Project Glasswing: and what does it mean for DFIR?

On 7 April 2026, Anthropic announced Project Glasswing, a coordinated industry initiative built around a single, sobering finding: AI models can now autonomously discover critical software vulnerabilities at a scale and speed that no human team can match.

The announcement deserves careful attention from anyone working in digital forensics and incident response. Not because of the model itself, but because of what it signals about the rapidly changing threat environment we all work in.

What is Project Glasswing?

At its core, Project Glasswing is a defence first initiative. Anthropic has assembled AWS, Microsoft, CrowdStrike, Palo Alto Networks, Google, Cisco, and others around early access to Claude Mythos Preview, a frontier model not yet publicly available, with the explicit goal of finding and patching vulnerabilities before attackers can exploit them.

The results from even the preview period are striking. Mythos Preview autonomously identified a 27-year-old vulnerability in OpenBSD, an operating system with a reputation as one of the most security-hardened in existence. It found a 16-year-old flaw in FFmpeg that had survived five million automated test executions without detection. It chained together multiple Linux kernel vulnerabilities to achieve full privilege escalation, entirely without human direction.

These were not edge cases. Mythos Preview achieved 83.1% on CyberGym, Anthropic's cybersecurity vulnerability reproduction benchmark, against 66.6% for their previous best model, Opus 4.6. The capability gap between generations is widening faster and faster.

To understand why that matters, consider the scale of what is being built. GitHub recorded one billion code commits in 2025. That figure is now running at 275 million per week, and it is accelerating as AI tooling makes software development accessible to people who would never previously have written a line of code. The volume of software being produced, and therefore the volume of potential vulnerabilities being introduced, is growing faster than any manual security review process can keep pace with.

The threat landscape implication

The defensive framing of Glasswing is deliberate and important. But the same capabilities that make a model effective at finding vulnerabilities make it dangerous in adversarial hands, and Anthropic is explicit about this tension in the announcement itself.

CrowdStrike's CTO put it plainly: the window between vulnerability discovery and exploitation has collapsed. What previously took months now happens in minutes. That is not a projection about the future. It is a description of the present.

Until now, the most impactful threat groups have operated on repeatable playbooks. Ransomware actors consistently target specific firewall vendors. Phishing campaigns historically forced a trade-off: high volume spray-and-pray attacks, or low volume bespoke lures that required real craft and effort. AI removed that constraint. Threat actors can now run personalised, contextually convincing phishing campaigns at industrial scale. They no longer have to choose. Mythos Preview suggests the same transition may be coming for vulnerability exploitation. If an AI model can autonomously identify novel flaws in critical software, the pipeline from vulnerability discovery to weaponised exploit can be compressed dramatically, and potentially industrialised.

What this means for those of us in forensics

The implicit argument of Glasswing is one that applies equally to the response side: the only sustainable answer to AI-augmented attacks is AI-augmented defence. You cannot scale a human analyst team fast enough to keep pace with what is coming.

This is not a new argument in security circles, but Glasswing gives it a new urgency and a concrete reference point. When a model can autonomously find vulnerabilities that survived decades of human review, the assumption that skilled human investigators, without the right tools, can continue to keep up the pace.

For DFIR practitioners, this has a specific and underappreciated implication. The tradecraft we are trained to investigate, the indicators, the timelines, the behavioural patterns of threat actors, was largely developed in an era of human-paced attacker behaviour. AI-assisted intrusions will look different. The lateral movement will be faster. The persistence mechanisms more novel. The covering of tracks more thorough. Attribution will become harder as AI-generated exploits reduce the stylistic fingerprints that analysts have historically relied upon.

The artefact trail will still exist. But investigators who rely on pattern-matching against known human behaviour are going to find the ground shifting under them.

Incident responders are amazing pattern matchers. When an Akira ransomware incident lands, an experienced investigator knows to prioritise the VPN logs. The playbook is known, the trail is familiar, and that institutional knowledge translates directly into faster containment. But that advantage depends on attackers behaving predictably, targeting known weaknesses in known ways. If threat actors can identify and exploit bespoke vulnerabilities in bespoke software at scale, that pattern-matching advantage collapses. Each incident becomes its own novel investigation. At the same time, the total number of incidents rises. Those two trends together create a compounding problem: more incidents, each harder to investigate, landing simultaneously across a responder's client base. How confident are businesses that their DFIR firm they pay a retainer to respond to their incident when 5 other clients have all had incidents that same week?

The forensic discipline has always faced a resource problem. Experienced DFIR analysts are scarce, expensive, and stretched. The incidents that most need thorough investigation, ransomware, BEC, supply chain compromises, are precisely those where speed of response directly limits the blast radius. Every hour between initial access and containment is an hour of additional exposure.

Automated forensic investigation platforms are not a replacement for that expertise. They are the mechanism by which that expertise scales. The analyst's judgment remains essential; what changes is the volume of groundwork they no longer have to do manually before they can apply it.

What next?

Project Glasswing is framed as a starting point, and Anthropic is candid that no single organisation can address what is coming alone. The $100M in usage credits, the open-source security donations, the government discussions, these reflect a genuine recognition that the defensive infrastructure of the internet needs to catch up rapidly, and that it will require coordinated effort across sectors.

For those of us working in incident response, the practical takeaway is straightforward: the incidents you investigate in two years will be less predictable, and your methodology less repeatable, than they are today. The forensic workflows, tooling, and team structures built for the current threat environment may not be adequate for what follows.

The window to build the right foundations is now, while the pace is still manageable.