Project Glasswing

Project Glasswing is Anthropic’s trusted-access defensive cybersecurity program for Mythos-class capability: it gives vetted defenders access to models and tooling that can find serious vulnerabilities faster than the security ecosystem can currently verify, disclose, and patch them.

What it is

  • A gated program announced 2026-04-07 to secure critical software before increasingly capable AI models can be misused against it.
  • The original launch organizations were AWS, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
  • Anthropic also said access had been extended to more than 40 additional organizations that operate or maintain critical software, later summarized as roughly 50 initial partners.
  • The model first used for this work was Claude Mythos Preview, which Anthropic did not make generally available because of its cyber capability jump.
  • Claude Mythos 5 became the access-gated successor to Mythos Preview, while Claude Fable 5 became the broadly available configuration with cyber and bio safeguards.
  • The current program is not a normal account tier. It is an approval and trust program layered on top of account-team access.

How it works

  • Initial work centered on finding and fixing vulnerabilities in foundational systems, including local vulnerability detection, black-box binary testing, endpoint security, and penetration testing.
  • Anthropic’s disclosed workflow uses codebase mapping, scanning subagents, triage, reports, and threat-model building for prioritization.
  • By 2026-05-22, Anthropic reported that it and roughly 50 partners had found more than 10,000 high- or critical-severity vulnerabilities.
  • The same update says Cloudflare found 2,000 bugs, including 400 high- or critical-severity findings, while testing Mythos Preview.
  • Anthropic also scanned more than 1,000 open-source projects. It reported 23,019 estimated total vulnerabilities and 6,202 estimated high- or critical-severity vulnerabilities.
  • Of 1,752 high- or critical-rated findings assessed by independent security firms or Anthropic, 90.6 percent were valid true positives, and 62.4 percent were confirmed high or critical.
  • The coordinated vulnerability disclosure dashboard reported 1,596 disclosed vulnerabilities across 281 open-source projects, 97 patched, and 88 assigned CVE or GHSA identifiers as of retrieval.
  • The bottleneck changed: finding vulnerabilities became easier than verifying, disclosing, patching, and deploying fixes.
  • On 2026-06-02, Anthropic expanded Glasswing to about 150 new organizations in more than 15 countries.
  • The expansion added underrepresented sectors such as power, water, healthcare, communications, hardware, vendors, nonprofits, critical open-source maintainers, and safety testers.
  • Anthropic says most partners are organizations where a successful attack on their codebase could affect more than 100 million people.
  • The current Mythos page frames Mythos 5 access as a small but growing trusted-access program for cybersecurity and, soon, biology research.

Best practice

  • Treat Glasswing as a model-access governance system, not just a security project. EVIDENCE-BASED
  • Use Fable 5 for general Mythos-class work and treat Mythos 5 as requiring prior approval, security review, and safety monitoring. EVIDENCE-BASED
  • Do not infer approval criteria from the public partner list; Anthropic says new organizations must meet security requirements, but it has not published those requirements. EVIDENCE-BASED
  • Center any Mythos workflow on triage and patch throughput, not just finding more bugs. EVIDENCE-BASED
  • Record disclosure state for every vulnerability-like finding: found, reproduced, severity-assessed, disclosed, patched, advisory issued, and deployed. PRACTITIONER
  • For ordinary defensive work blocked by Fable, check whether Opus or Sonnet through the Cyber Verification Program is the documented path before assuming Mythos access is relevant. EVIDENCE-BASED

Pitfalls

  • Treating the named launch organizations as the full membership. The launch page names 12 launch organizations and separately mentions more than 40 additional organizations.
  • Counting Anthropic as an external founding partner. The launch list includes Anthropic itself.
  • Treating the Cyber Verification Program as a Mythos 5 approval path. The current help article says it applies only to Opus and Sonnet class models.
  • Measuring Glasswing success by findings alone. Anthropic’s own updates make human verification, disclosure, and patching the rate limit.
  • Using press reports for country names or approval details as if Anthropic confirmed them. The official expansion page says more than 15 countries but does not name them.
  • Assuming Mythos Preview access continues unchanged. Current docs frame Mythos 5 as the successor and upgrade path for eligible users.

Sources

Next actions

  • Watch the Glasswing page for published security requirements, appeal paths, and biology access criteria.
  • Track the CVD dashboard at each source refresh and record whether patch throughput improves.
  • Add named country and partner expansions only when Anthropic confirms them or when press claims are explicitly labeled as press-only.
  • Recheck whether the Cyber Verification Program expands beyond Opus and Sonnet.
  • Add a Glasswing workflow checklist if the user wants a practical security-ops playbook.