Project Glasswing: Cisco Uses Claude Mythos to Harden Its Own Code

Cisco is stress-testing its own products against one of the most capable AI models ever built — and it hasn’t been released to the public. As a founding partner in Anthropic’s Project Glasswing, Cisco has been running Claude Mythos Preview against its firewalls, switches, and management platforms to find vulnerabilities before attackers do.

The initiative, announced April 7, brings together twelve of the biggest names in tech and security: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks — all granted restricted access to a model that Anthropic has explicitly declined to release broadly due to its offensive capabilities.

What Makes Mythos Different

Claude Mythos Preview isn’t just a faster version of existing Claude models. According to Anthropic, it represents a genuine step change in AI capability for cybersecurity work — able to autonomously discover and exploit zero-day software vulnerabilities in ways that surpass all but the most skilled human researchers. That dual nature is exactly why Anthropic has kept it locked down: the same model that can harden a codebase can, in the wrong hands, tear one apart.

That’s the core tension at the heart of Project Glasswing — and Cisco is leaning directly into it. “AI allows us to scan and secure vast codebases at a scale previously unimaginable,” said Anthony Grieco, Cisco’s Chief Security and Trust Officer. The company is using Mythos Preview not just to audit its own products, but to accelerate development of defensive tools capable of countering the AI-enabled attacks it knows are coming.

The Numbers Behind the Initiative

Anthropic is backing the coalition with $100 million in model usage credits for partners, plus $2.5 million earmarked for open-source security projects and $1.5 million to the Apache Software Foundation. The financial commitment signals that this isn’t a PR exercise — Anthropic is funding the compute required to actually run Mythos against real-world codebases at scale.

Cisco’s own internal data adds urgency to the effort: the company’s surveys show that 85% of enterprise customers have AI agent pilots underway, but only 5% have moved to production. The bottleneck, Cisco says, is trust and security. Solving that gap — proving that AI-powered systems can be audited, secured, and made reliable — is both the stated goal of Project Glasswing and a direct commercial priority for every company in the coalition.

Why This Partnership Matters

The cybersecurity industry has long operated on asymmetric terms: attackers only need to find one weakness, while defenders must protect everything. AI is about to make that asymmetry dramatically worse — or potentially rebalance it, depending on who deploys the most capable models first.

Project Glasswing is a bet that the best defense against AI-powered attacks is AI-powered defense, built collaboratively, before the threat fully materializes. Cisco’s participation — with its vast installed base of enterprise networking infrastructure — means that the results of Mythos-powered vulnerability sweeps will eventually reach some of the most critical systems on the internet.

Whether that’s reassuring or alarming probably depends on how much you trust the twelve companies involved to coordinate effectively. For now, the coalition has the right partners, a well-funded mandate, and access to a model powerful enough to change what’s possible on both sides of the security equation.