Anthropic Project Glasswing: A Frontier AI Model for Enterprise Security, Before It Goes Public

What You'll Learn

• What Project Glasswing is, which organizations have access, and what Claude Mythos Preview does differently than current security tools
• Why the window between vulnerability discovery and exploitation is shrinking - and what AI changes about the equation
• How to qualify your organization for the program or a similar future access path
• A verbatim security review prompt to run on standard Claude API today while waiting for preview access
• The 5-step process to set up AI-assisted code security review without enterprise access

The standard vulnerability disclosure timeline: a researcher finds a zero-day, the vendor is notified, a patch is developed, and the patch is deployed. The gap between discovery and deployment has historically measured in weeks to months.

That gap is the attack surface. And it is shrinking for adversaries faster than it is shrinking for defenders.

Anthropic's Project Glasswing is a direct response to this asymmetry. The program gives select enterprise organizations access to Claude Mythos Preview - Anthropic's unreleased frontier model - with a specific mandate: find and fix critical software vulnerabilities before they can be exploited. The model is not in general availability. This program is the only current path to access it.

This is a PromptHacker Premium article.

The qualification guide, security review prompt, and 5-step AI security setup are available to Premium subscribers.

What Project Glasswing Is

Project Glasswing is a controlled early-access initiative. Anthropic gives select enterprise organizations access to Claude Mythos Preview under a structured partnership agreement. Confirmed organizations: AWS, Apple, Cisco, Google, JPMorgan Chase, and Microsoft.

The program's focus is critical software vulnerabilities - not general code quality or compliance documentation. Current automated security scanners find what they were trained to look for. A frontier AI model identifies novel vulnerability patterns that do not match any existing signature, the class of vulnerability most likely to be exploited before a patch exists.

How to Qualify

Qualification is based on infrastructure relationship. If your organization runs production workloads on AWS, Google Cloud, or Microsoft Azure at the enterprise tier, contact your account team and ask directly whether your organization qualifies for AI-assisted security programs under the Anthropic partnership.

If your organization does not qualify today, submit a formal interest inquiry at anthropic.com/news via the Glasswing application link to be placed on the priority consideration list for the next expansion cohort.

The Security Review Prompt to Run Today

Standard Claude API (Claude Sonnet 4.6) already identifies a meaningful subset of security vulnerabilities in production code. Teams that run this protocol consistently find that Claude surfaces 60 - 80% of pen test findings independently.

Review the following code for security vulnerabilities. For each vulnerability identified: 1. Severity - Critical / High / Medium / Low 2. Attack vector - what an adversary would need to exploit it 3. Affected component - the specific function or block at risk 4. Remediation priority - fix immediately / fix this sprint / backlog 5. Recommended fix - specific code change required Focus on: authentication flows, input validation, secret handling, dependency risks, and session management. Do not flag code style issues. Flag only security risks. Code to review: [paste code section]

Run this on your 3 highest-risk code sections: authentication and authorization logic, input validation code, and secret/credential handling. Compare output against your last penetration test.

Action Steps Summary

• Assess your qualification for Project Glasswing. Contact your AWS, GCP, or Microsoft enterprise account team. Ten-minute email or phone call.
• Submit a formal interest inquiry at anthropic.com/news via the Project Glasswing application link.
• Set up a Claude security review workspace using the prompt template above. Setup takes 10 minutes.
• Run the security review prompt on your 3 highest-risk code sections. Document the findings. Compare against your last pen test.
• Build a bi-weekly security review cadence - a recurring 2-hour block every other week for AI-assisted review of new or modified high-risk sections.