American artificial intelligence company Anthropic recently announced the launch of Project GlassWing, an initiative designed to evaluate the real-world implications of next-generation AI models such as Claude Mythos.
We’ve now crossed a tipping point where AI can match or exceed human experts in finding and exploiting vulnerabilities.
Rather than making these capabilities widely available, the model has been released in a controlled setting to select leading organizations, enabling them to test, assess, and strengthen the security of critical systems before broader adoption.
Claude Mythos Preview is a general-purpose, unreleased frontier model that reveals a stark fact: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.
Initial participating organizations include Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
Anthropic also extended access to a group of over 40 additional organizations that build or maintain critical software infrastructure, enabling them to use the model to scan and secure both first-party and open-source systems.
The real breakthrough is not just detection but automated exploit chaining, a capability previously limited to elite security researchers.
As part of Project Glasswing, the launch partners listed above will use Mythos Preview as part of their defensive security work; Anthropic will share what we learn so the whole industry can benefit.
Project GlassWing represents a major turning point in cybersecurity: AI can now rival and even surpass highly skilled human experts in discovering and exploiting software vulnerabilities. AI models like Claude Mythos have already:
- Identified thousands of high-severity vulnerabilities
- Discovered flaws that existed for decades undetected
- Demonstrated the ability to chain multiple weaknesses into full exploits
Mythos Preview is capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web browser when directed by a user to do so.
What This Means for Your Organization
Project GlassWing signals a fundamental shift: AI is no longer just supporting cybersecurity; it is redefining it.
1. Vulnerability Risk Is Increasing Faster Than Your Ability to Manage It
AI models like Claude Mythos can now:
- Discover vulnerabilities at scale
- Identify long-standing flaws across critical systems
- Generate exploit pathways
This dramatically reduces the time between:
- Vulnerability discovery
- Active exploitation
What this means:
Your organization must assume that vulnerabilities will be:
- Found faster
- Exploited faster
- At a greater scale than ever before
2. Security Must Move to Continuous, Not Periodic
Project GlassWing emphasizes proactive discovery:
- Finding and fixing vulnerabilities before public release
This reflects a new model:
- Continuous scanning
- Real-time remediation
- AI-assisted defense
What this means:
Traditional approaches like:
- Quarterly scans
- Periodic penetration testing
Are no longer sufficient.
3. Your Legacy Systems Are Now High-Risk
AI has already uncovered:
- Decades-old vulnerabilities
- Flaws missed by human experts and automated tools
Older systems are especially exposed.
What this means:
If your organization relies on:
- Legacy applications
- Unreviewed codebases
Your risk profile has increased significantly overnight.
4. AI Is Both a Defensive Tool and an Offensive Weapon (“dual-use” problem)
The same capabilities that help defenders:
- Can be used by attackers
- Will likely become widely available over time
What this means:
You are no longer defending against:
- Human-speed attackers
But against:
- AI-accelerated attackers operating at scale
Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely.
5. Cybersecurity Is Now an Ecosystem Problem
Project GlassWing brings together:
- Major tech companies
- Financial institutions
- Open-source communities
What this means:
Security now depends on:
- Supply chain visibility
- Open-source risk management
- Industry collaboration
Project GlassWing shows that the future of cybersecurity will not be defined by better tools but by how quickly organizations adapt to AI-driven risk.
AI is accelerating both vulnerability discovery and exploitation, shrinking the window between risk and impact.
At Reputiva, we help organizations secure cloud and AI-driven environments across AWS, Azure, and GCP, with a focus on visibility, identity security, and continuous risk management.
Start with a Cloud & AI Security Assessment to identify vulnerabilities, reduce exposure, and build a security posture that can keep up with AI-driven threats.
