Project Glasswing is the Diagnosis, Not the Solution

Last week, during internal testing of a new model called Mythos, Anthropic discovered it could autonomously find and exploit zero-day vulnerabilities—previously unknown security flaws—across every major operating system and web browser. The capabilities were not the result of cybersecurity-specific training but rather emerged from general improvements in coding and reasoning. In one case, Mythos found several flaws in the Linux kernel and autonomously chained them together into an exploit that would give an attacker complete control of any machine running Linux. Engineers at Anthropic with no formal security training asked the model to find remote code execution vulnerabilities overnight and woke up to complete, working exploits.

Anthropic decided not to make Mythos publicly available. Instead, it created Project Glasswing: a consortium of twelve major technology companies (including AWS, Apple, Google, Microsoft, and Nvidia) and over forty additional organizations that committed to using the model to defensively scan and patch their own systems before similar capabilities proliferated. Anthropic committed up to $100 million in usage credits and $4 million to open-source security organizations to support this effort.

Glasswing is the right shape for a response: independent parties, structured access, pre-deployment testing against real-world systems. It validates the architecture that effective governance requires. But Glasswing is a diagnosis, not a solution. It was voluntary and ad-hoc. Anthropic itself acknowledges that similar capabilities will likely be made widely available by other companies within six to eighteen months. There is no standard that requires Anthropic to do what it did, no framework that ensures the next lab acts the same way, and no mechanism to replicate this response.