Anthropic just dropped something that sounds like a sci-fi plot but is very real. They’re announcing Project Glasswing, a coalition that includes Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The goal? Secure the world’s most critical software before AI-powered attackers make a mess of it.
The catalyst here is a new frontier model called Claude Mythos Preview. It’s unreleased, general-purpose, and according to Anthropic, it can already find and exploit software vulnerabilities better than all but the most skilled human experts. That’s not hyperboleu2014they claim it has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. That’s a lot of zero-days that survived decades of human review and millions of automated tests.
Now, here’s the part that makes this interesting: Anthropic is not just sounding the alarm. They’re putting money where their mouth is. They’re committing up to $100M in usage credits for Mythos Preview across these defensive efforts, plus $4M in direct donations to open-source security organizations. The launch partners will use the model for their own security work, and Anthropic says they’ll share what they learn so the whole industry benefits. They’ve also extended access to over 40 additional organizations that build or maintain critical software infrastructure.
I’ve been watching the cybersecurity space for a long time, and this is one of the rare moments where I think the industry is actually getting ahead of a problem instead of reacting to it. Usually, we see breaches, then patches, then blame. This time, they’re trying to use the same AI capabilities that could be weaponized against us to find and fix flaws before bad actors get their hands on similar tools.
The financial costs of cybercrime are already estimated at around $500B every year globally. That’s a lot of zeros. And with AI, the cost and expertise required to find and exploit vulnerabilities have dropped dramatically. What used to take a handful of elite security researchers months can now be done by a model in weeks. That’s both terrifying and, if you’re a defender, potentially game-changing.
Project Glasswing is not going to solve everything overnight. The software that runs our banking systems, medical records, power grids, and logistics networks is riddled with bugs. Some are minor, some are critical. The model has already proven it can find them. Now the question is whether the coalition can fix them faster than attackers can exploit them.
I appreciate that Anthropic is framing this as an urgent, collaborative effort rather than a product launch. They’re not pretending this is easy or that they have all the answers. They’re saying: we have this capability, it’s dangerous if misused, and we need everyoneu2014governments, open-source maintainers, security researchers, other tech companiesu2014to work together.
Will it work? I don’t know. But it’s a hell of a lot better than waiting for the first AI-powered cyberattack to take down a hospital or a power grid. And for once, the biggest names in tech are rowing in the same direction instead of competing. That alone is worth paying attention to.
Comments (0)
Login Log in to comment.
Be the first to comment!