The companies behind the world’s most important digital infrastructure are preparing for a future where cyberattacks happen at machine speed.
Anthropic unveiled Project Glasswing, a major initiative bringing together Amazon, Apple, Google, Microsoft, Cisco, CrowdStrike, Palo Alto Networks, JPMorganChase, and the Linux Foundation around a shared concern: frontier AI models are becoming exceptionally good at finding and exploiting software vulnerabilities, and the industry may have very little time to prepare for what happens once those capabilities spread more broadly (Anthropic, 2026).
The project focuses on Claude Mythos Preview, an unreleased AI model that Anthropic describes as sufficiently advanced to identify and exploit vulnerabilities at a level comparable to (and in some cases exceeding) that of top human specialists. The warning from Anthropic feels notably direct.
“AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” the company said.
The examples released by the company explain why the industry is taking the warning seriously.
Mythos Preview reportedly uncovered a 27-year-old vulnerability inside OpenBSD, one of the world’s most security-focused operating systems and a platform trusted across sensitive infrastructure environments. The model also found a 16-year-old flaw hidden inside FFmpeg, software deeply embedded across global video infrastructure, in code that automated testing systems had analyzed more than five million times without detecting the issue.
Anthropic says the model autonomously chained together Linux kernel vulnerabilities, escalating from ordinary user access to full machine control with minimal human direction.
Until recently, most public debate centered around misinformation, job displacement, and generative content. Project Glasswing shifts attention toward something potentially far more destabilizing: the possibility that AI systems could dramatically accelerate cyberwarfare, infrastructure attacks, and large-scale exploitation of critical software before governments and enterprises can adapt defensively.
Once vulnerability discovery becomes partially autonomous, cyber capabilities begin scaling differently. Modern infrastructure was never built for that environment. Hospitals, financial systems, logistics networks, telecommunications platforms, cloud providers, defense systems, and transportation infrastructure all rely heavily on sprawling open-source ecosystems maintained by relatively small groups of developers. Many of those systems contain decades of accumulated complexity and invisible technical debt. Some vulnerabilities survive not because they are impossible to detect, but because no human team has enough time or resources to examine every corner of modern software ecosystems deeply enough.
Project Glasswing effectively acknowledges that human-scale cybersecurity may no longer be sufficient. And Anthropic appears deeply concerned about what happens once similar AI capabilities spread more broadly:
“The work of defending the world’s cyber infrastructure might take years; frontier AI capabilities are likely to advance substantially over just the next few months,” the company warned.
That imbalance may become one of the defining security challenges of the AI era. Offensive cyber operations historically required patience, coordination, and labor-intensive research. Frontier AI models compress those timelines dramatically. Vulnerability discovery, exploit generation, penetration testing, and attack path analysis increasingly become machine-scale processes rather than purely human workflows.
Defenders now face the possibility of AI-assisted attackers who can identify and weaponize weaknesses faster than institutions can patch them manually. Anthropic openly admits this is why Mythos Preview remains restricted rather than publicly released. Unlike traditional AI launches focused on adoption and scale, Project Glasswing feels closer to a controlled defensive mobilization effort designed to secure infrastructure before equivalent offensive capabilities become widely accessible.
The coalition itself reflects the seriousness of that realization. Companies that normally compete aggressively are suddenly collaborating around vulnerability disclosure, open-source security, infrastructure hardening, and defensive AI deployment because the threat landscape is changing faster than any one organization can realistically manage alone.
Once AI systems begin continuously auditing software, reasoning through vulnerabilities autonomously, and scaling cyber capabilities across critical infrastructure, the internet’s entire security model starts operating under a different set of assumptions — one where machines increasingly defend systems from other machines.