Industrial cybersecurity firm Dragos has joined Anthropic’s Project Glasswing, applying Claude Mythos Preview to explore its own products for novel vulnerabilities. The work will help protect Dragos software, and equally important, it will inform the vendor’s views on how frontier AI models perform against the kinds of software that run OT environments, insights that it intends to share with the broader security community.
“Most AI-assisted vulnerability discovery has been built and tested against IT systems,” Jon Lavender wrote in a Dragos blog post last week. “The Dragos Platform is built specifically to protect OT environments, which run power grids, water systems, pipelines, manufacturing operations, and data center environments. Vulnerabilities in that software carry a different risk profile over much longer in-service lifecycles. Finding and mitigating them matters in a different way.”
Dragos has run OT vulnerability research and incident response for over a decade. Project Glasswing applies a new tool to that established practice, not a substitute for it.
Dragos will contribute findings to Anthropic’s aggregated program reporting and share what we learn about AI for OT security with the security practitioners working to advance AI-assisted defense across critical infrastructure.
The Dragos announcement follows the expansion of Project Glasswing, an initiative launched by Anthropic in April to strengthen the security of widely used open-source and critical software. After several weeks of collaboration with industry partners, open-source maintainers, and the U.S. government, the program is being extended to approximately 150 additional organizations, all of which must meet defined security requirements before gaining access.
Project Glasswing brings together a coalition of major technology and industry players, including Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
Anthropic said Project Glasswing is intended to help the software industry prepare for a future in which highly capable AI models with advanced cyber capabilities become widely available. The company warned that models comparable to Claude Mythos Preview are likely to emerge across the industry within the next six to 12 months, potentially increasing the scale, speed, and unpredictability of cyberattacks if released without sufficient safeguards.
Anthropic said the initiative aims to encourage new operating norms that reflect this changing threat landscape and help cyber defenders keep pace with rapidly evolving risks.
The company outlined a two-pronged strategy for Project Glasswing: expanding secure access to advanced AI tools and infrastructure for defenders, while shifting focus from vulnerability discovery toward faster disclosure, remediation, and deployment of software patches. Early participants have already begun using Mythos Preview at scale to identify vulnerabilities, share best practices, and coordinate remediation efforts.
Building on those efforts, Anthropic also launched Claude Security to scan codebases and recommend fixes, and is making additional security tools available to trusted teams. Over the longer term, the company said it plans to support development of new standards, initiatives, and shared infrastructure designed for an era of increasingly powerful AI-driven cyber capabilities.
