Project Glasswing: Protecting essential software for the age of AI

Identifying vulnerabilities and exploits with Claude Mythos Preview

Recently, Claude Mythos Preview has been instrumental in uncovering numerous zero-day vulnerabilities—those previously unknown to developers—across major operating systems, web browsers, and other vital software. Some of these vulnerabilities are quite serious.

In our post, specifics regarding a selection of patched vulnerabilities are discussed, including methods to potentially exploit some identified by Mythos Preview. Notably, this process of identifying and developing exploits for many of the vulnerabilities was carried out entirely automatically, without human involvement. Here are three noteworthy examples.

• Mythos Preview identified a vulnerability dating back 27 years in OpenBSD, renowned as one of the most secure operating systems, commonly used for firewalls and critical infrastructure. This flaw enables remote crashes just by connecting to the system running OpenBSD.
• A 16-year-old vulnerability in FFmpeg, which plays a key role in video encoding and decoding for various applications, was also found. It lay hidden in a code segment that automated testing tools overlooked, even after five million tests.
• This model autonomously linked several vulnerabilities within the Linux kernel, a core component that supports most of the world’s servers, allowing attackers to elevate their access from a normal user level to complete machine control.

These vulnerabilities have been reported to the appropriate software administrators, and fixes have been implemented. For additional vulnerabilities, we are providing cryptographic hashes of their details today (see Red Team blog) and will share further specifics once the necessary fixes are in place.

Evaluation benchmarks like CyberGym reveal marked distinctions between Mythos Preview and the next leading model, Claude Opus 4.6.

Alongside our own findings, many partners have been exploring Claude Mythos Preview for several weeks. Their results are noteworthy:

The impressive capabilities of Claude Mythos Preview stem from its effective coding and reasoning skills. Evaluation results indicate that this model scores higher than any other developed thus far on various software coding tasks.

For more on the model’s functionality, safety, and characteristics, please refer to the following pages: Claude Mythos Preview System Card.

While there are no plans to make Claude Mythos Preview publicly available, the ultimate aim is to enable safe, large-scale deployment of Mythos class models, not just for cybersecurity, but for a range of other beneficial applications. This involves enhancing cybersecurity measures and other safeguards to identify and prevent the most dangerous model outputs. Future Claude Opus models will include improved protections, refining measures for models not posing the same risks as the Mythos Preview.

Project Glasswing Plan

This announcement marks the start of a long-term initiative. Achieving success requires extensive collaboration within and outside the tech industry.

Partners in Project Glasswing will access Claude Mythos Preview to help locate and address vulnerabilities in systems, covering a significant portion of the global cyber attack surface. The focus will include local vulnerability detection, binary black box testing, endpoint protection, and system penetration testing.

Anthropic is committing $100 million in model usage credits to Project Glasswing and additional participants to support extensive use during this research preview. The Claude Mythos Preview will later be made available to participants at $25 or $125 per million input/output tokens (participants will use the Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and models on Microsoft Foundry).

In addition to the model usage credits, we donated $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation and $1.5 million to the Apache Software Foundation to help open-source maintainers adapt to this evolving landscape.

We plan to broaden this effort and continue for several months, sharing insights to help other organizations apply these lessons to their security. Partners will exchange information and best practices as possible. Within 90 days, Anthropic will publicly report what we’ve learned, including any fixed vulnerabilities or improvements that can be disclosed. Additionally, we will collaborate with key security organizations to formulate practical recommendations on how security practices should adapt in the era of AI, which may involve:

• Vulnerability disclosure process.
• Software update process.
• Open source and supply chain security.
• Software development lifecycle and secure by design practices.
• Regulated industry standards.
• Prioritize scaling and automation.
• Automate patching.

Anthropic is also in ongoing discussions with U.S. government officials regarding the Claude Mythos Preview and its cyber capabilities. Ensuring the protection of critical infrastructure is a significant national security priority for democracies. These burgeoning cyber capabilities further emphasize the need for the U.S. and its allies to maintain leadership in AI technology, with government involvement crucial for assessing and alleviating risks associated with AI models. We are prepared to collaborate with local, state, and federal representatives to support these initiatives.

We aim for Project Glasswing to serve as a foundation for broader efforts across the industry and public sector, aiding all stakeholders in addressing major security questions relating to robust models. We encourage other AI industry members to help establish industry standards. In the medium term, independent third parties that can unites private and public entities may be ideal for continued large-scale cybersecurity projects.