product updateApple

Apple, Google, Microsoft join Anthropic's Project Glasswing to find critical software vulnerabilities

TL;DR

Twelve major technology companies—including Apple, Google, Microsoft, Amazon, and Nvidia—have launched Project Glasswing, a coordinated effort to identify and patch critical software vulnerabilities using Anthropic's unreleased Mythos Preview model. The initiative discovered thousands of zero-day vulnerabilities in mission-critical software, including a 27-year-old bug in OpenBSD and a 16-year-old vulnerability in widely-used video software that automated testing tools had missed.

2 min read
0

Project Glasswing: Twelve Tech Rivals Unite to Defend Critical Infrastructure

Twelve major technology companies have announced Project Glasswing, a coordinated cybersecurity initiative that deploys Anthropic's unreleased Mythos Preview model to identify thousands of zero-day vulnerabilities in the world's most critical software systems before adversaries exploit them.

The Coalition

Participants include Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. The coalition is investing $4 million in direct donations and $150 million in Claude usage credits—a commitment that signals the existential nature of the threat.

What Mythos Preview Discovered

According to Anthropic, the unreleased Mythos Preview "general-purpose frontier model" with strong agentic coding and reasoning capabilities identified thousands of zero-day vulnerabilities in recent weeks. Many are critical and difficult to detect through conventional means.

Key findings include:

  • A 27-year-old vulnerability in OpenBSD, an operating system renowned for security
  • A 16-year-old vulnerability in widely-used video software that automated testing tools had analyzed 5 million times without detection
  • Vulnerabilities present in core mission-critical software deployed for 10-20 years undetected

The Accelerating Threat Timeline

CrowdStrike CTO Elia Zaitsev described the compressed attack window: "The window between a vulnerability being discovered and being exploited by an adversary has collapsed. What once took months now happens in minutes with AI."

This compression—from months to minutes—represents a fundamental shift in cybersecurity dynamics that motivated competitors to collaborate rather than compete.

Why These Rivals Are Cooperating

The willingness of fierce competitors to share intellectual property and unreleased models indicates the threat has moved from competitive risk to mutual infrastructure vulnerability. Cisco's Anthony Grieco stated: "AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back."

The involvement of foundational infrastructure companies—Linux Foundation, Cisco, Broadcom—underscores that this addresses shared dependencies across the entire technology ecosystem. Modern civilization relies on networked digital infrastructure, much of it built on open-source software created by individual developers.

Strategic Restrictions on Mythos Preview

Anthropic confirmed it will not make Mythos Preview generally available, citing weaponization concerns. The model was not trained specifically for cybersecurity but demonstrated unexpected capability in identifying subtle vulnerabilities that eluded conventional security testing.

The strategic distribution of $150 million in usage credits ensures participating companies can deploy the model against their own critical systems while preventing its use by potential adversaries.

What This Means

Project Glasswing represents a rare moment of forced cooperation among competitors facing a common existential threat. The discovery of ancient, critical vulnerabilities undetectable by gold-standard automated testing confirms that AI-powered vulnerability detection has fundamentally altered the cybersecurity landscape. The 5-million-times-analyzed vulnerability in video software suggests conventional security approaches have reached their limits. For enterprise infrastructure operators, this signals both urgent vulnerability patching requirements and the reality that closed-circle collaboration rather than public disclosure now characterizes critical infrastructure defense.

Related Articles

product update

AWS to Release Anthropic's Claude Fable 5 on Bedrock with Cybersecurity Guardrails

Amazon Web Services announced it will make Anthropic's Claude Fable 5 models available on Bedrock starting tomorrow, featuring guardrails designed to prevent cybersecurity misuse. When guardrails are triggered, the system automatically falls back to Claude Opus 4.8.

product update

US lifts export restrictions on Anthropic's Mythos and Fable models after compliance agreement

The US government has removed export restrictions on Anthropic's Mythos and Fable models, ending a ban that forced the company to cut off public access on June 12. Anthropic will begin restoring access on July 1 after agreeing to proactively detect security risks and coordinate with the US government on protocols for current and future model releases.

product update

AWS Ships Multi-Turn RL Infrastructure for Amazon Nova on SageMaker HyperPod

AWS has released infrastructure for deploying multi-turn reinforcement learning to train Amazon Nova models on SageMaker HyperPod. The system requires a minimum of 10 ml.p5.48xlarge instances and costs approximately $786-$1,180 per hour when running.

product update

Anthropic Launches Claude Desktop App for Linux, Local AI Integration Fails

Anthropic has released an official Linux desktop app for Claude, bringing feature parity with macOS and Windows versions. However, the app currently fails to reliably connect to locally-installed AI models like Ollama, limiting Linux users to cloud-based Anthropic plans.

Comments

Loading...