The Wall Street Journal reports that Anthropic has launched Project Glasswing, giving select firms including CrowdStrike, Microsoft, Apple, and Google access to a Claude Mythos2 preview model for defensive cybersecurity.
The model reportedly uncovered thousands of severe vulnerabilities in major operating systems and browsers, changing the scale and speed of software defence permanently.
Project Glasswing represents a new category of AI application — autonomous security auditing at a scale and speed that no human team could match. In its first week of deployment, the system identified 2,847 previously unknown vulnerabilities across Windows, macOS, Chrome, and Firefox.
Of these, 127 were classified as 'critical' — meaning they could allow remote code execution without user interaction. Microsoft and Apple have already begun issuing patches for the most severe findings.
Anthropic's approach is noteworthy for its emphasis on responsible disclosure. The company established a coordinated disclosure framework before launching the project, ensuring that all vulnerabilities are reported to affected vendors before being catalogued.
The cybersecurity industry is watching closely. If autonomous AI vulnerability detection becomes standard, it could fundamentally change how software is secured — shifting from reactive patching to proactive prevention.