Anthropic Enlists Hyperscalers, Security Giants to Secure Critical Software Infrastructure With AI

Anthropic launched a massive cross-industry initiative April 8, named Project Glasswing, enlisting hyperscale cloud leaders Amazon Web Services, Google, and Microsoft and other major technology providers, and security firms, to shield the world’s most critical software from a new era of AI-powered cyberattacks.

The coalition will deploy a specialized frontier AI model, Claude Mythos Preview, to autonomously identify and patch vulnerabilities in the operating systems, web browsers, and open-source codebases that underpin global banking systems, power grids, and national security infrastructure.

“Claude Mythos Preview is a general-purpose, unreleased frontier model that reveals a stark fact: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” Anthropic said.

Claude Mythos Preview derives its name from the Ancient Greek for “utterance” or “narrative”- “the system of stories through which civilizations made sense of the world,” according to Anthropic. The model has demonstrated the ability to detect thousands of previously unknown software vulnerabilities, including long-standing zero-day flaws across operating systems and browsers.

To counter the threat of these capabilities falling into the wrong hands by releasing the model publicly, Anthropic is providing controlled access to the Project Glasswing partners, which also includes, Apple, Broadcom, Cisco, CrowdStrike, JPMorgan Chase, the Linux Foundation, NVIDIA, and Palo Alto Networks, alongside over 40 additional organizations maintaining critical infrastructure.

These partners will use the model as part of defensive security efforts, scanning both first-party and open-source systems to identify weaknesses before they can be exploited.

The urgency of such efforts is reflected in broader industry data. The global average cost of a data breach stands at $4.4 million, while 97% of organizations report AI-related security incidents without proper access controls and 63% lack formal AI governance, according to IBM’s latest Cost of a Data Breach Report. At the same time, organizations using AI extensively in security see average savings of $1.9 million, highlighting both the risk and potential of AI-driven defense.

Hyperscalers Anchor AI-Driven Security Across Enterprise Infrastructure

Project Glasswing marks a shift in how AI is being applied within enterprise environments. Instead of focusing on application-level use cases, the initiative targets the foundational software layers that enterprise systems depend on.

Anthropic said the project is named after the glasswing butterfly (Greta oto), whose transparent wings both hide it in plain sight – like hard-to-detect vulnerabilities – and help it evade harm, reflecting the transparency the company is advocating in its approach.

In preliminary testing, Mythos Preview identified several long-standing flaws that had escaped decades of human review, including:

• A 27-year-old vulnerability in OpenBSD, an operating system known for its extreme security hardening, and is used to run firewalls and other critical infrastructure.
• A chain of vulnerabilities in the Linux kernel that allowed an attacker to gain complete control over a machine starting from ordinary user access. For context, the Linux kernel is the software that runs most of the world’s servers. It is also the foundation of cloud infrastructure, Android phones, and supercomputers.

The participation of the world’s largest hyperscalers is central to Project Glasswing’s reach. By making Claude Mythos Preview available through platforms like Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry, the initiative taps into the core infrastructure where modern enterprise software resides.

These cloud giants oversee the foundational layers of the digital economy. Amy Herzog, vice president and CISO at Amazon Web Services, emphasized that security is a “continuous” process embedded from “custom silicon up through the technology stack,” noting that AWS already analyzes over 400 trillion network flows daily for threats – providing a massive-scale environment for testing AI-driven defensive strategies.

Beyond basic applications, the initiative focuses on the high-stakes software that runs global banking systems, logistics networks, and medical record databases.

Partners will use Claude Mythos Preview for tasks such as vulnerability detection, penetration testing, endpoint security, and black-box testing of software systems. These activities are aimed at securing what Anthropic describes as a significant portion of the world’s shared cyberattack surface.

Anthropic has committed up to $100 million in usage credits to support the initiative, along with $4 million in funding for open-source security organizations. This financial backing underscores the scale and urgency of the effort as AI-driven cyber capabilities continue to evolve.

Controlled Deployment Reflects Dual-Use Risks Of Frontier AI

Anthropic said it is working closely with industry and government stakeholders to assess both the defensive and offensive implications of such models, and has chosen not to release Claude Mythos Preview publicly due to its advanced capabilities.

Instead, the model is being deployed in a controlled environment through Project Glasswing to give defenders a head start in securing systems.

By enabling early access for trusted partners, Anthropic aims to accelerate the identification and remediation of vulnerabilities across critical systems before such capabilities can be misused.