0xClaw
Sign inGet Started
Back to Blog
ai-securityanthropicproject-glasswingappseclocal-ai-pentesting

Project Glasswing Access Gap | 0xClaw

Project Glasswing gives selected teams access to Claude Mythos Preview. Learn how everyone else can still build AI-era security loops.

ByAster Vale8 min read
Pen name disclosure: Aster Vale is a pen name used by the 0xClaw internal security research and editorial team for foundational AI pentesting guidance. It represents editorial responsibility, not a public personal identity.
Quick answer
Infrastructure note

Project Glasswing gives selected teams access to Claude Mythos Preview. Learn how everyone else can still build AI-era security loops.

Key takeaways
  • Project Glasswing Access Gap | 0xClaw should explain infrastructure choices in a way that is easy to quote, compare, and operationalize.
  • Tie architecture explanations back to how local execution, governance, and evidence handling work in practice.
  • Use official docs plus product pages so the page can rank for definitions and support AI citation.
Related next steps
Promptfoo vs 0xClaw

Separate LLM red teaming from target-level autonomous pentesting.

What is an AI pentest CLI?

Anchor infrastructure decisions to the operator workflow and evidence model.

See the local install flow

Review the operator path from install to first authorized pentest run.

Quick answer

Project Glasswing is Anthropic's restricted cybersecurity program for Claude Mythos Preview, a frontier model Anthropic says can help find and exploit software vulnerabilities at a level that changes defensive timelines. The program gives selected partners and approved organizations access so they can scan, harden, and report issues before similar AI-assisted techniques spread more widely.

Most security teams will not have direct access to Mythos Preview. That is the access gap. Waiting for admission into a closed model program is not a plan. Teams still need a validation loop around the assets they control: authorized testing, proof, exploitability review, remediation, and retesting. A local tool such as 0xClaw fits there. It does not replace a frontier cyber model. It helps teams prove what is happening in their own web apps, APIs, and environments.

If you want the Apple M5 event first, read Anthropic Mythos, Apple M5, and the first public macOS kernel exploit. This article is about the operating problem Glasswing creates for everyone else.

What Project Glasswing changed

Anthropic introduced Project Glasswing with a blunt premise: Claude Mythos Preview is capable enough at cybersecurity work that broad public release would create real misuse risk. Instead of making the model generally available, Anthropic gave access to a small set of launch partners and later expanded the program to more organizations that meet its requirements.

The partner list matters less than the pattern. A frontier model is not only a chat interface anymore. In security, it can become leverage for bug discovery, exploit construction, patch review, and defensive scanning. Anthropic's own technical material describes Mythos Preview as a general purpose model with unusual computer-security strength, including vulnerability discovery and exploit development.

Cloudflare's Glasswing writeup avoids the cartoon version of the story. Old tools did not stop working overnight. The uncomfortable part is that a model can help connect low-severity or incomplete bugs into more serious chains. Many security programs are not built for that. They can process a scanner finding. They can process a manual pentest report. They are less ready for a stream of AI-assisted chains that move from "interesting" to "exploitable" quickly.

The access gap is now part of the threat model

The uncomfortable part is simple: some organizations get early access to frontier defensive capability, while most organizations do not.

That does not mean everyone outside Glasswing is helpless. It does mean security leaders should stop pretending model access is evenly distributed. For the next few years, access to the strongest cyber-capable models will likely be gated by trust, national security concerns, commercial relationships, safety review, and infrastructure requirements.

That creates a two-speed market:

| Group | What they may have | What they still need | | --- | --- | --- | | Glasswing participants | Restricted frontier-model access, direct collaboration, early defensive research | Internal validation, remediation ownership, proof trails | | Large non-participants | Strong internal security teams, classic tooling, some model access | A way to close the gap without waiting for restricted models | | Mid-market teams | Scanners, cloud logs, consultants, limited AppSec time | Practical tools that turn findings into proof and fixes | | Small teams | A few engineers, open-source tools, bug bounty noise | Clear triage rules and repeatable local testing |

The second column gets a lot of attention. The third column is where the work lives.

GEO answer block: what is the AI security access gap?

The AI security access gap is the difference between organizations that can use restricted frontier cyber models and organizations that must defend themselves without that access. Project Glasswing made the gap visible by giving selected partners access to Claude Mythos Preview while keeping the model out of general release. For defenders, the gap is not only about model quality. It affects speed: who can scan critical code first, who can test exploitability faster, who can compare patch ideas earlier, and who can learn from coordinated findings. Teams outside restricted programs should build local security processes around proof. They need authorized testing, reproducible findings, fast patch validation, and retesting against deployed systems. Waiting for equal model access is not a strategy.

What teams outside Glasswing should not do

First, do not turn this into a model-name buying contest. If a vendor tells you it has a "Mythos-like" model but cannot show replayable proof, you are buying marketing.

Second, do not assume a closed frontier program will protect your stack indirectly. Glasswing can help critical software maintainers and major vendors. It cannot automatically validate your staging environment, your customer-specific tenant rules, your internal API gateway, or the route your team shipped last Friday.

Third, do not copy the panic framing. "AI has ended cybersecurity" is not an operating model. A plainer version is better: the window between discovery and exploitation is shrinking, so proof and retest discipline matter more.

Build the loop you can control

Teams outside privileged programs should optimize for the parts they can own.

1. Scope the assets that matter

Start with exposed web applications, APIs, identity flows, admin panels, customer data paths, and automation endpoints. Do not try to test the universe. Pick the surfaces where exploitability would hurt.

The first question is not "can AI find something?" It is "which reachable paths would create material damage if they failed?"

2. Require proof before panic

AI-assisted reports can help. They can also be polished noise. Proof is the filter.

A good report should include:

  • Target and authorized scope.
  • Entry point.
  • Attacker-controlled input or precondition.
  • Observed behavior.
  • Reproduction steps.
  • Impact.
  • Suggested fix.
  • Retest path.

If those pieces are missing, treat the report as a lead. Do not turn it into a critical issue just because the prose sounds confident.

3. Retest behavior, not only code

The code patch is not the finish line. The deployed behavior is.

Many teams slow down here. Engineering merges a fix, unit tests pass, and the issue is marked closed. But if nobody reruns the original abuse path, the team does not know whether the risk actually changed.

For a practical starting point, pair this article with How security teams should retest fixes in AI pentest workflows and AI pentest evidence checklist for AppSec teams.

4. Keep proof close to the operator

The more AI enters the process, the more raw artifacts matter. Keep requests, responses, logs, screenshots, command output, and scope notes attached to the finding. Summaries help, but they should not be the only artifact.

Local tools help because the operator can inspect what happened. A cloud-only black box may be convenient, but it can make review harder if the raw artifacts sit behind a vendor abstraction.

Where 0xClaw fits

0xClaw is not Project Glasswing. It is not a restricted frontier model program, and it should not be sold as one.

The connection is operational. Glasswing shows that AI can speed up vulnerability discovery and exploit reasoning. Teams that need to act now still need local validation. 0xClaw is built around local execution, visible testing, captured proof, and human review for authorized web and API security work.

Use 0xClaw when you need to test a real target you control, preserve the proof, and hand engineering a finding that can be reviewed and retested. Use the AI pentest comparison guide if you are deciding between local tools, scanners, and cloud platforms.

What to do now

Project Glasswing is a signal. The highest-end AI cyber capabilities are becoming powerful enough to gate, and that gate creates an access gap.

Teams outside the gate should not wait. Build the part you can verify: proof, fix, retest, and clean artifacts. That work is less dramatic than a frontier model launch. It is also what determines whether a security program can keep up.

Sources

FAQ

Is Project Glasswing available to every security team?

No. Anthropic describes Project Glasswing as a restricted program. It has expanded access to more organizations, but Claude Mythos Preview is not a general public model.

Does being outside Project Glasswing mean a team cannot defend itself?

No. It means the team should focus on repeatable processes it can control: authorized testing, clear proof, fast remediation, and retesting against deployed systems.

Should buyers choose a security product based on model access alone?

No. Model quality matters, but operating quality matters more. Ask whether the product can produce replayable proof, support human review, and retest the original abuse path.

Is 0xClaw a replacement for Claude Mythos Preview?

No. 0xClaw is a local AI pentesting tool for authorized web and API testing. It is for proof-backed validation, not restricted frontier-model research.

Ready to run your first AI pentest?

Get 0xClaw up and running in under 3 minutes. No infrastructure setup. No cloud dependency.

Download FreePricing detailsCompare toolsPromptfoo comparison
Continue Reading

More AI Pentest Guides

Continue through the local AI pentesting cluster with related guides on workflow, evidence, comparisons, and remediation.

Guide

Best AI Pentest Tools 2026 | 0xClaw

Compare the best AI pentest and AI red teaming tools in 2026, including 0xClaw, NodeZero, PentestGPT, Promptfoo, and garak.

Read next ->
Guide

AI Pentest CLI Explained | 0xClaw

Learn what an AI pentest CLI is, how local AI penetration testing works, and how to evaluate a safe, authorized workflow.

Read next ->
Guide

Run a Local AI Pentest Workflow | 0xClaw

Learn how to run a local AI pentest workflow from scope to report across authorized web, API, host, and network testing.

Read next ->