisations were compromised within a single hour of a vulnerability becoming public.

Source: Picus Security, "The Glasswing Paradox", April 2026. Patch rate analysis based on NVD data for Q1 2026.

The core tension is between calendar speed and machine speed. Humans patch on calendar schedules, weekly maintenance windows, quarterly update cycles, annual security reviews. AI finds vulnerabilities at machine speed. If attackers gain access to comparable AI-driven scanning tools, and this is a matter of when rather than if, the advantage shifts decisively to whoever can act fastest. For organisations still operating on monthly patch cycles, that gap is already dangerous.

European Businesses in the Crosshairs

European organisations are disproportionately exposed. The BSI (Germany's Federal Office for Information Security, the EU's largest national cybersecurity agency) reports that vulnerability exploitation increased by 38 percent year-on-year. Total damage from cyber incidents reached EUR 202 billion in Germany alone. And the structural gap is wide: only 56 percent of European SMEs meet basic IT security requirements.

European SME IT security compliance
Only 56 percent of European SMEs meet basic IT security requirements. The remaining 44 percent operate with significant security gaps, from unpatched systems to missing access controls.

The threat profile is shifting in ways that compound this gap. IBM X-Force reports a fourfold increase in supply chain attacks, meaning that even organisations with strong perimeter defences are vulnerable through their software dependencies. 76 percent of malware detected in 2025 used polymorphic techniques, automatically modifying its code to evade signature-based detection. Traditional antivirus and firewall approaches are increasingly insufficient.

+38%
Increase in vulnerability exploitation (BSI)
EUR 202bn
Cyber damage in Germany (2025)
76%
Malware using polymorphic techniques
4x
Increase in supply chain attacks (IBM X-Force)

For European businesses, the GDPR adds another dimension. A data breach resulting from an unpatched vulnerability can trigger fines of up to 4 percent of annual global turnover. With AI accelerating the pace of vulnerability discovery on both sides, organisations that cannot match that speed in their defensive operations face both technical and regulatory risk. The question is no longer whether AI-driven attacks will target European businesses, but how quickly defences can adapt.

Challenges and Risks

Project Glasswing is not without controversy. The same capabilities that make Claude Mythos effective for defence also make it a potential weapon. This dual-use problem is the central concern raised by security researchers, policymakers, and open source maintainers since the announcement.

Government Advisory: The US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory with the UK's NCSC and Germany's BSI on 8 April 2026, warning that AI-driven vulnerability discovery "materially changes the threat model for all organisations" and urging immediate review of patch management processes.

Model behaviour remains a concern even within legitimate use. Claude Mythos operates autonomously, scanning codebases and generating exploit code without human review of each step. If the model misclassifies a benign code pattern as a vulnerability, or generates an exploit that causes unintended damage during testing, the consequences could be severe. Anthropic has implemented safety filters, but the track record for containing autonomous AI systems within intended boundaries is limited. A prompt injection attack against the model itself could redirect its capabilities.

Open source maintainers face particular strain. The Linux Foundation is a consortium member, but thousands of smaller open source projects are not. Daniel Stenberg has warned that maintainers of critical libraries, many of whom are volunteers, will receive an accelerating flood of AI-generated vulnerability reports without the resources to triage them. The security burden of AI-generated code already strains small teams. Glasswing adds AI-generated vulnerability reports to the pile.

Finally, the timing raises questions. Anthropic is widely reported to be preparing an IPO. A high-profile cybersecurity initiative with twelve major technology partners generates significant media coverage and positions Anthropic as an AI safety leader. Whether Glasswing is primarily a public good or a strategic business move is an open question that investors, regulators, and customers will each answer differently.

Action Plan

What You Should Do Now

Whether or not your organisation joins a consortium like Glasswing, six actions can materially reduce your exposure to AI-accelerated threats. These are ordered by impact and urgency.

Priority 1: This week

Reduce your attack surface

Audit all externally facing services. Disable anything not actively required. Close unnecessary ports. Remove default credentials. Every exposed service is a target for AI-driven scanning, and Claude Mythos has shown that discovery happens in hours, not months.

Priority 2: This month

Implement SCA and maintain a SBOM

Software Composition Analysis identifies known vulnerabilities in your dependencies. A Software Bill of Materials gives you a real-time inventory of every component in your stack. When a Glasswing disclosure hits, you need to know within minutes whether you are affected.

Priority 3: This month

Adopt assume-breach architecture

Segment your network. Implement zero-trust principles. Assume that an attacker will get in and design your systems so that a single compromised service does not give access to everything. The principle of least privilege applies to every component.

Priority 4: This quarter

Shorten patch cycles to under 72 hours

Monthly or quarterly patch schedules are no longer viable for critical vulnerabilities. With 2,500 organisations compromised in one hour during a recent incident, you need the ability to deploy critical patches within 72 hours of disclosure, ideally faster.

Priority 5: This quarter

Use AI for defence, not just productivity

AI-driven threat detection, anomaly identification, and automated response tools are now table stakes. If attackers use AI to find vulnerabilities, defenders need AI to detect exploitation attempts. Evaluate tools that integrate with your existing SIEM and SOAR infrastructure.

Priority 6: Ongoing

Conduct a baseline security assessment

The BSI CyberRisiko-Check or equivalent frameworks (NIST CSF, ISO 27001 gap analysis) provide a structured starting point. You cannot defend what you have not measured. With only 56 percent of European SMEs meeting basic requirements, the gap is often larger than expected.

Key Takeaway

Project Glasswing marks the beginning of AI-speed cybersecurity. The twelve consortium members will be better protected. Everyone else needs to close the gap through faster patching, better visibility into their software supply chain, and defensive AI tooling. The window between vulnerability disclosure and exploitation is shrinking. Your patch cycle needs to shrink faster.

Further Reading

Claude Code Leak: Lessons for AI Agents Prompt Injection: The Underestimated AI Threat Vibe Coding: Security Risks in AI-Generated Code Nvidia NemoClaw: AI Agent Security Project Glasswing (Anthropic) The Glasswing Paradox (Picus Security) Simon Willison on Project Glasswing

Frequently Asked Questions

What is Project Glasswing? +

Project Glasswing is an AI cybersecurity initiative launched by Anthropic on 7 April 2026. Twelve technology companies, including Apple, Google, Microsoft, AWS, and CrowdStrike, form the founding consortium. Anthropic is providing USD 100 million in API credits and deploying Claude Mythos Preview to autonomously discover zero-day vulnerabilities in the consortium members' software. Vulnerabilities are disclosed exclusively to consortium partners before public release.

What can Claude Mythos Preview do? +

Claude Mythos Preview is Anthropic's specialised cybersecurity model. It scores 83.1 percent on the CyberGym benchmark, outperforming all previous AI systems. It found a 27-year-old bug in OpenBSD's kernel, a browser exploit chain in Chromium (CVE-2026-3192), and a FreeBSD remote code execution vulnerability. In controlled testing against Firefox, it achieved a 72.4 percent success rate for sandbox escapes.

Who belongs to the Glasswing consortium? +

The twelve founding members are Apple, Google, Microsoft, Amazon Web Services (AWS), CrowdStrike, Palo Alto Networks, Cisco, Fortinet, Cloudflare, Elastic, Trail of Bits, and the Linux Foundation. These organisations receive early access to vulnerability disclosures and Claude Mythos scanning capabilities. Companies outside the consortium do not receive advance notice.

What does Glasswing mean for European businesses? +

European businesses face increased risk because AI-driven vulnerability discovery will accelerate both defensive and offensive capabilities. According to the BSI (Germany's federal cybersecurity agency), vulnerability exploitation rose 38 percent year-on-year. Only 56 percent of European SMEs meet basic IT security requirements. Organisations outside the consortium will receive vulnerability disclosures later, narrowing the window to patch before exploitation.

Is Claude Mythos publicly available? +

No. Claude Mythos Preview is currently restricted to Glasswing consortium members. Anthropic has not announced a timeline for broader access. The API is available only through the consortium programme, not through standard Anthropic API subscriptions. This controlled release is intended to prevent misuse, though researchers have raised concerns about the dual-use potential of AI vulnerability discovery.

How can I protect my business now? +

Six immediate steps: reduce your attack surface by removing unused services and open ports, implement Software Composition Analysis (SCA) and maintain a Software Bill of Materials (SBOM), adopt assume-breach architecture with network segmentation and zero-trust principles, shorten patch cycles to under 72 hours for critical vulnerabilities, deploy AI-driven defence tools for threat detection, and conduct a BSI CyberRisiko-Check or equivalent baseline assessment to identify gaps.