Project Glasswig

Backgrounder:

Late last year, Anthropic said that state-sponsored Chinese hackers had used its artificial intelligence (AI) technology in an effort to infiltrate the computer systems of roughly 30 companies and government agencies around the world. The company said it was the first reported case of a cyberattack in which AI technologies had gathered sensitive information with limited help from human operators.

As Anthropic and its chief rival, OpenAI, prepare to release new and more powerful AI systems, cybersecurity experts are increasingly vocal in their warnings that AI is fundamentally changing cybersecurity. AI technology could allow hackers to identify security holes in computer systems far faster than in the past, vastly raising the stakes in the decades-long fight between hackers and the security experts guarding computer networks. As hackers deploy AI to break and steal, security experts are also leaning on AI to spot flaws in their systems — including some that had gone unnoticed for decades.

“This is the most change in the cyber environment, ever,” said Francis deSouza, the chief operating officer and president of security products at Google Cloud. “You have to fight A.I. “This is the most change in the cyber environment, ever,” said Francis deSouza, the chief operating officer and president of security products at Google Cloud. “You have to fight AI with AI.”

Hackers have used AI chatbots to draft phishing emails and ransom notes, cybersecurity experts said. Others have used AI to parse large quantities of stolen data and determine what information might be valuable. Without help from AI attackers could sometimes break into computer networks within minutes, Mr. deSouza said, but with the help of AI breaches can take just seconds. Some hackers specialize in breaking into systems and then selling off their access to other attackers. Those handoffs used to take as much as eight hours, as hackers negotiated the sales and passed along the compromised entry points, deSouza added. Now that process has accelerated to about 20 seconds, he said, with hackers sometimes using A.I. agents to speed up the process.

Some experts argue that the guardrails added by companies like Anthropic and OpenAI can actually provide an advantage to malicious attackers. Guardrails could cause an AI chatbot to deny help to a user trying to defend a system from an attack, they argue, but persistent hackers could be more diligent about finding vulnerabilities — and keeping those tricks to themselves.

In February, Anthropic said it had used its A.I. technologies to find over 500 so-called zero-day vulnerabilities — security holes that were unknown to software makers — in various pieces of commonly used open source software. The next month, a researcher at Anthropic revealed that he had used A.I. to find a serious security vulnerability in the core of the Linux operating system, which is software that powers much of the internet and is used in computer servers, cloud computing services, Android phones and Teslas. The bug had existed, apparently undiscovered, since 2003.

Project Glasswing Overview:

Anthropic has announced Project Glasswing – a new initiative that brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks – in an effort to secure the world’s most critical software.

The fast growing AI private company has found that AI models (like its own Claude) have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities. Their Mythos Preview language model has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser.

Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout—for economies, public safety, and national security—could be severe. Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes.

The Project Glasswig partners will use Mythos Preview as part of their defensive security work. Anthropic will share what they learn so the entire IT industry can benefit. They have also extended access to a group of over 40 additional organizations that build or maintain critical software infrastructure so they can use the model to scan and secure both first-party and open-source systems.

Anthropic is committing up to $100M in usage credits for Mythos Preview across these efforts, as well as $4M in direct donations to open-source security organizations.

Project Glasswing Core Objectives:

Give Defenders a Head Start: The initiative aims to use Mythos’s capabilities to find and fix zero-day vulnerabilities in critical codebases before they can be discovered by malicious actors.
Secure Critical Infrastructure: Partners use the model to scan first-party systems and open-source software that underpin global banking, energy, and logistics networks.
Modernize Defense Practices: Anthropic is collaborating with partners to evolve security workflows, such as patching and disclosure processes, to match the “machine speed” of AI-driven vulnerability discovery.

Claude Mythos Capabilities:

The Glasswing initiative was formed after Anthropic researchers observed that the Mythos model had reached a threshold where its reasoning and coding skills surpassed all but the most skilled human security researchers.

Zero-Day Discovery: In early testing, the model autonomously found thousands of high-severity vulnerabilities, including a 27-year-old bug in OpenBSD and a 16-year-old flaw in FFmpeg code that had been scanned by automated tools millions of times without detection.
Performance Benchmarks: Mythos Preview scored 83% on the CyberGym cybersecurity benchmark, significantly outperforming previous models like Claude Opus.