What Is Anthropic's Project Glasswing and Why Should UK Businesses Care?

On 7 April 2026, Anthropic launched Project Glasswing, a collaborative cybersecurity initiative that uses AI to find and fix software vulnerabilities in critical infrastructure before attackers can exploit them. It involves 12 major technology and financial companies, a new frontier AI model called Claude Mythos Preview, and a commitment worth over $100 million. Here is what it means and why it matters for UK businesses.

Video: "An initiative to secure the world's software" by Anthropic. Reproduced via YouTube embed.

What Is Project Glasswing?

Project Glasswing is a defensive cybersecurity programme. Its purpose is straightforward: use AI to scan critical software (operating systems, web browsers, financial systems, healthcare platforms) for vulnerabilities that human reviewers have missed, then disclose and fix them before they can be exploited.

The initiative is led by Anthropic and backed by 11 partner organisations: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Over 40 organisations involved in critical infrastructure have been given access to the programme's findings.

Claude Mythos Preview: The Model Behind It

At the centre of the project is Claude Mythos Preview, a new AI model built specifically for cybersecurity. On vulnerability reproduction benchmarks, Mythos Preview scores 83.1%, compared to 66.6% for Anthropic's previous flagship model. That is a significant jump in the AI's ability to identify, reproduce, and verify real security flaws.

What makes this notable is the scale of what it has already found. Mythos Preview has discovered thousands of high-severity vulnerabilities across major operating systems and web browsers, including a flaw in OpenBSD that had gone undetected for 27 years and a vulnerability in FFmpeg that had been present for 16.

These are not obscure edge cases. OpenBSD is widely regarded as one of the most security-focused operating systems available. FFmpeg is used in virtually every video player and streaming service. If vulnerabilities can hide in software that has been scrutinised by security professionals for decades, the implication for less thoroughly reviewed business software is clear.

Key Takeaways for UK Businesses

1. AI is now finding vulnerabilities faster than humans can

The speed at which Mythos Preview identified long-standing flaws demonstrates that AI-driven security scanning is no longer experimental. For UK businesses, this reinforces the case for adopting AI-assisted security tools rather than relying solely on manual penetration testing and periodic audits.

2. The threat landscape is escalating

Anthropic estimates global cybercrime costs at approximately $500 billion annually. In the UK specifically, the economic impact of significant cyber attacks (those costing £500 or more) is estimated at £14.7 billion per year, roughly 0.5% of GDP. 43% of UK businesses reported experiencing a cyber attack or breach in 2025, with phishing contributing to 93% of successful breaches.

3. Collaboration is the defensive model

The fact that competitors like Apple, Google, and Microsoft are collaborating on this project signals a shift. Cybersecurity is increasingly being treated as a shared infrastructure problem rather than a competitive advantage. For smaller businesses, the practical benefit is that vulnerabilities found through programmes like Glasswing get patched in the software you already use, often before you even know the risk existed.

4. Open-source software gets a significant funding boost

Anthropic is committing $100 million in model usage credits and $4 million in direct donations to open-source security organisations. Much of the software that UK businesses depend on (from web servers to content management systems to development tools) is built on open-source foundations. More investment in the security of those foundations benefits everyone who builds on them.

5. AI governance matters more than ever

Project Glasswing demonstrates both sides of the AI coin. The same capabilities that make AI effective at finding vulnerabilities could, in the wrong hands, be used to exploit them. This is precisely why having an AI governance framework matters. Understanding what AI tools your business uses, how they handle data, and what safeguards are in place is no longer optional; it is a fundamental part of operating responsibly.

What This Means Practically

For most UK businesses, Project Glasswing is not something you interact with directly. You will not be scanning your own systems with Mythos Preview. But the downstream effects are real:

• Your software gets more secure. Vulnerabilities found through the programme are disclosed to vendors and patched. Keeping your operating systems, browsers, and business software up to date means you benefit from these fixes automatically.
• The case for regular updates strengthens. If a 27-year-old flaw can hide in security-focused software, the argument for delaying updates becomes harder to justify.
• AI-driven security tools are becoming mainstream. If the largest technology companies in the world are using AI for cybersecurity, it is only a matter of time before AI-assisted security becomes an expectation for businesses of all sizes, not just enterprises.

Frequently Asked Questions

What is Project Glasswing?

Project Glasswing is a cybersecurity initiative launched by Anthropic in April 2026 that uses an AI model called Claude Mythos Preview to find and fix software vulnerabilities in critical infrastructure. It is backed by 12 major technology and financial companies.

What is Claude Mythos Preview?

Claude Mythos Preview is an AI model developed by Anthropic specifically for cybersecurity applications. It scores 83.1% on vulnerability reproduction benchmarks, a significant improvement over previous models, and has already discovered thousands of high-severity flaws in widely used software.

Does Project Glasswing affect my business?

Not directly, but the vulnerabilities it finds are disclosed to software vendors and patched. If you keep your operating systems, browsers, and business software updated, you benefit from these security improvements automatically.

How much does cybercrime cost UK businesses?

The estimated annual economic impact of significant cyber attacks on UK businesses is £14.7 billion, with the average cost per significant incident at approximately £195,000. 43% of UK businesses reported experiencing a cyber attack or breach in 2025.

What should my business do in response?

Three practical steps: keep all software up to date so you receive security patches promptly, review your AI governance and data handling practices, and consider whether AI-assisted security tools should be part of your cybersecurity strategy.

Is Anthropic sharing the vulnerabilities it finds?

Yes. Vulnerabilities are disclosed to the relevant software vendors through responsible disclosure practices. Anthropic is also investing $100 million in usage credits and $4 million in direct funding to support open-source security organisations.