How Anthropic Plans to Enhance Business Cybersecurity

When Anthropic's Claude Mythos Preview revealed thousands of high-severity vulnerabilities in every major operating system, the industry quickly understood the implication.

The superior vulnerability detection capability of AI can sow unprecedented destruction in the hands of bad actors.

Hence, Anthropic has pulled back the curtain on Project Glasswing – an ambitious effort to protect critical software from a new generation of cyber risks driven by AI.

For business leaders, this development could represent both a wake-up call and an opportunity to rethink enterprise security strategies.

This coalition brings together major industry players including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks.

The move reflects growing urgency across the tech sector and could signal a broader shift in how enterprises approach digital infrastructure protection.

As AI systems become more capable, they are not only strengthening defences but also lowering the barrier for sophisticated cyber attacks.

"Glasswing is built around Claude Mythos Preview, our new limited-release frontier model, which has so far found thousands of zero-day vulnerabilities – including some that survived decades of human review – spanning every major operating system and browser," writes Daniela Amodei, President at Anthropic, on LinkedIn.

"AI cyber capabilities at this level will proliferate in the near term, and not every actor who gets access to them will be focused on defense. That's the gap Glasswing is built to close.

"Cyber defence at this scale is a team effort. Frontier labs, software companies, security researchers, open-source maintainers and governments all working together is how defenders will stay ahead."

Commercial implications of AI vulnerability detection

At the core of Glasswing is the vulnerability discovery capabilities of Claude Mythos Preview.

A testament to its effectiveness is its uncovering of a 27-year-old vulnerability in OpenBSD – an operating system used to run firewalls and other critical infrastructure due to its reputation of being the most security-hardened OS in the world.

The bug allowed an attacker to remotely crash any machine running OpenBSD simply by connecting to it.

Another major vulnerability was discovered in FFmpeg, which is used to encode and decode videos.

Linux kernel, which runs most of the world's servers, also had flaws that would enable an attacker to take complete control over the machine.

For enterprises relying on these systems, the discoveries highlight potential exposure points that could have resulted in significant operational and financial damage.

"The more capable AI becomes, the more security it needs," notes George Kurtz, President, CEO and Founder of CrowdStrike. That's why Anthropic chose CrowdStrike as a founding member of their security coalition for Claude Mythos Preview.

"AI is creating the largest security demand driver since the enterprises moved to the cloud. Claude Code is changing how people use computers. OpenClaw is set to reshape how enterprises automate.

"Mythos may be the most capable frontier model yet. It won't be the last. All of these AI innovations meet enterprises at the endpoint. That's where they access data, make decisions and also create risk."

Strategic investment in cyber defence

Anthropic has committed US$100m in model usage credits to Project Glasswing and additional participants in the effort to secure critical software. 

The AI giant is also donating US$4m to open-source security organisations to support the cause.

This level of financial commitment could indicate the scale of commercial risk the company perceives in the current threat landscape.

Anthropic notes: "Although the risks from AI-augmented cyber attacks are serious, there is reason for optimism: the same capabilities that make AI models dangerous in the wrong hands make them invaluable for finding and fixing flaws in important software.

"Project Glasswing is an important step toward giving defenders a durable advantage in the coming AI-driven era of cybersecurity."

The investment strategy demonstrates how technology leaders are prioritising security infrastructure as AI capabilities advance.

By allocating substantial resources to both commercial partners and open-source communities, Anthropic is creating a multi-layered approach to vulnerability management that extends beyond traditional enterprise boundaries.

For organisations evaluating their own security budgets, the scale of Anthropic's commitment could serve as a benchmark for the level of investment required to address AI-driven threats effectively.

Preparing enterprises for AI-driven threats

Project Glasswing is as much about preparation as it is about prevention.

By giving organisations early access to advanced tools like Claude Mythos Preview, Anthropic is creating a window to identify and fix vulnerabilities before similar capabilities become widely available.

This proactive approach could offer participating businesses a competitive advantage in securing their operations.

"AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats and there is no going back," says Anthony Grieco, SVP and Chief Security and Trust Officer at Cisco.

"Our foundational work with these models has shown we can identify and fix security vulnerabilities across hardware and software at a pace and scale previously impossible.

"That is a profound shift and a clear signal that the old ways of hardening systems are no longer sufficient.

"Providers of technology must aggressively adopt new approaches now and customers need to be ready to deploy. That is why Cisco joined Project Glasswing – this work is too important and too urgent to do alone."

Through collaboration, controlled deployment and sustained investment, Anthropic is betting that the best defence against powerful AI is better AI.

For business leaders, the initiative could represent a blueprint for how strategic partnerships and technology investment can address emerging enterprise risks.

The broader implication for enterprises is clear: waiting for threats to materialise before investing in advanced security capabilities may no longer be a viable strategy in an AI-accelerated threat landscape.