Skip to content

AI giant Anthropic announced Project Glasswing, named for the Greta oto butterfly, a partnership designed to use AI to protect against cyber attacks. Photo by iStock.

Project Glasswing: Anthropic’s New Initiative to Use AI to Bolster Cyber Defenses

By Scott Briscoe
8 April 2026

Today in Security

Artificial intelligence (AI) company Anthropic has the cybersecurity world aflutter with its Project Glasswing announcement on 7 April.

In a nutshell, Anthropic developed a large language model (LLM) it calls Claude Mythos Preview that is particularly good at finding and exploiting software programming vulnerabilities. Anthropic said it will not be releasing the LLM publicly, rather, they will share the model with selective companies.

In the initial announcement, Anthropic said Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks would all “use Mythos Preview as part of their defensive security work.” Anthropic is also working with more than 40 other organizations to allow them to use the tool.

U.S. Senator Mark R. Warner (D-VA), vice chair of the Select Committee on Intelligence, released a statement emailed to press, including Security Management, that praised the development:

“I applaud these leading companies for recognizing this threat and proactively sharing information, capabilities, and computing capacity to better protect our critical infrastructure. We are already seeing cyber threat actors using AI tools to improve their capabilities, putting government, businesses, and consumers’ security and personal information at risk. I have long worked to shore up the cybersecurity of our critical infrastructure, from hospitals to government systems and more. As AI dramatically accelerates the discovery of new vulnerabilities, I hope industry will correspondingly accelerate and reprioritize patching.”

Cyberscoop reported that Mythos Preview had already identified thousands of previously unknown vulnerabilities. “The initiative reflects growing concerns within the technology sector about the dual-use nature of advanced AI systems,” Cyberscoop reported. “While Mythos Preview was not trained specifically for cybersecurity purposes, its coding and reasoning capabilities have proven effective at identifying subtle security flaws that have eluded human analysts and conventional automated tools.”

Anthropic has what it calls its “Frontier Red Team,” a unit dedicated to finding flaws or other potential negative consequences or uses for its AI products. Alongside the announcement of Project Glasswing, the Frontier Red Team group published a lengthy blog post (more than 13,000 words) that “provides technical details for researchers and practitioners who want to understand exactly how we have been testing this model, and what we have found over the past month. We hope this will show why we view this as a watershed moment for security, and why we have chosen to begin a coordinated effort to reinforce the world’s cyber defenses.”

The Red Team post details a few examples of the vulnerabilities Mythos Preview uncovered. One of them involves an open source code known as OpenBSD. This particular code was developed in the 1990s. The code lives on edge devices, which, as ASIS’s essentials course, “Convergence: Bridging the Gap Between Physical Security and Cybersecurity,” explains, is the physical security equivalent of the perimeter. OpenBSD is used specifically in edge devices because its reputation is that it is less susceptible to cyberattacks than alternatives.

However, Mythos Preview, operating on a simple initial prompt to find coding vulnerabilities, found one that had gone undiscovered in the code since 1998. The “quite subtle” vulnerability, since patched, would give hackers the capability to shutdown these edge devices through a simple denial-of-service (DoS) attack at will. And since these are edge devices being compromised, the attack would force the shutdown of downstream devices, such as an organization’s core networks. Shutting down a core network, and effectively shutting off access to it, would be a safety prevaution on the part of an organization trying to limit the damage until the edge vulnerability is fixed.

The reason Anthropic’s new tool can uncover a vulnerability in something like OpenBSD, which is used specifically for its security capability, is a matter of sophistication. In a video on the product, Nicolas Carlini, a research scientist at Anthropic, said Mythos Preview “has the ability to chain together vulnerabilities. What this means is you find two vulnerabilities, either of which doesn’t really get you very much independently, but this model is able to create exploits out of three, four, sometimes five vulnerabilities that in sequence give you some kind of very sophisticated end outcome.”

Since the announcement yesterday and as of the time this article was published, the Trump administration has not commented on Project Glasswing. Earlier this year, the U.S. Department of Defense (DOD) and Anthropic had a spat that ultimately led the DOD to label Anthropic a supply chain security risk, a label that was put on hold by an injunction from the U.S. District Court for the Northern District of California.

AI presents many security challenges for companies, from deepfakes to more believable phishing and social engineering schemes to using AI to develop tools that find vulnerable cyber attack surfaces. With its selective release of Mythos Preview, Anthropic is attempting to address the latter issue.

“Project Glasswing provides a unique, early-stage opportunity to evaluate next-generation AI tools for defensive cybersecurity across critical infrastructure both on our own terms and alongside respected technology leaders,” Pat Opet, chief information security officer at JPMorganChase, said in a statement in the project’s announcement. “We will take a rigorous, independent approach to determining how to proceed and where we can help. Anthropic’s initiative reflects the kind of forward-looking, collaborative approach that this moment demands.”

Best-selling author and The New York Times columnist Thomas Friedman wrote that the development of such a tool was frightening and called on the world's two AI superpowers, the United States and China, to collaboratively work to protect the planet from what Mythos Preview could unleash if it fell into the wrong hands. He noted that the model had already uncovered major vulnerabilities in every major operating system and browser in use.

"This is potentially as fundamental and significant a turning point as was the emergence of mutually assured destruction and the need for nuclear nonproliferation," Friedman wrote.

Focus on Warehouse and Distribution Center Security

How to Secure the Modern Warehouse

Phantom Freight Scams Boost Cargo Crime Rates

Why Violence Risk in High-Turnover Environments Is a Leadership and HR Governance Problem

Scrap Disposal: When the End of the Supply Chain Becomes a Brand and Public Safety Risk

Scan Here for Security

Best of Security Management

How to Create and Maintain an Effective SOC

A Cascading Crisis: U.S. Federal Prisons Grapple with Decades of Unsafe Understaffing

The Other Side of the Looking Glass: Providing Security for Marches and Rallies

Is Your Workplace Toxic? Here's What You Need to Do

Preventing Workplace Violence: Holistic Support Starts with Listening to Nurses

What to Add to a Rules of Engagement Document
arrow_upward