Project Glasswing: Why AI Just Changed Cybersecurity Forever

What Happened

On April 8, 2026, Anthropic announced Project Glasswing, a cross-industry initiative bringing together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks to defend the world's most critical software using frontier AI.

Anthropic is committing up to $100M in usage credits and $4M in direct donations to open-source security organizations. Over 40 additional organizations that build or maintain critical software infrastructure have been given access to scan and secure both first-party and open-source systems.

This is not a product launch or a partnership press release. This is the cybersecurity industry acknowledging a fundamental inflection point: AI models can now find and exploit software vulnerabilities at a level that surpasses all but the most elite human researchers.

Claude Mythos Preview

At the center of Project Glasswing is Claude Mythos Preview, an unreleased frontier model trained by Anthropic. On the CyberGym vulnerability reproduction benchmark, Mythos Preview scored 83.1% compared to 66.6% for their previous best model, a substantial jump in capability.

What makes this significant isn't just the benchmark score. It's the nature of the findings: Mythos Preview identified vulnerabilities entirely autonomously, without human steering. It doesn't just pattern-match against known vulnerability classes, it reasons about code semantics, chains multiple flaws together, and develops working exploits.

On broader coding and reasoning benchmarks, the model shows similarly dramatic improvements: 93.9% on SWE-bench Verified, 77.8% on SWE-bench Pro, and 82.0% on Terminal-Bench 2.0. These aren't incremental gains, they represent a qualitative shift in what AI systems can do with code.

Real-World Findings

Anthropic has already used Mythos Preview to identify thousands of zero-day vulnerabilities, including critical flaws in every major operating system and web browser. Three disclosed examples illustrate the scope:

• OpenBSD (27-year-old vulnerability), A remote crash vulnerability in one of the most security-hardened operating systems in existence, used widely for firewalls and critical infrastructure. This flaw survived decades of expert human review.
• FFmpeg (16-year-old vulnerability), Found in a line of code that automated testing tools had executed five million times without catching the issue. FFmpeg is embedded in countless video processing applications worldwide.
• Linux kernel (exploit chain), The model autonomously found and chained together several vulnerabilities to escalate from ordinary user access to complete machine control, the kind of multi-step attack path that typically requires elite red team expertise.

All disclosed vulnerabilities have been reported and patched. Anthropic has published cryptographic hashes of additional findings that will be disclosed after fixes are in place.

Industry Response

The coalition of partners reads like a who's-who of enterprise technology and cybersecurity. Notable statements from industry leaders underscore the urgency:

CrowdStrike CTO Elia Zaitsev framed the timeline bluntly: "The window between a vulnerability being discovered and being exploited by an adversary has collapsed, what once took months now happens in minutes with AI."

Cisco's Chief Security & Trust Officer Anthony Grieco was equally direct: "AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back."

Palo Alto Networks' CPTO Lee Klarich emphasized the attacker implication: "Everyone needs to prepare for AI-assisted attackers. There will be more attacks, faster attacks, and more sophisticated attacks. Now is the time to modernize cybersecurity stacks everywhere."

The Linux Foundation CEO Jim Zemlin highlighted the open-source dimension: by giving maintainers access to these models, "AI-augmented security can become a trusted sidekick for every maintainer, not just those who can afford expensive security teams."

What This Means for Defenders

Project Glasswing confirms what the security industry has been anticipating: the asymmetry between attackers and defenders is about to shift dramatically, in both directions.

The threat: AI models with these capabilities will proliferate. Anthropic acknowledges this directly, "it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely." Offensive AI tooling will become accessible to less sophisticated threat actors, dramatically expanding the threat landscape.

The opportunity: The same capabilities that make AI dangerous in adversarial hands make it invaluable for defense. Continuous, autonomous vulnerability discovery at scale, running 24/7 against your codebase, your dependencies, your infrastructure, is now technically feasible.

The gap: Organizations that adopt AI-augmented security posture management will pull ahead. Those that don't will face an increasingly hostile environment where their software is being probed by AI-equipped adversaries while their defenses remain static.

What Security Teams Should Do Now

This announcement doesn't change what good security practice looks like, it changes the urgency. Security leaders should be taking these steps immediately:

• Accelerate vulnerability management cadence, Annual pentests are no longer sufficient. Move toward continuous security assessment integrated into CI/CD pipelines.
• Audit your software supply chain, If AI can find decades-old vulnerabilities in OpenBSD and the Linux kernel, your third-party dependencies are exposed. Implement SBOM tracking and continuous dependency scanning.
• Evaluate AI-augmented security tooling, The market for autonomous security testing is maturing rapidly. Start piloting these tools in staging environments now.
• Patch faster, The window between disclosure and exploitation is collapsing. Automate patching for critical infrastructure components wherever possible.
• Prepare for AI-augmented threats, Update your threat models to account for adversaries with AI-level code analysis capabilities. This affects your assumptions about what vulnerabilities will be found and how quickly.

Project Glasswing is a defensive mobilization. The question for every security team is whether they'll be ready when the same capabilities reach adversaries who aren't part of a responsible disclosure coalition.