# Project Glasswing

**Type:** Private-sector AI capability access coalition  
**Founded:** 2026 (disclosed April 2026)  
**Purpose:** Coordinated vulnerability discovery and disclosure using restricted-access frontier AI models  
**Members:** ~40 organizations including AWS, Apple, Microsoft, Google, CrowdStrike, Palo Alto Networks  

## Overview

Project Glasswing is a coalition of technology companies granted restricted access to Anthropic's Claude Mythos Preview model for cybersecurity purposes. It represents the first documented private-sector governance architecture for capability-harm-based deployment restriction.

## Operational Model

- **Access control:** Anthropic restricts Mythos Preview to approximately 40 member organizations
- **Coordinated disclosure:** Human validators review AI-discovered vulnerabilities before notifying affected parties
- **Temporal framing:** Explicitly described as a "transitional period" until defensive safeguards enable broader deployment
- **Goal:** Use Mythos to find and patch vulnerabilities before adversaries gain comparable capability

## Governance Architecture

Project Glasswing establishes a third deployment tier between general availability and non-deployment:
- Not "too dangerous to exist" (model is deployed)
- Not "safe for public release" (access permanently restricted to coalition)
- Temporary restriction pending development of defensive safeguards

## Effectiveness

As of April 2026 disclosure:
- Mythos discovered >271 Firefox vulnerabilities through Glasswing
- Less than 1% had been patched at time of writing
- Demonstrates offensive capability outpacing defensive verification infrastructure

## Timeline

- **2026-04-10** — Anthropic publicly disclosed Project Glasswing existence and operational model in Mythos Preview technical disclosure

## Sources

- Anthropic Mythos Preview Technical Disclosure (April 2026)