Apple, Google, Microsoft join Anthropic's Project Glasswing to find critical software vulnerabilities

Project Glasswing: Twelve Tech Rivals Unite to Defend Critical Infrastructure

Twelve major technology companies have announced Project Glasswing, a coordinated cybersecurity initiative that deploys Anthropic's unreleased Mythos Preview model to identify thousands of zero-day vulnerabilities in the world's most critical software systems before adversaries exploit them.

The Coalition

Participants include Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. The coalition is investing $4 million in direct donations and $150 million in Claude usage credits—a commitment that signals the existential nature of the threat.

What Mythos Preview Discovered

According to Anthropic, the unreleased Mythos Preview "general-purpose frontier model" with strong agentic coding and reasoning capabilities identified thousands of zero-day vulnerabilities in recent weeks. Many are critical and difficult to detect through conventional means.

Key findings include:

• A 27-year-old vulnerability in OpenBSD, an operating system renowned for security
• A 16-year-old vulnerability in widely-used video software that automated testing tools had analyzed 5 million times without detection
• Vulnerabilities present in core mission-critical software deployed for 10-20 years undetected

The Accelerating Threat Timeline

CrowdStrike CTO Elia Zaitsev described the compressed attack window: "The window between a vulnerability being discovered and being exploited by an adversary has collapsed. What once took months now happens in minutes with AI."

This compression—from months to minutes—represents a fundamental shift in cybersecurity dynamics that motivated competitors to collaborate rather than compete.

Why These Rivals Are Cooperating

The willingness of fierce competitors to share intellectual property and unreleased models indicates the threat has moved from competitive risk to mutual infrastructure vulnerability. Cisco's Anthony Grieco stated: "AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back."

The involvement of foundational infrastructure companies—Linux Foundation, Cisco, Broadcom—underscores that this addresses shared dependencies across the entire technology ecosystem. Modern civilization relies on networked digital infrastructure, much of it built on open-source software created by individual developers.

Strategic Restrictions on Mythos Preview

Anthropic confirmed it will not make Mythos Preview generally available, citing weaponization concerns. The model was not trained specifically for cybersecurity but demonstrated unexpected capability in identifying subtle vulnerabilities that eluded conventional security testing.

The strategic distribution of $150 million in usage credits ensures participating companies can deploy the model against their own critical systems while preventing its use by potential adversaries.

What This Means

Project Glasswing represents a rare moment of forced cooperation among competitors facing a common existential threat. The discovery of ancient, critical vulnerabilities undetectable by gold-standard automated testing confirms that AI-powered vulnerability detection has fundamentally altered the cybersecurity landscape. The 5-million-times-analyzed vulnerability in video software suggests conventional security approaches have reached their limits. For enterprise infrastructure operators, this signals both urgent vulnerability patching requirements and the reality that closed-circle collaboration rather than public disclosure now characterizes critical infrastructure defense.