Early findings from Project Glasswing suggest AI could significantly change how tech companies and cybersecurity teams respond to vulnerabilities in open-source software. The initiative aims to counter AI-powered cyber threats by giving open-source maintainers access to advanced defensive tools.
AI research and safety company Anthropic introduced the Claude Mythos Preview in April, a new large language model (LLM) that can autonomously find zero-day vulnerabilities and create exploits for them.
Anthropic’s release sparked a broad industry initiative — Project Glasswing — that brought together a dozen major companies to use the frontier AI platform to find more effective defenses against increasingly sophisticated cybersecurity threats.
Project Glasswing’s partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, Nvidia, Palo Alto Networks, and The Linux Foundation. This initiative follows $12 million in grants to Alpha-Omega and OpenSSF for open-source security.
Rapid advances in AI are increasing the speed and scale at which vulnerabilities in open-source software are discovered. Maintainers face an unprecedented influx of security findings generated by automated systems but lack the resources or tooling to identify and remediate them effectively.
