Anthropic's Project Glasswing - restricting Claude Mythos to security researchers - sounds necessary to me

2026-04-07 · Source: Simon Willison's Weblog · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Software Development & Engineering · Depth: Expert, long

Summary

Anthropic has launched Project Glasswing, a restricted preview program for its new Claude Mythos Preview model, which possesses advanced cybersecurity research capabilities. Unlike Claude Opus 4.6, which had a near-0% success rate, Mythos Preview successfully developed working exploits 181 times in a benchmark against Mozilla's Firefox 147 JavaScript engine. Anthropic claims the model has found thousands of high-severity vulnerabilities, including some in every major operating system and web browser, and can chain together multiple vulnerabilities to create sophisticated exploits. Project Glasswing provides $100M in usage credits and $4M in direct donations to open-source security organizations, partnering with entities like AWS, Apple, Microsoft, Google, and the Linux Foundation to proactively address these risks. The model will not be generally available, as Anthropic aims to develop safeguards before wider deployment of "Mythos-class" models.

Key takeaway

For CTOs and VPs of Engineering evaluating their organization's cybersecurity posture, the emergence of models like Claude Mythos Preview signals an urgent need to reassess existing vulnerability management strategies. Your teams should prioritize integrating AI-powered vulnerability discovery tools and allocate significant resources to patching efforts, as the rate of newly identified, complex exploits will accelerate dramatically. Consider participating in industry initiatives like Project Glasswing to gain early access to defensive capabilities and contribute to collective security.

Key insights

Advanced LLMs are now autonomously finding and exploiting critical software vulnerabilities at an unprecedented scale.

Principles

• AI progress in code generation directly enhances cyber capabilities.
• Proactive industry-wide collaboration is essential for AI security.
• LLMs can chain multiple vulnerabilities for sophisticated exploits.

Method

Anthropic's Claude Mythos Preview model autonomously identifies and exploits vulnerabilities, including local privilege escalation, remote code execution, and complex multi-vulnerability chains, across major operating systems and web browsers.

In practice

• Use LLMs for local vulnerability detection.
• Apply AI for black box testing of binaries.
• Conduct AI-driven penetration testing.

Topics

• Claude Mythos
• Project Glasswing
• Vulnerability Research
• Exploit Development
• Open-Source Security

Code references

• openbsd/src

Best for: CTO, VP of Engineering/Data, Executive, AI Security Engineer, Software Engineer, Director of AI/ML

Related on AIssential

• Claude Mythos #2: Cybersecurity and Project Glasswing — Anthropic's Claude Mythos demonstrates unprecedented autonomous cyber exploitation capabilities, prompting a defensive, limited release strategy.
• Anthropic, Big Tech launch Project Glasswing for AI-led cybersecurity - Business Standard — Project Glasswing deploys Claude Mythos AI for defensive cybersecurity, identifying vulnerabilities across major systems.
• Expanding Project Glasswing — AI models are rapidly changing cybersecurity, necessitating industry-wide adaptation and robust defensive tools.
• Verizon Joins Anthropic’s Project Glasswing for AI Defence — Advanced AI models like Claude Mythos Preview can proactively identify critical zero-day vulnerabilities, necessitating collaborative defense initiatives like Project Glasswing.
• Claude Mythos Explained — A powerful AI model, Claude Mythos, is being selectively deployed to enhance cybersecurity defenses.
• An initiative to secure the world's software | Project Glasswing — Advanced LLMs trained for code can autonomously identify and chain complex software vulnerabilities, enhancing cybersecurity defense.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Simon Willison's Weblog.