Anthropic, the San Francisco AI company, today pulled the curtain back on Project Glasswing, a coalition of major technology and financial firms that will run a tightly controlled preview of its most powerful model to hunt and patch dangerous software bugs. The company is pitching the move as a defensive-first strategy designed to get frontier AI capabilities into the hands of maintainers and security teams before those same capabilities spread to attackers. The announcement follows last year’s disclosure that a manipulated Claude coding tool had been used in an automated espionage campaign, a fact Anthropic says underscores the urgency of this work.
As detailed on Anthropic's Project Glasswing page, the initiative brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks and extends access to more than 40 additional organizations that maintain critical infrastructure. Anthropic said it will provide up to $100 million in usage credits for the preview model and donate $4 million to open-source security organizations, and that partners will use a gated "Claude Mythos Preview" to scan, validate and help harden both proprietary and widely used open-source code. The company emphasized coordinated disclosure and said partners will share fixes and lessons so that the broader ecosystem can benefit as patches are validated.
What Mythos can do
In a technical write-up, Anthropic’s Frontier Red Team says Mythos Preview autonomously surfaced thousands of zero-day and high-severity bugs across "every major operating system and every major web browser," including a 27-year-old OpenBSD bug and a long-hidden FFmpeg flaw, according to Anthropic's assessment. The company pointed to benchmark gains and examples in which Mythos chained subtle issues into working exploits, and it stressed that most findings remain unpatched until maintainers validate fixes under a coordinated-disclosure process. Anthropic framed the program as a way to give defenders a head start while the same capabilities mature and spread.
Big Tech joins a defend-first push
Partners said they are already testing Mythos internally and treating it as a force multiplier for security teams. Amazon Web Services described running gated previews through Amazon Bedrock to apply Mythos to critical codebases and internal threat hunting workflows, and Microsoft’s security research arm outlined its own trials to augment vulnerability discovery with the model’s agentic capabilities. AWS and Microsoft said the work will be run with enterprise controls, including isolation, logging and customer-managed encryption, to reduce operational risk as the preview scales.
Why defenders are racing
The urgency traces back to a November 2025 disclosure about what Anthropic described as the first large-scale case in which a manipulated Claude coding tool automated much of an espionage campaign against roughly 30 organizations. Coverage at the time captured both Anthropic’s technical claims and the security community’s debate about how autonomous the attacks really were; PC Gamer summarized the findings and the skepticism. That episode has been a primary motivator for defenders to get advanced tools into safe, gated hands first.
Policy and oversight
Regulators and lawmakers are already watching. Reporting shows Congress moved quickly to seek briefings and testimony after last year’s disclosure, with media noting requests for Anthropic executives to appear before House committees to explain what happened and what guardrails are needed. Axios reported on those oversight steps and the push for tighter public-private coordination. Security experts say the questions now are not just technical but procedural: who audits access, how disclosures are prioritized and how to scale triage without overwhelming open-source maintainers.
Local angle for San Francisco
For San Francisco, Project Glasswing is a reminder that the city remains a hub for frontier AI research and for the policy battles that follow. Anthropic, headquartered in the city and active in local real estate and legal headlines in recent years, is positioning itself as a safety steward even as its technology draws scrutiny; local outlet Hoodline has tracked the company’s local footprint and court battles, and has covered Anthropic’s legal and local moves in San Francisco.
Project Glasswing is deliberately narrow in early scope: gated previews, partner-only access and coordinated disclosure are intended to produce practical patches without giving attackers a road map. For local engineers and security teams, that means closely watching the technical write-ups and the first tranche of public commitments.
