Anthropic just announced something that should stop every engineering leader cold: they built an AI model so capable at finding and exploiting software vulnerabilities that they decided it was too dangerous to release to the public. Then they used it anyway — but only to defend the infrastructure the rest of us depend on.
That's Project Glasswing. And it launched April 7–8, 2026.
What Is Project Glasswing?
Project Glasswing is a cybersecurity coalition launched by Anthropic to secure the world's most critical software infrastructure — starting with open source (anthropic.com/glasswing).
The coalition includes 12+ named anchor partners — Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks — within a broader group of 45+ organizations, per WIRED. The anchor partners represent the companies with the deepest integration into the initiative; the broader coalition includes smaller organizations and open source maintainers gaining access to the tooling.
At the center of it is Claude Mythos Preview: a frontier AI model that Anthropic describes as having surpassed "all but the most skilled humans at finding and exploiting software vulnerabilities" (Forbes). It is not available to the public. It is being made available exclusively to vetted Glasswing partners.
Anthropic is backing the initiative with $100 million in Claude usage credits — one of the largest AI-for-defense commitments by a single AI lab to date (NYT).
The Name Is Not an Accident
The glasswing butterfly (Greta oto) has transparent wings. You can see straight through them — and yet most predators still miss it.
Anthropic chose the name deliberately: software vulnerabilities hide in plain sight inside widely-used code, invisible until someone knows exactly where to look. The name also signals the transparency Anthropic claims to want in how AI gets deployed — visible, accountable, not hidden behind closed doors (Decode the Future; The AI Corner).
It's a rare case where a corporate project name actually carries weight.
The Core Problem Glasswing Is Trying to Solve
Modern software infrastructure has a structural security problem: the code that runs hospitals, banks, power grids, and elections is largely open source — maintained by volunteers and small teams with no dedicated security budget. When a zero-day vulnerability sits in that code, it's available to every attacker on the planet before any defender has patched it.
AI has made this worse. Models capable of finding and exploiting vulnerabilities at scale are becoming more accessible. The attack surface is expanding faster than human defenders can cover it.
AWS analyzes over 400 trillion network flows every day for threats (anthropic.com/project/glasswing). That's not a problem human analysts can solve manually. It's a problem that requires AI — which means the question isn't whether AI gets used in cybersecurity. It's whether defenders or attackers get the capable models first.
Glasswing's Answer: Give Defenders a Head Start
Anthropic's stated logic is direct: the same AI that can break things can fix them — but only if defenders move first.
Jared Kaplan, Anthropic's Chief Science Officer, put it plainly: "The goal is both to raise awareness and to give good actors a head start on the process of securing open-source and private infrastructure and code." (NYT)
In the weeks before launch, Claude Mythos Preview identified what Anthropic describes as thousands of zero-day vulnerabilities spanning every major operating system and every major web browser — a figure Anthropic self-reports on its announcement page and that has not yet been independently verified by third parties (anthropic.com/glasswing). Those findings are being disclosed to affected vendors through Project Glasswing's coordinated disclosure process.
Microsoft's Global CISO Igor Tsyganskiy framed the stakes: "As we enter a phase where cybersecurity is no longer bound by purely human capacity, the opportunity to use AI responsibly to improve security and reduce risk at scale is unprecedented." (anthropic.com/project/glasswing)
The Open Source Angle: The Underfunded Humans Keeping the Internet Running
The most underreported part of Project Glasswing is who gets access to Mythos Preview beyond the enterprise partners.
Open source maintainers — often individual contributors or small volunteer teams — now have access to the most powerful AI security scanning tool ever built, at no cost, through the Linux Foundation's participation in the coalition (Linux Foundation).
This matters because open source code is the substrate everything else runs on. The AI agents writing new software today are building on open source libraries. If those libraries have unpatched vulnerabilities, every system built on top of them inherits the risk. Giving maintainers access to Mythos Preview is a direct attempt to close that gap before it compounds — and it's one of the clearest examples of AI for humanity's benefit operating at infrastructure scale.
The Responsible Withholding Question
Anthropic is making a bet that's almost unprecedented in the technology industry: deliberately not releasing a product because releasing it could cause serious harm.
This is the philosophical core of Project Glasswing — and it's worth sitting with. The same capability that makes Mythos Preview valuable for defense makes it dangerous in the wrong hands. Anthropic's answer is controlled access: vetted partners, coordinated disclosure, no public API.
The Anthropic red team's documentation on Mythos Preview (red.anthropic.com/2026/mythos-preview) frames this as a temporary asymmetry — defenders get the tool now, before comparable capabilities become broadly available to bad actors. The window won't stay open indefinitely.
Whether this model holds — controlled deployment of dual-use AI as a strategy for shaping the future of AI security — is one of the defining questions the industry will be watching.
The Criticism Worth Taking Seriously
Not everyone is convinced the approach works.
Picus Security — a security vendor with commercial interests in the vulnerability management space, which is worth noting — published an analysis arguing that fewer than 1% of vulnerabilities found by Mythos Preview have been patched as of launch (Picus Security). Their argument: finding more vulnerabilities faster doesn't help if the patching pipeline is already overwhelmed. You can surface ten thousand bugs; if engineering teams can't triage and remediate them, the attack surface doesn't shrink.
This is a real operational challenge. Glasswing's value depends entirely on what happens after the scan — and that's a people and process problem, not an AI problem. Engineering leaders integrating Mythos findings into their workflows will need to think hard about triage capacity before the vulnerability queue becomes noise.
Key Takeaways for Engineering Leaders
What Comes Next
Project Glasswing is live as of April 8, 2026. Coordinated vulnerability disclosures are already in motion. The patching work — the hard, unglamorous part — is just beginning.
The glasswing butterfly survives because its transparency makes it hard to target. The bet Anthropic is making is that software infrastructure can work the same way: make the vulnerabilities visible to the right people, fast enough, and the attack surface shrinks before adversaries can exploit it.
Whether that bet pays off depends less on the AI and more on what engineering teams do with the findings. That's the part no model can automate.
Sources: Anthropic Project Glasswing · NYT · WIRED · VentureBeat · Forbes · Picus Security · Linux Foundation · Anthropic Red Team
Enjoyed this? I write weekly about AI, DevSecOps, and engineering leadership for builders who think as well as they ship.
→ Follow me on Dev.to for weekly posts on AI, DevSecOps, and engineering leadership.
Find me on Dev.to · LinkedIn · X
Top comments (0)