Australia — 2026

A cyber attack
every six minutes.

And it's only accelerating.

Anthropic

Project
Glasswing.

An AI initiative reshaping cybersecurity.

Claude Mythos

10,000+ vulnerabilities.
Every major platform.

AWS · Apple · Google · Microsoft · Cisco · Nvidia · Broadcom · CrowdStrike · JPMorganChase

What it means for you

AI is rewriting
cybersecurity.

Here's what Australian businesses need to know.

Get in Touch

April 7, 2026

Project
Glasswing

The future of AI-driven cybersecurity.
10,000+ vulnerabilities found. Every major platform affected.

Scroll

01 — The Initiative

What is Project Glasswing?

Project Glasswing is a cybersecurity initiative announced by Anthropic on 7 April 2026. Its goal is to secure the world's most critical software and give defenders a durable advantage in the emerging AI-driven era of cybersecurity. At its centre is Claude Mythos Preview, a frontier AI model purpose-built to find software vulnerabilities at a scale and speed no human team can match.

The implications reach far beyond Silicon Valley. With a cyber incident now reported in Australia roughly every six minutes, the same AI capabilities that uncovered these flaws are reshaping how Australian organisations think about software risk. This page is an independent, plain-English explainer of what Anthropic announced, what the findings actually show, and what it means for businesses in our region.

What Claude Mythos actually is

Claude Mythos Preview is an unreleased, general-purpose frontier model that Anthropic describes as exceptionally capable at identifying software vulnerabilities. On the public CyberGym benchmark for vulnerability reproduction, Mythos Preview scored 83.1% — a substantial jump over Claude Opus 4.6's 66.6%. In practice, that means the model can read large, unfamiliar codebases, reason about how an attacker might break them, and reproduce working proofs of concept for flaws that automated scanners and human auditors had missed for years.

Because a tool this powerful could be misused, Anthropic kept Mythos Preview unreleased and gave access only to vetted partners under Project Glasswing, while it develops new safeguards for a future, safer Claude Opus model. The capability is the headline; the careful, gated rollout is arguably the more important part of the story.

The scale of the findings

The numbers are what make Project Glasswing unprecedented. According to Anthropic's initial update and subsequent reporting, Anthropic and its partners have used Mythos Preview to identify more than 10,000 high- or critical-severity vulnerabilities across the most systemically important software in the world.

In one structured study, Anthropic scanned over 1,000 open-source projects and surfaced 23,019 total issues, of which 6,202 were high- or critical-severity. Of a validated sample of 1,752 high- and critical-severity findings, more than 90% were confirmed as true positives — an unusually low false-positive rate for automated vulnerability discovery. Concrete examples disclosed by Anthropic include a 27-year-old flaw in OpenBSD, a 16-year-old vulnerability in FFmpeg, and multiple chained vulnerabilities in the Linux kernel — bugs that sat undetected through decades of human review.

The partner coalition

Anthropic did not publish these findings into the void. Project Glasswing launched with eleven named partners — Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks — alongside Anthropic itself. More than 40 additional organisations, reportedly including Cloudflare and Mozilla, were given access to find and fix weaknesses in their own foundational systems. Pairing the discovery capability with the vendors who actually maintain the affected software is what turns a research result into real-world remediation.

Responsible disclosure by design

Publishing 10,000 unpatched vulnerabilities at once would be a gift to attackers. To avoid that, Project Glasswing uses a cryptographic-hash disclosure model: for an unpatched flaw, Anthropic publishes only a hash of the details, and reveals the specifics only after a fix is in place. This lets Anthropic prove it found a given bug on a given date without handing adversaries a roadmap. Anthropic also committed $100 million in usage credits for partners using Mythos Preview and $4 million in direct donations to open-source security organisations — including $2.5M to Alpha-Omega and the OpenSSF and $1.5M to the Apache Software Foundation.

Why it matters for Australian businesses

The software named in these findings — operating systems, browsers, media libraries, the Linux kernel — runs inside almost every Australian business, government agency, and critical-infrastructure operator. When a wave of patches follows a disclosure like this, the organisations that update quickly are protected and the slow movers become the soft targets. For Australian teams already navigating the Security of Critical Infrastructure (SOCI) Act and tightening regulatory expectations, Project Glasswing is a preview of the new baseline: AI will find flaws faster than ever, and defence increasingly means patching and monitoring at the same speed. The practical takeaways are covered in depth across our cybersecurity blog, and the recommended security tools below are a sensible starting point for hardening your own environment.

Glasswing.com.au is an independent commentary site and is not affiliated with, endorsed by, or associated with Anthropic, PBC. All figures above are drawn from Anthropic's published materials and mainstream reporting, linked inline.

10,000+
High/critical vulnerabilities found
1,000+
Open-source projects scanned
$100M
Usage credits committed
11
Launch partners

Coalition

Industry Partners

AWS
Apple
Google
Microsoft
CrowdStrike
Cisco
JPMorganChase
Nvidia
Broadcom

Nine of the world's most influential technology companies have joined forces with Anthropic to address AI-discovered vulnerabilities at scale.

02 — Local Impact

What This Means for
Australian Businesses

A cyber attack is lodged every six minutes in Australia. Project Glasswing's findings have direct implications for every organisation in the region.

01

Proactive Discovery

AI finds vulnerabilities before they're exploited, shifting security from reactive to proactive.

02

Speed at Scale

Thousands of vulnerabilities found simultaneously across entire codebases — impossible for human auditors alone.

03

Compliance Ready

Stay ahead of the Critical Infrastructure Act and evolving Australian regulatory requirements.

04

Cost Efficiency

AI-assisted auditing dramatically reduces the cost of comprehensive vulnerability assessment.

Recommended

Essential Security Tools

Trusted tools to protect your digital life. We may earn a commission at no extra cost to you.

Disclosure: This page contains affiliate links. We only recommend tools we trust. If you purchase through our links, we may receive a commission at no additional cost to you. This helps support our editorial work.

03 — Insights

Key Takeaways

Unprecedented Scale

The single largest coordinated vulnerability disclosure in history, affecting software used by billions worldwide.

Industry-Wide Response

AI-driven security is now an industry priority. Nine companies are collaborating on coordinated fixes.

AI Security is Essential

Organisations that don't incorporate AI into their security strategy risk falling behind as threats evolve.

What Comes Next

Expect a wave of patches, security updates, and new AI-powered tools across the industry in the months ahead.

04 — Stay Informed

Stay Ahead of Threats

Get our occasional Australian cybersecurity briefings — the breaches, patches, and AI-security developments that actually matter. No spam, unsubscribe anytime.