AI can out-hack humans, warns Anthropic as it launches ‘Project Glasswing’ with Big Tech

Anthropic on Thursday launched a cybersecurity initiative with major technology and financial firms, warning that a new generation of artificial intelligence (AI) models can outperform most humans at discovering and exploiting software flaws.

The initiative, called Project Glasswing, brings together companies including Amazon Web Services, Apple, Microsoft, Google, NVIDIA and JPMorganChase.

“AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” Anthropic said in a statement.

The move follows internal testing of its unreleased system, Claude Mythos Preview, which the company said has already identified thousands of high-severity vulnerabilities across widely used software.

“Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser,” it said.

Anthropic warned that such capabilities could soon spread beyond controlled environments, increasing risks to critical infrastructure and global security.

“Given the rate of AI progress, it will not be long before such capabilities proliferate,” the company said, adding that “the fallout—for economies, public safety, and national security—could be severe.”

Project Glasswing will provide selected partners access to the model for defensive use, including vulnerability detection and penetration testing.

“Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes,” Anthropic said.

The company said the model had uncovered vulnerabilities that had gone undetected for years, in some cases decades, despite extensive testing.

Mythos Preview found a 27-year-old flaw in OpenBSD that could allow remote system crashes, a long-standing issue in FFmpeg, and multiple vulnerabilities in the Linux kernel that could be chained together to gain full system control.

Anthropic said the model was able to identify many of these issues “entirely autonomously, without any human steering.”

Cybersecurity experts have long warned that advances in AI could lower the barrier for launching sophisticated cyberattacks, even as the same tools can strengthen defenses.

“With the latest frontier AI models, the cost, effort, and level of expertise required to find and exploit software vulnerabilities have all dropped dramatically,” the company said. Anthropic said it would commit up to $100 million in usage credits and provide funding to open-source security efforts, including through the Linux Foundation and the Apache Software Foundation.

It added that more than 40 additional organisations responsible for critical software infrastructure would also receive access to the model.

Anthropic said it does not plan to release Claude Mythos Preview publicly due to safety concerns but aims to develop safeguards that would allow similar systems to be deployed more widely.

“No one organisation can solve these cybersecurity problems alone,” it said, calling for collaboration across industry, governments and researchers.

The company said it plans to publish findings from the initiative within 90 days and help develop new standards for securing software in an era of increasingly powerful AI.