Artificial intelligence is rapidly changing cybersecurity—and few projects illustrate the tension between defense and risk as clearly as Anthropic’s Mythos AI and its Project Glasswing initiative.
Anthropic recently updated its policies to allow participants using the restricted Claude Mythos Preview model to share cybersecurity findings with organizations exposed to the same vulnerabilities. The goal is to speed up defensive responses across critical systems while maintaining strict limits on who can access the powerful AI tool itself.
Claude Mythos Preview is an unreleased frontier AI model developed by Anthropic with unusually strong capabilities in coding and security analysis. Testing has shown it can identify previously unknown software vulnerabilities, including zero‑day flaws, across major operating systems, browsers, and widely used software libraries.
That capability could dramatically improve cyber defense. By quickly identifying weaknesses before attackers do, organizations can patch vulnerabilities earlier and reduce the risk of large‑scale cyber incidents.
But those same abilities create serious risks: the model could also be used to discover and exploit weaknesses at scale if it were widely available. For that reason, Anthropic has kept Mythos out of public release and instead deployed it only through a controlled program called Project Glasswing.
Originally, participants in Project Glasswing were restricted from broadly sharing vulnerability discoveries generated with Mythos due to nondisclosure rules.
Anthropic has now revised that policy. Participants can share threat information with organizations that may be affected by the same vulnerabilities, enabling faster coordinated defensive action across the software ecosystem.
The idea is straightforward:
Supporters argue this change aligns the program more closely with traditional responsible vulnerability disclosure practices, where sharing critical information among defenders is key to preventing widespread attacks.
Project Glasswing brings together a group of major technology, cybersecurity, and infrastructure organizations working with Anthropic to test the model in controlled defensive environments.
Participants reported to be involved include:
These organizations maintain or secure infrastructure used by billions of people, which makes them natural partners for testing AI‑assisted vulnerability discovery at scale.
Despite allowing limited sharing of threat intelligence, Anthropic is still keeping Mythos tightly restricted.
The reason is simple: the model’s capabilities are considered too powerful for open release.
Researchers and early testing suggest Mythos can rapidly uncover serious vulnerabilities across widely used systems. While this could significantly improve defensive security, it also raises the risk that malicious actors could use the tool to automate discovery and exploitation of software flaws.
To reduce that risk, Anthropic is:
The potential impact of AI‑driven vulnerability discovery has drawn attention from governments and financial regulators.
Authorities in several countries have sought briefings from Anthropic about the risks posed by Mythos, including concerns that the model could expose weaknesses in critical financial infrastructure such as banks and payment systems.
These concerns highlight how powerful cybersecurity AI tools are becoming relevant not just to technology companies but also to national security and economic stability.
Mythos and Project Glasswing have sparked a broader debate in the cybersecurity community.
On one side, many security professionals argue that faster vulnerability discovery and coordinated disclosure strengthen global defenses. AI tools could help defenders identify weaknesses earlier than attackers and reduce the time systems remain exposed.
On the other side, critics warn that such powerful systems could dramatically lower the cost of offensive cyber operations if misused. Even limited leaks or expanded access could allow attackers to automate large‑scale vulnerability discovery.
Anthropic’s approach—limited access, controlled testing, and selective information sharing—represents one attempt to strike a balance between these competing goals.
The Mythos program suggests that cybersecurity may soon enter a new phase where AI systems can discover vulnerabilities faster than human researchers.
If that trend continues, the challenge will shift from simply finding flaws to managing how powerful vulnerability‑finding tools are controlled, shared, and governed.
Project Glasswing is effectively an early experiment in that future: using frontier AI to strengthen collective defense while trying to prevent the same technology from becoming a powerful new weapon for attackers.
Studio Global AI
Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.
Anthropic now allows vetted Project Glasswing partners using its restricted Mythos AI model to share discovered cybersecurity threats with organizations facing the same vulnerabilities, aiming to speed up coordinated...
Anthropic now allows vetted Project Glasswing partners using its restricted Mythos AI model to share discovered cybersecurity threats with organizations facing the same vulnerabilities, aiming to speed up coordinated... Major participants include companies such as Amazon Web Services, Apple, Google, Microsoft, Nvidia, Cisco, CrowdStrike, Broadcom, JPMorganChase, and Palo Alto Networks collaborating to secure critical global software...
The change highlights a growing debate: faster AI‑driven vulnerability discovery can strengthen collective defense, but broader access could also accelerate cyberattacks or expose sensitive infrastructure weaknesses.[...