Anthropic has released its first progress report on Project Glasswing, the ambitious cybersecurity initiative launched in April aimed at turning advanced AI into a powerful defensive weapon against AI-powered cyberattacks.
Powered by the unreleased Claude Mythos Preview model, the project has already produced impressive outcomes in its first month, uncovering more than 10,000 vulnerabilities across partner organizations.
The initiative represents a sophisticated acknowledgment of a growing reality in cybersecurity: as AI systems become more capable, the most effective defense may lie in deploying similarly advanced AI to hunt for weaknesses before malicious actors can exploit them.
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
Strong Results from Key Partners
The report highlights how Mythos Preview is outperforming traditional security methods in both speed and thoroughness. Most participating organizations have each identified hundreds of critical or high-severity vulnerabilities in their software using the model.
Notable examples include:
- Cloudflare discovered 2,000 bugs, with 400 classified as high or critical severity.
- Mozilla identified and fixed 271 vulnerabilities in Firefox — a tenfold increase compared to previous scans using an earlier Claude model.
- Microsoft has linked larger-than-usual patch releases to vulnerabilities uncovered through Mythos Preview.
Anthropic also conducted its own scans of 1,000 open-source projects, identifying 6,202 high- and critical-severity vulnerabilities out of a total of 23,019. One independent security research firm reportedly used the model to successfully breach macOS, chaining exploits in a system long considered among the most secure.
These results suggest Mythos Preview is operating at a level where it can systematically map and prioritize vulnerabilities far more efficiently than human-led teams, potentially shifting the balance in the cybersecurity arms race.
Despite the promising defensive applications, Anthropic has chosen not to release Mythos Preview to the general public. The company stated that no organization, including itself, has yet developed adequate safeguards to prevent such a powerful model from being misused for offensive purposes.
This measured approach aligns with Anthropic’s founding emphasis on responsible AI development and constitutional principles. The company plans to release “Mythos-class models” in the future once robust safeguards are in place. In the meantime, it is expanding Project Glasswing through partnerships with the U.S. government and other nations, signaling a strategic effort to strengthen ties with policymakers and position itself as a trusted partner in national security.
Current collaborators already include a formidable lineup: Amazon Web Services, Apple, CrowdStrike, Google, JPMorgan Chase, NVIDIA, and Palo Alto Networks, among others. This ecosystem of leading technology and security firms creates a powerful collaborative network for advancing AI-assisted defense capabilities.
Financial Strength Fuels Ambitious Safety Agenda
The progress on Project Glasswing arrives as Anthropic approaches its first profitable quarter since its founding in 2021. According to a recent Wall Street Journal report, the company is on track to generate $10.9 billion in revenue and an operating profit of $559 million for the quarter ending in June. However, Anthropic does not anticipate sustained profitability in subsequent quarters, as it plans to significantly ramp up investments in computing infrastructure, talent acquisition, and safety research.
This financial momentum provides Anthropic with greater flexibility to pursue long-term, high-impact initiatives like Glasswing without immediate commercial pressures, allowing the company to prioritize safety and societal benefit alongside technological advancement.
Project Glasswing is seen as an indication of a maturing understanding within the AI community that powerful models must be harnessed for defense as aggressively as they are developed for capability. The traditional asymmetry in cybersecurity, where attackers need only find one vulnerability while defenders must secure everything, is being challenged by AI systems that can comprehensively scan, prioritize, and even suggest fixes at scale.
Yet the dual-use nature of these tools remains the central tension. The same capabilities that empower defenders can, in the wrong hands, dramatically lower the barrier for sophisticated attacks. Anthropic’s decision to limit access while building trusted partnerships reflects a responsible path forward, but it also highlights the growing importance of governance frameworks for frontier AI in sensitive domains like cybersecurity.