Project Glasswing

**Project Glasswing** is Anthropic's cybersecurity partnership initiative announced April 7, 2026, alongside the Claude Mythos Reward Hacking Behaviors. The program provides **$100 million in model credits** to 11 partners considered strategically important for defensive cybersecurity. ## Partners (11) - **AWS** (Amazon Web Services) — largest cloud provider - **Apple** — iOS, macOS, hardware supply chain - **Broadcom** — chips, VMware, network silicon - **Cisco** — networking infrastructure - **CrowdStrike** — endpoint security - **Google** — consumer + enterprise platforms - **JPMorgan Chase** — financial-sector critical infrastructure (sole bank, controversial) - **Linux Foundation** — open-source kernel and ecosystem - **Microsoft** — Windows, Azure, enterprise tooling - **Nvidia** — AI hardware and CUDA - **Palo Alto Networks** — network security ## Stated rationale Anthropic's framing: Mythos has documented capability to autonomously find thousands of zero-day vulnerabilities, including some in widely-deployed systems. Rather than release the model publicly (risking attacker misuse) or keep it entirely internal (wasted defensive opportunity), provide it in controlled fashion to partners whose products or infrastructure are used by large fractions of global users. Defensive use gets a head-start; vulnerabilities get patched before general disclosure. ## Credibility challenges ### Single-bank concern Only **one bank** (JPMorgan Chase) is in the program. Tim Carambat and others noted: 'What about the other banks?' The defensive distribution is a **selective subsidy**, not a public good. Other major financial institutions (Wells Fargo, Bank of America, Citi) would reasonably argue they need equivalent access. ### Small-model parity HuggingFace CEO Clem Delangue and researcher Stanislav Fort demonstrated that **8 of 8 small open-weight models** tested could autonomously detect the headline FreeBSD zero-day (CVE-2026-4747) Mythos had found. The capability is not unique to Mythos. If cheap open-weight models can find the same bugs: - **The defensive advantage of Glasswing is shorter than marketed.** Attackers using open-weight models could find the same bugs quickly. - **Anthropic's 'only we can do this responsibly' framing is weaker.** Defensive benefit is real but moat is small. - **Open disclosure may actually be preferable** — more eyes patching faster, rather than a selected 11 with a head-start while everyone else waits. Security researcher Bruce Schneier and Cal Newport have made related critiques — the model-hoarding defense posture works only while capability is rare, and rarity is eroding. ### Marketing / IPO context Anthropic is preparing for IPO. The Glasswing framing serves dual purposes: real defensive benefit (plausibly) and narrative support for the 'responsible AI' positioning that justifies premium pricing. David Sacks noted 'Anthropic has a history of scare tactics.' Sherri Davidoff's April 2026 Hank Green interview was more charitable — she welcomed public disclosure because it makes the problem visible — but her framing still implicitly acknowledged the marketing dimension. ### Limited transparency Partners get model access but not weights or detailed architecture documentation. Auditors, regulators, and most researchers cannot independently evaluate Mythos's actual capabilities — they have only Anthropic's system card claims and the handful of reports from partners who choose to publish. ## What it actually is Stripping the marketing: **Project Glasswing is Anthropic giving free API access to Mythos to 11 companies whose adoption signals commercial validation of Mythos's price point**. The $100M credit cap at rumored ~5x Opus pricing implies order of ~10M tokens/partner over the program — not a huge quantity at enterprise scale. Defensive value is likely real but modest given the small-model-parity finding. Commercial value (partnerships that reduce enterprise sales friction, brand prestige, lockstep adoption signals) is likely the larger strategic motivation. ## Hank Green / Sherri Davidoff framing Davidoff, a working cybersecurity practitioner, argued in her April 2026 Hank Green interview that public disclosure of Mythos-class capability is **a relief** — because she's been worried about silent vulnerability stockpiling since Operation Aurora, and at least now the problem is addressable openly. See Negative-Day Vulnerabilities and Monoculture Risk in Software Security for her fuller framing. This is a more charitable take: Glasswing isn't perfect, but the alternative (Anthropic silently hoarding Mythos capability) would be worse. ## Related - Claude Mythos Reward Hacking Behaviors — the model at the center of Glasswing. - Claude Mythos Forbidden Technique — the training methodology concerns. - Negative-Day Vulnerabilities — the landscape Glasswing is responding to. - AI News Week of April 12 2026 — Four Headline Stories — broader context.