Tom Hundley
On April 7, 2026, Anthropic announced something that read less like a product launch and more like a fire drill for the entire software industry. The company said it had built an AI model good enough at finding security flaws that releasing it the normal way would be reckless โ and that instead of selling it, it was handing limited access to a coalition of the world's biggest technology and infrastructure companies, with one job: go find and fix the vulnerabilities buried in the code that runs everything, before someone with worse intentions builds the same thing.
That initiative is Project Glasswing. This is the explainer โ what it is, why it exists, what is actually real today, and what is still a promise on a clock.
Project Glasswing is a coalition initiative aimed, in Anthropic's words, at "securing the world's most critical software." The premise is blunt: AI has gotten good enough at hunting software vulnerabilities that this capability is now a strategic asset โ and a hazard. Rather than let that capability arrive quietly and unevenly, Anthropic is trying to put it in the hands of defenders first, in a coordinated way, under terms it controls.
At the center sits a model called Claude Mythos Preview โ an unreleased frontier model that powers the bug-hunting work. Anthropic has been explicit that it "do[es] not plan to make Mythos Preview generally available." Access is limited to "a limited group of critical industry partners and open source developers with Project Glasswing." The whole point of the coalition structure is to enable, as Anthropic frames it, "defenders to begin securing the most important systems before models with similar capabilities become broadly available."
In other words: the model isn't the product. The head start is the product.
Both halves of the branding carry meaning, and both come straight from Anthropic.
Glasswing is named for Greta oto, the glasswing butterfly, whose wings are transparent. Anthropic invokes the metaphor two ways at once. The transparent wings "let it hide in plain sight, much like the vulnerabilities discussed in this post" โ flaws that have sat undiscovered in widely used software for years or decades. And those same wings "allow it to evade harm โ like the transparency we're advocating for."
Mythos comes "from the Ancient Greek for 'utterance' or 'narrative': the system of stories through which civilizations made sense of the world" โ a deliberately weighty name for a model Anthropic treats as a turning point.
The argument underneath Glasswing is that a threshold has been crossed. For most of computing history, finding a serious, novel vulnerability in mature, battle-tested software was elite, painstaking work โ the province of a small number of highly skilled researchers willing to spend weeks staring at one codebase.
Anthropic's claim is that this is changing. The company reports it has "seen Mythos Preview write exploits in hours that expert penetration testers said would have taken them weeks to develop." And it points to a difference in kind, not just speed: "the sheer scalability of the models allows us to search for bugs in essentially every important file, even those that we might naturally write off."
That combination โ expert-level results, delivered in hours instead of weeks, applied to every file rather than a hand-picked few โ is what reshapes the math. The reasonable synthesis, and the one this series will carry, is that an AI system can now out-find all but the most skilled human vulnerability hunters, at a scale no human team can match. Anthropic itself is careful not to wrap that into a single superlative; the verifiable facts are the speed, the scale, and the expert agreement (more on that below). The strategic conclusion follows from those facts. As Cisco's Anthony Grieco put it in Anthropic's announcement, "AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure."
The reason any of this rises to the level of a coalition is the scale of what's at stake. Anthropic frames the stakes economically: global cybercrime, it notes, "might be around $500B every year." (Note the hedge โ that's a rough order of magnitude, not a precise accounting, and Anthropic words it that way on purpose.)
The vulnerabilities feeding that number aren't exotic. They hide in exactly the kind of decades-old, foundational software the whole digital economy is built on โ operating systems, network stacks, media libraries, the open-source packages that quietly underpin nearly everything. As Linux Foundation executive director Jim Zemlin observed in the announcement, "Open source software constitutes the vast majority of code in modern systems." That code is everywhere, it's old, and much of it has never had a serious security review.
The defenders' problem has always been asymmetry: an attacker needs to find one usable flaw; defenders have to find and fix them all. The Glasswing bet is that AI, pointed deliberately at the defensive side first, can finally start to flip that asymmetry โ or at least keep it from tipping toward attackers as the same capability spreads.
Glasswing launched with 12 named partners, a roster that spans cloud, chips, security, finance, and open source:
Beyond those headline names, Anthropic says the launch cohort also included over 40 additional organizations โ roughly 50 in the initial group all told. That was the April picture; on June 2, 2026, Anthropic expanded the program by roughly 150 more organizations across 15-plus countries, pushing the coalition toward 200 (a later article in this series covers that expansion in detail). The figures in this explainer describe the April 7 launch unless noted.
A few of the executive quotes Anthropic published give a sense of the tone. CrowdStrike's Elia Zaitsev captured why this feels urgent rather than academic: "The window between a vulnerability being discovered and being exploited by an adversary has collapsed โ what once took months now happens in minutes." Palo Alto Networks' Lee Klarich framed the access decision itself: "It's clear that these models need to be in the hands of open source owners and defenders everywhere."
One caution worth stating, because it's exactly the kind of detail that gets overstated elsewhere: being on the launch list is not the same as having a publicly described, active role. Apple, for instance, appears in the 12-name roster with no stated role or quote. We treat the roster as a roster.
Anthropic published one especially load-bearing validation statistic. Of 198 vulnerability reports that were manually reviewed, "in 89% of the 198 manually reviewed vulnerability reports, our expert contractors agreed with Claude's severity assessment exactly, and 98% of the assessments were within one severity level."
That's a meaningful result โ human experts agreeing with the model's severity calls roughly nine times in ten โ and it supports the "expert-level" framing without inflating it.
The flip side is the uncomfortable number: as part of responsible disclosure, Anthropic notes that fewer than 1% of the discovered vulnerabilities have been fully patched by maintainers so far. Finding flaws turns out to be the easy part. Fixing them โ at the speed they're now being found โ is the hard part, and a theme this series returns to.
We'll keep the technical detail light here; later articles in this series go deep. At a high level, the discovery process is strikingly simple to describe:
The headline is that one plain-English instruction kicks off autonomous work that, at the high end, produces results expert humans said would have taken them weeks.
For a reader trying to size up Glasswing honestly, the most useful lens is to separate what has actually happened from what's been promised, and to separate both from what's merely been floated. There are three tiers.
The announcement itself, the coalition (12 named partners plus 40-odd more, roughly 50 organizations at launch), and the money are all concrete and committed:
Anthropic has promised that, "within 90 days," it "will report publicly on what we've learned, as well as the vulnerabilities fixed and improvements made that can be disclosed." Ninety days from the April 7 launch lands in early July 2026 โ which means that as of this writing, that public report is a commitment with a running clock, not something you can read yet. It's the single clearest milestone to watch.
The most forward-looking idea is the governance one, and Anthropic states it as a possibility, not a plan. "In the medium term," it writes, "an independent, third-party body โ one that can bring together private- and public-sector organizations โ might be the ideal home for continued work." Note the might. There is no such body today; this is a direction of travel, not a standing institution.
Holding those three tiers apart โ done, promised, hoped-for โ is the whole game when reading a launch this ambitious. The coalition and the credits are real. The 90-day report is owed. The governance body is a maybe.
Strip away the branding and Glasswing is a wager about timing. Anthropic believes a capability that meaningfully out-finds human vulnerability hunters is coming to the wider world whether it acts or not โ and that the responsible move is to give defenders a coordinated head start rather than let the capability arrive ungoverned. Whether that head start is enough โ given that fewer than 1% of found bugs are patched, and that the same model that finds a flaw could help exploit it โ is the question the rest of this series takes up.
For now, the on-ramp facts are these: Glasswing launched April 7, 2026 as a defender-first coalition of roughly 50 organizations led by 12 named giants (and has since grown by about 150 more); it runs on a deliberately unreleased model; it's backed by real money; and it ships with a 90-day promise of public accountability that is now ticking.
What is Project Glasswing?
Project Glasswing is a coalition initiative announced by Anthropic on April 7, 2026, aimed at "securing the world's most critical software." It gives a limited group of major technology, infrastructure, and open-source partners early, controlled access to an unreleased AI model โ Claude Mythos Preview โ to find and fix security vulnerabilities in foundational software before bad actors can exploit them.
Why is the model called Mythos, and why a glasswing butterfly?
"Mythos" comes from the Ancient Greek for "utterance" or "narrative" โ "the system of stories through which civilizations made sense of the world." "Glasswing" refers to the Greta oto butterfly, whose transparent wings evoke two ideas at once: vulnerabilities that "hide in plain sight," and the transparency Anthropic says it is advocating for.
Can I use Claude Mythos Preview?
No. Anthropic has stated it "do[es] not plan to make Mythos Preview generally available." Access is restricted to a limited group of critical-infrastructure partners and open-source developers participating in Project Glasswing. The strategy is to give defenders a head start before comparable capabilities become broadly available โ not to ship a product.
How much is Anthropic putting into this?
Anthropic committed up to $100M in Mythos Preview usage credits for partners, plus $4M in donations to open-source security: $2.5M to Alpha-Omega and the OpenSSF via the Linux Foundation, and $1.5M to the Apache Software Foundation. If the model is offered after the preview, the stated pricing is $25 per million input tokens and $125 per million output tokens.
Who are the launch partners?
The 12 named launch partners are Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic says more than 40 additional organizations also joined at launch, for an initial cohort of roughly 50.
Is Anthropic publishing results, and is there outside oversight?
Anthropic committed to report publicly "within 90 days" of the April 7 launch on what it learned, including vulnerabilities fixed and improvements that can be disclosed โ a deadline that lands in early July 2026. On governance, Anthropic has only floated a possibility: "in the medium term," it says, an "independent, third-party body" bringing together public- and private-sector organizations "might be the ideal home for continued work." No such body exists today.
Discover more content:
