Anthropic is expanding its security initiative, Project Glasswing. Following an initial group of approximately 50 participants, another 150 organizations will now gain access to Claude Mythos Preview, an AI model specifically designed to detect software vulnerabilities.
The new participants come from more than fifteen countries and operate in sectors such as energy, water management, healthcare, communications, and hardware. According to the Financial Times, NATO and the European cyber agency ENISA have also been granted access to the program. Many participants manage software or infrastructure on which large numbers of users depend.
Project Glasswing launched earlier this year with a limited group of organizations, including major technology companies. Since then, Claude Mythos Preview has detected more than 23,000 software vulnerabilities, according to Anthropic, reports SiliconANGLE. More than a quarter of these were classified by the model as severe or critical.
Anthropic then conducted a manual review of 1,752 of these severe findings. It turned out that 90.6 percent actually met that classification. According to the company, this indicates a relatively high level of accuracy for the system.
Anthropic is intentionally limiting the availability of Claude Mythos Preview. This is because the model can not only detect security vulnerabilities but also analyze how attackers could exploit them. In some cases, it can also link multiple vulnerabilities to form a potential attack scenario. These are tasks that many publicly available language models still struggle with.
Participants are now using the model not only to find problems but also to develop patches. Additionally, the technology is being used to check new code for weaknesses even before it goes into production.
According to Anthropic, this shifts the biggest challenge in cybersecurity from finding vulnerabilities to assessing, reporting, and fixing them. AI can accelerate that process, but it also requires new ways of working within development and security teams.
New tools
The experiences within Project Glasswing have also led to the development of a so-called threat model builder. This tool helps AI systems prioritize the most high-risk parts of a codebase during security scans. Anthropic has now made the tool available to some of its customers, along with other techniques developed during the program.
Not everyone is convinced by the chosen approach. According to SiliconANGLE, Justin Beals, founder of security firm Strike Graph, warns that a controlled rollout does not in itself guarantee security. He argues that organizations gaining access to powerful cyber models could themselves become attractive targets for attackers.
Anthropic plans to further expand Project Glasswing in the coming period to include additional critical infrastructure operators, open-source projects, and security researchers. In addition, the company is investigating how AI can be used to fix vulnerabilities in open-source software more quickly and report them more effectively to project managers.