Project Glasswing

Anthropic built its strongest coding model yet, pointed it at the world's software, and watched it surface thousands of critical, never-before-seen security holes — more than 10,000 high-severity ones by late May, with over 99% still unpatched when the work was published. Rather than open the model to the public, the lab gated it: access goes first to Project Glasswing, a defenders-only group that began with eleven named partners (Apple, Google, Microsoft, JPMorgan, the Linux Foundation and others) plus dozens of critical-software maintainers, backed by $100 million in usage credits so they can patch ahead of attackers.

Engineers with no security background got a complete working exploit overnight — and one flaw cost under $50 to find.

The capability was not trained for. Anthropic frames bug-hunting as a side effect of general gains in code and reasoning — engineers with no security background got a complete working exploit overnight, and one flaw cost under $50 to find. A 27-year-old networking bug in OpenBSD and a 17-year-old root-access hole in FreeBSD, both undiscovered for decades, fell in roughly a thousand automated runs each.

The number under the headline is the one that draws the map. Across several thousand scans the model could not remotely break the Linux kernel — its layered defenses held — while the old, memory-unsafe C in legacy systems gave way. That asymmetry is the actual map of the next few years: hardened, modern code resists; the decades of brittle code underneath everything is suddenly cheap to break. The race Glasswing is trying to win is whether defenders can reach those bugs before anyone with the same tool does.