Expanding Project Glasswing
Anthropic is significantly expanding its 'Project Glasswing' initiative, providing its advanced AI model, Claude Mythos Preview, to 150 new organizations for cybersecurity vulnerability detection. This move sparks debate on HN, with many commenters questioning whether the limited release is a genuine safety precaution or a clever marketing and scarcity strategy. The discussion highlights the fine line between pioneering AI defense and perceived corporate maneuvering in the high-stakes AI race.
The Lowdown
Anthropic has announced the expansion of Project Glasswing, their collaborative effort to secure critical software using AI. Following an initial phase with 50 partners, the program is now extending access to Claude Mythos Preview to approximately 150 additional organizations across various crucial sectors and 15+ countries.
- Initial Project Glasswing partners have already identified over 10,000 high or critical-severity security flaws using Claude Mythos Preview.
- The new cohort includes vital industries like power, water, healthcare, communications, and hardware, as well as vendors whose codebases are widely used.
- Anthropic's stated long-term goals are to make all software more secure with AI and help the industry adapt to rapidly advancing cyber capabilities.
- They warn that powerful, fast AI models capable of cyberattacks are imminent, necessitating a swift adaptation by cyberdefenders.
- To support this, Anthropic has released 'Claude Security,' a product using public frontier models, and is offering Glasswing's proprietary tools to trusted security teams.
- The company aims to evolve its support from just finding vulnerabilities to accelerating their disclosure, patching, and deployment of fixes.
- Anthropic acknowledges the challenge of safely releasing Mythos-level capabilities more broadly due to the dual-use nature of cyber AI and the need for robust safeguards.
This expansion represents a strategic step for Anthropic in shaping the future of AI-powered cybersecurity, positioning itself as a leader in both developing powerful models and navigating their responsible deployment.
The Gossip
Marketing & Mythos Mysteries
Many commenters expressed strong skepticism about Anthropic's limited release of the Mythos model, viewing it primarily as a sophisticated marketing strategy. The consensus among these critics is that Anthropic is creating hype and artificial scarcity to onboard major enterprise clients, consolidate market share, or even to buy time to scale their compute capacity. Others debated whether this approach is a 'genius' business tactic, regardless of its underlying sincerity, while some pointed to similar 'hype' strategies by companies like IBM in the past.
Capability Conundrums & Cost Concerns
The discussion delved into the actual capabilities of Mythos compared to other models, including OpenAI's GPT-5.5-Cyber. Some questioned if Mythos offers qualitative improvements over Anthropic's public Opus models or if the 'scarcity' is due to high operational costs rather than ethical concerns. Commenters debated how AI models can chain vulnerabilities into exploits, the efficiency of AI in finding bugs versus human teams, and the substantial cost associated with running these large models for extensive codebase analysis, especially when requiring multiple 'runs' and elaborate 'harnesses' to be effective.
Societal Security & Social Engineering
A significant theme was the broader impact of advanced AI on cybersecurity, extending beyond technical vulnerabilities to societal risks. Concerns were raised about the potential for AI models to become highly effective at social engineering, leading to a breakdown of trust in institutions and the need for new authentication methods. There was also discussion on memory safety, with one user sharing their personal projects to port common web infrastructure to Rust using AI agents, highlighting a proactive defensive use of AI in software development.