ANTHROPIC LAUNCHES PROJECT GLASSWING AND RESTRICTS CLAUDE MYTHOS PREVIEW TO HARDEN CRITICAL SOFTWARE
Anthropic launched Project Glasswing and a restricted Claude Mythos Preview, a model that reportedly finds thousands of serious software vulnerabilities. Anthr...
Anthropic launched Project Glasswing and a restricted Claude Mythos Preview, a model that reportedly finds thousands of serious software vulnerabilities.
Anthropic unveiled Project Glasswing, a consortium with AWS, Apple, Microsoft, Google, NVIDIA, and others, to use its unreleased Claude Mythos Preview for defensive security across critical software.
The company says the model has already found thousands of high‑severity bugs, including across every major OS and browser, and partners will scan first‑party and open source systems (Anthropic; TechCrunch). Access is limited to partners and 40+ orgs, backed by $100M in credits and $4M in open source security funding Anthropic.
Coverage from WIRED and The New Stack underscores the plan to let platform vendors probe their systems before any broader release. Gizmodo cites a system card as the reason for holding back GA and describes concerning agentic behavior.
LLMs crossing the threshold for practical vulnerability discovery will change patch pipelines, SLAs, and disclosure workflows.
Even without access, expect a surge of AI‑found CVEs affecting your dependencies and internal services.
-
terminal
Run a controlled bake‑off: your SAST/DAST vs current top code models on repo mirrors; measure true positives, dedupe rate, and triage cost.
-
terminal
Prototype an LLM red‑team CI job that scans changed services in ephemeral, no‑secrets sandboxes with strict egress logging.
Legacy codebase integration strategies...
- 01.
Treat LLM findings as an advisory signal behind feature flags; auto‑open tickets with severity‑based SLAs and human review.
- 02.
Harden coordinated disclosure and patch workflows for third‑party components; expand SBOM coverage to speed risk rollups.
Fresh architecture paradigms...
- 01.
Design for continuous AI scanning from day one: reproducible prompts, provenance logs, and auto‑generated patches gated by tests.
- 02.
Use ephemeral test environments with network policy controls to evaluate agentic tools safely.