200+
partner organizations in Project Glasswing after June 2026 expansion
2,000
bugs found by Cloudflare using Claude Mythos Preview, including 400 high/critical severity
271
vulnerabilities in Firefox 150 identified by Mozilla during Project Glasswing testing
$100M
in Claude Mythos Preview usage credits committed by Anthropic to Glasswing partners

SponsoredRetool

Retool's new app builder is where AI-generated code ships safely

Building apps with AI is easy. Getting them to production safely is another story.

Start building for free today

Project Glasswing launched April 7, 2026 with approximately 50 partner organizations. By June 2, 2026, it had expanded to more than 200 organizations spanning commercial technology, critical infrastructure operators, and open-source software maintainers across 15+ countries. It is now the largest coordinated AI-assisted vulnerability research program in history.

The program's structure is straightforward: partners receive access to Claude Mythos Preview in exchange for participating in coordinated vulnerability disclosure. What they find stays under embargo until patches are available. What has already been published -- the Cloudflare and Mozilla findings in particular -- provides the clearest public picture of what Mythos produces when directed at production software by organizations that know their own codebase.

This post covers the partner breakdown, what major partners have reported publicly, the financial commitments Anthropic has made to support the program, and what practitioners should be watching for as Glasswing CVEs move through coordinated disclosure into the public record through H2 2026.

How Project Glasswing Works and Who Is In It

Project Glasswing is a controlled-access program. Partners receive access to Claude Mythos Preview -- Anthropic's most capable model for vulnerability research -- in exchange for a commitment to coordinated vulnerability disclosure. Mythos tests the partner's own software. Findings are embargoed until patches are available. Partners provide operational feedback that informs Mythos's continued development.

The initial launch on April 7, 2026 included approximately 50 organizations: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks on the commercial side. Open-source maintainers for Firefox (Mozilla), nginx, FreeBSD, OpenBSD, FFmpeg, and others. Plus Cloudflare, whose published findings have become the most detailed public case study of what Glasswing produces at scale.

The June 2, 2026 expansion added approximately 150 additional organizations and meaningfully broadened the scope. New sectors: power generation and distribution, water systems, healthcare infrastructure, communications networks, and semiconductor hardware. Geographic reach grew to 15+ countries. The expansion reflects a deliberate decision to stress-test Mythos against the software that runs critical infrastructure -- the category of target where successful exploitation has the highest societal consequence.

What Major Partners Found

Cloudflare published the most detailed public accounting of a Glasswing deployment. Testing Mythos against their own infrastructure, they found 2,000 bugs -- 400 high/critical severity. False-positive rates were better than human testers, which is significant because false positives are the primary operational cost of automated security tooling. Cloudflare built an eight-stage, 50-parallel-agent harness to handle the throughput; single-agent approaches hit context limits before Mythos's capability was exhausted. Their assessment of Mythos's reasoning: it 'chains several small attack primitives together into a working exploit' in a way that resembles senior researcher work rather than pattern-matched vulnerability identification.

Mozilla tested Mythos against Firefox 150 and found 271 vulnerabilities compared to prior human-review findings in Firefox 148. The SpiderMonkey JavaScript engine results are the most technically significant: 14 of 18 proof-of-concepts generated by Mythos in a three-hour window were independently confirmed by Mozilla's own testing. SpiderMonkey is a high-value, frequently-audited target. The finding rate represents a substantial multiple over what existing security review processes were catching.

Beyond Cloudflare and Mozilla, most high/critical-finding partners reported more than a factor of ten increase in bug-finding rates compared to prior security review processes. Average patch time for high/critical Glasswing findings: two weeks, substantially faster than industry-average patch timelines for CVEs of comparable severity.

Free daily briefing

Briefings like this, every morning before 9am.

Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.

The Financial Commitment and Open Source Investment

Anthropic committed $100M in Claude Mythos Preview usage credits to Glasswing partners -- the direct cost of running Mythos at scale across 200+ partner environments. The credit structure makes the program economically accessible to organizations, including open-source projects, that could not otherwise afford frontier AI-assisted security research.

Beyond partner credits, Anthropic made two targeted open-source investments: $2.5M to Alpha-Omega and the Open Source Security Foundation through the Linux Foundation, focused on the most critical open-source dependencies in the software supply chain. $1.5M to the Apache Software Foundation. These investments acknowledge that a significant fraction of the attack surface Glasswing is examining is open-source infrastructure that does not have a commercial security budget.

Claude Security, Anthropic's commercial product built on Claude Opus 4.7, entered public beta for organizations outside Glasswing. It patched 2,100+ vulnerabilities in its first three weeks. The commercial product serves two functions: it makes AI-assisted vulnerability research accessible to organizations that do not qualify for Glasswing, and it generates commercial revenue that funds continued Mythos development. The investment structure -- credits, open-source grants, and a commercial product path -- signals that Anthropic views AI-assisted vulnerability research as a long-term infrastructure commitment, not a research exercise with a defined end date.

What Comes Next: The July Report and H2 2026 Disclosures

Anthropic committed to a 90-day public summary report expected in July 2026. This will be the first major public accounting of aggregated Glasswing findings: fixed vulnerabilities, operational learnings, practical recommendations for how security practices should evolve given AI-scale vulnerability discovery. For practitioners building threat intelligence programs, the July report will be the most comprehensive single source on what Glasswing has actually found.

Following the report: high-volume patch releases are expected through H2 2026 as individual vulnerability embargo windows close. The CISA Known Exploited Vulnerabilities catalog will receive additions as Glasswing CVEs complete coordinated disclosure and enter the public record. Practitioners should build Glasswing monitoring into their intel workflows now rather than reacting to individual disclosures after the fact.

Practical monitoring approach: set alerts on red.anthropic.com for new disclosure publications, subscribe to NVD data feeds filtered for vendor/product combinations relevant to your environment, and watch the CISA KEV catalog for disclosure volume spikes in August and September 2026. The CVEs coming out of Glasswing will not all be labeled as such -- they will appear as standard CVEs from Mozilla, Cloudflare, AWS, and other partners. Cross-referencing publication dates and affected components against the Glasswing partner list is the most reliable way to identify them.

The bottom line

Project Glasswing is the operational context behind the 10,000+ high/critical vulnerability count that has been circulating since April 2026. The partner list, the Cloudflare and Mozilla findings, and the $100M credit commitment together define the scope of what is coming through coordinated disclosure over the next six months. Security teams that build Glasswing monitoring into their intel workflows now will be better positioned to prioritize the patch volume as CVEs enter the public record. For a practitioner-focused breakdown of what Claude Mythos means for your specific threat model and security operations, read the free Mythos Brief at /mythos-brief.

This analysis is generic — the platform version scores threats like this against your own stack.

Frequently asked questions

Which companies are in Project Glasswing?

The initial 50 partners announced April 7, 2026 included AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, Mozilla, and Cloudflare, plus open-source maintainers for nginx, FreeBSD, OpenBSD, FFmpeg, and others. The June 2, 2026 expansion added approximately 150 additional organizations from power, water, healthcare, communications, and hardware sectors across 15+ countries.

How do I apply to join Project Glasswing?

Anthropic has not published an open application process for Project Glasswing. Expansion waves have been invite-based, coordinated through Anthropic's trust and safety and research teams. Organizations interested in access to Claude Security -- the commercial product built on Claude Opus 4.7 -- can apply for the public beta at anthropic.com, which does not require Glasswing membership.

What did Cloudflare find using Claude Mythos?

Cloudflare tested Mythos against its own infrastructure and found 2,000 bugs, including 400 high/critical severity. False-positive rates were better than human testers. Cloudflare built an eight-stage, 50-parallel-agent harness to handle the finding throughput, noting that single-agent approaches hit context limits before Mythos's capability was exhausted. They described Mythos as chaining small attack primitives into working exploits with reasoning resembling senior researcher work.

What did Mozilla find using Claude Mythos in Firefox?

Mozilla used Mythos to test Firefox 150 and found 271 vulnerabilities. This compares to prior human-review findings in Firefox 148. Mozilla independently confirmed 14 of 18 SpiderMonkey proof-of-concepts generated by Mythos in a three-hour window. The SpiderMonkey results are particularly significant because the JavaScript engine is a high-value, frequently-audited target that had been assumed to be well-covered by existing review processes.

When will Project Glasswing CVEs be publicly disclosed?

Anthropic committed to a 90-day public summary report expected July 2026, covering fixed vulnerabilities and operational learnings. Following the report, high-volume patch releases are expected through H2 2026 as individual embargo windows close. Practitioners should monitor red.anthropic.com, NVD, and the CISA Known Exploited Vulnerabilities catalog for disclosure volume increases through August 2026.

What is the difference between Project Glasswing and Claude Security?

Project Glasswing is a controlled-access research program using Claude Mythos Preview, available to selected partners through Anthropic's invite process, focused on finding vulnerabilities in partner software through coordinated disclosure. Claude Security is a commercial product built on Claude Opus 4.7, available to any organization through public beta, designed for organizations to run continuous AI-assisted vulnerability research against their own codebases.

Sources & references

  1. Project Glasswing: Securing critical software, Anthropic
  2. Expanding Project Glasswing, Anthropic
  3. Project Glasswing: An initial update, Anthropic
  4. Project Glasswing has uncovered 10,000 vulnerabilities, CSO Online
  5. Anthropics Project Glasswing Update, Schneier on Security

Free resources

25
Free download

Critical CVE Reference Card 2025–2026

25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.

No spam. Unsubscribe anytime.

Free download

Ransomware Incident Response Playbook

Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.

No spam. Unsubscribe anytime.

Free newsletter

Get threat intel before your inbox does.

50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.

Unsubscribe anytime. We never sell your data.

Eric Bang
Author

Founder & Cybersecurity Evangelist, Decryption Digest

Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.

Black Hat Giveaway

Win a $2,495 Black Hat pass.

Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.

Joins Decryption Digest daily briefing. Unsubscribe anytime.

Related Questions: Answer Hub

Giveaway: Black Hat USA 2026 Full-Access Pass ($2,495 value)

Details →
Daily Briefing

Subscribe to enter the giveaway

Every subscriber is automatically entered. You also get daily threat intel every morning: zero-days, ransomware, and nation-state campaigns. Free. No spam.

Already subscribed? You're already entered.

Giveaway

Win a $2,495 Black Hat USA 2026 pass.