Anthropic has launched Project Glasswing together with a coalition of twelve leading technology and security companies — including AWS, Apple, Cisco, Google, Microsoft, NVIDIA, JPMorganChase, CrowdStrike, the Linux Foundation, and Palo Alto Networks. The trigger: a new, not yet publicly available frontier model called Claude Mythos Preview, which has found thousands of critical vulnerabilities in all major operating systems and web browsers — fully autonomously, without any human steering.
Notably, many of these vulnerabilities had survived years — sometimes decades — and millions of automated tests without ever being caught. They have since been patched. But the point is not that they have now been found — the point is that they were there. And even if the reality proves more nuanced than Anthropic's announcements suggest, the trend is unmistakably underway. Development is moving at extraordinary speed — and it is anyone's guess what will be possible by the end of 2026.
The defensive principle behind Glasswing
The project starts from a clear premise: the same capabilities that make Claude Mythos Preview dangerous in the wrong hands make it indispensable for defence. If you wait until attackers are already exploiting this technology, you are already too late.
Project Glasswing aims to reverse that asymmetry. Anthropic is making $100 million in model usage credits available to participating organisations, and donating $4 million directly to open-source security organisations. The coalition is focusing on local vulnerability detection, black-box testing, endpoint hardening, and penetration testing of critical systems.
Palo Alto Networks: ready for the age of AI-powered attackers
Palo Alto Networks, one of the founding partners of Project Glasswing and a partner Nomios works closely with, was unequivocal in its response. Lee Klarich, Chief Product & Technology Officer: the window between a vulnerability being discovered and actively exploited has collapsed. Organisations must modernise their security stack now — AI-powered attackers are coming with greater frequency, greater speed, and greater sophistication.
The fact that Palo Alto Networks is a direct participant in this initiative is consistent with what we at Nomios have observed for some time: a vendor that stays ahead of threats rather than reacting to them. The integration of AI-driven detection and response in the Cortex platform — the foundation of our Guardian xMDR services — is not a roadmap item. It is operational.
What this means for organisations in the Benelux
The vulnerabilities Mythos Preview has uncovered are not in obscure or legacy systems — they are in software every organisation relies on. Many organisations lack a security team with the capacity to scan and patch at this level proactively. That is precisely the gap that managed security services need to close: not just managing known risks, but continuously searching for what is not yet known.
Project Glasswing is a starting point. Anthropic will share findings, a public report is due within 90 days, and the broader aim is a sector-wide shift in how vulnerability disclosure and secure-by-design practices are shaped for the AI era.
For Nomios, this initiative reinforces what we have been advising our clients: the question is no longer whether AI is changing the rules of cybersecurity, but how quickly your organisation is ready for what is already in motion.
