Project Glasswing

Overview

Project Glasswing is Anthropic’s gated security-research program built around restricted access to Claude Mythos Preview. Rather than making Mythos Preview generally available, Anthropic limits its use to a consortium of 12 launch partners spanning hyperscalers, hardware vendors, security companies, financial institutions, and the Linux Foundation, with the explicit goal of using Mythos’s autonomous vulnerability-discovery capability to harden the world’s most critical software before that capability is released more broadly. The program includes ~$100M in Anthropic usage credits and $4M in direct donations to open-source security organizations.

Project Glasswing represents the first time a major US frontier lab has publicly declined to release a flagship model to the general public on safety grounds, using a partner-only deployment as the alternative to either full release or full embargo.

Launch Partners

• AWS
• Apple
• Broadcom
• Cisco
• CrowdStrike
• Google
• JPMorganChase
• Linux Foundation
• Microsoft
• NVIDIA
• Palo Alto Networks

(Anthropic itself coordinates the program.)

Timeline

• 2026-04-08-AI-Digest — Anthropic announces Project Glasswing and Claude Mythos Preview; partner list disclosed; Mythos Preview’s autonomous discovery and exploitation of the 17-year-old FreeBSD NFS root RCE (CVE-2026-4747) is highlighted as a proof point. Community reaction split: r/MachineLearning broadly supportive of the gated-release model; r/LocalLLaMA more skeptical about the asymmetric concentration of offensive capability.
• 2026-06-04-AI-Digest — Project Glasswing expansion: ~150 partner organizations now in the vulnerability-hunting program (across 15 countries), substantively widening the external-researcher base that gets pre-disclosure access to Claude-family weights and harnesses beyond the original 12-organization consortium. Lands alongside Anthropic’s year-one cyber-threats retrospective (832 banned accounts mapped to MITRE ATT&CK; medium-or-higher risk share 33% → 56% over the year) as a paired “telemetry + scaled partner program” picture.

Key Developments

1. Restricted-Release Precedent: First public commitment by a major frontier lab not to make a flagship-class model generally available.

2. Funding Structure: $100M in Anthropic usage credits plus $4M in cash donations to open-source security organizations underwrite the partner program.

3. Asymmetric Capability Question: The gated approach concentrates an offensive-research-grade capability in 12 organizations, raising debate over whether the eventual leak (when, not if) is a worse outcome than a controlled broader release would have been.

4. Partner-Base Expansion to ~150 Organizations Across 15 Countries (June 4, 2026): The original 12-organization consortium broadens by an order of magnitude. The substantive shift is the international footprint (15 countries) — Glasswing moves from US-centric Fortune-500-plus-Linux-Foundation toward a globally distributed external-researcher network. Pairs with the same-day Anthropic year-one cyber-threats retrospective (33% → 56% medium-or-higher risk share) as a “telemetry + scaled partner program” picture of where Anthropic’s first-party safety monitoring is going.