SYSTEM Cited by 1 source
Anthropic Project Glasswing¶
Project Glasswing is Anthropic's controlled-research partner program through which a small number of external organisations are given access to preview cyber frontier models (notably Mythos Preview) without the additional safeguards present in generally- available models — to study capability and risk before broader rollout. The program landing page is at anthropic.com/glasswing.
The first canonical wiki disclosure is via Cloudflare's 2026-05-18 Project Glasswing: what Mythos showed us post, which states: "A few weeks ago, we were invited to use Mythos Preview as part of Project Glasswing. We soon pointed it at more than fifty of our own repositories — to see what it would find, and to see how it works."
Why a separate program¶
Two stated reasons justify a controlled program over direct GA release:
- Safeguard absence is the point. "The Mythos Preview model provided by Anthropic, as part of Project Glasswing, did not have the additional safeguards that are present in generally available models (like Opus 4.7 or GPT-5.5)." Glasswing exists to study what such a model will do at capability without the hardened safety boundaries — "to see what attackers are going to be able to do with the latest models" in Cloudflare's own framing.
- Bounded blast radius. Glasswing scopes the work to "a controlled research context" with vetted partners. Cloudflare's appended methodological note: "Our research with Mythos Preview was conducted in a controlled environment against our own code; every vulnerability surfaced through this work was triaged, validated, and remediated where action was needed under Cloudflare's formal vulnerability management process."
Stated future-state contrast¶
The post articulates the precondition for these models moving from Glasswing-style controlled use to generally-available status: "any capable cyber frontier model made generally available in the future must include additional safeguards on top of this baseline behavior — making it appropriate for broader use outside of a controlled research context like Project Glasswing." Glasswing is not the steady state — it is the pre-GA evaluation lattice where capability and safeguard work both happen.
What's not disclosed¶
- Cohort size / partner list — not stated. Cloudflare is the only Glasswing partner the wiki has a primary source for.
- Duration of access / contract shape — "a few weeks ago, we were invited" is the only timeline anchor.
- Whether non-Anthropic frontier-model providers operate similar programs — not addressed.
- Whether vulnerabilities found via Glasswing flow into public CVE channels — only the per-partner remediation process is disclosed (Cloudflare states it ran them through "Cloudflare's formal vulnerability management process").
Seen in¶
- sources/2026-05-18-cloudflare-project-glasswing-what-mythos-showed-us — first canonical wiki disclosure of Project Glasswing as the program through which Mythos Preview was made available to Cloudflare.
Related¶
- systems/mythos-preview — the cyber frontier model delivered through the program.
- systems/cloudflare-vulnerability-discovery-harness — Cloudflare's harness built around Mythos Preview during the Glasswing engagement.
- concepts/cyber-frontier-model — the model class Glasswing previews.
- concepts/model-organic-refusal-inconsistency — the inconsistent-emergent-guardrail behaviour characterised by Cloudflare during their Glasswing run.
- companies/cloudflare — the named Glasswing partner on the wiki.