Project Glasgow the border IA that finds vulnerabilities to defend critical infrastructure

The artificial intelligence company Anthropic has launched a cybersecurity initiative called Project Glasgow, which seeks to take advantage of advanced capabilities of its new border model, Claude Mythos, to discover and correct critical software failures. Instead of launching this version to the general public, the company has chosen to work with a limited group of organizations - including large cloud suppliers, software manufacturers and financial institutions - to apply the tool in the protection of essential infrastructure.

As reported by the company itself, Claude Mythos in his preliminary version demonstrated a remarkable ability to analyze code, reason about systems and build exploitation sequences that would outweigh most human experts in the search for vulnerabilities. This leap in capacity poses a double reading: on the one hand, it can accelerate the detection and patching of failures before they are exploited; on the other, it introduces the risk of similar techniques falling into malicious hands. Anthropic has argued that this dual dimension - the potential to defend and at the same time to attack - is the main reason why it will not spread the model openly. More about the company's public approach can be found on its corporate blog official.

The company claims that Mythos Preview already identified thousands of high-impact vulnerabilities in major operating systems and browsers, including historical failures that had not been on open source projects for years. In practice, detecting failures that have remained latent for decades shows two things: on the one hand, the presence of risks accumulated in critical software; on the other, that advances in IA models are reaching an operational capacity that transcends basic assistance tasks and is put into practical fields of exploitation and automated correction. To compare concrete findings and technical background, it is useful to consult the safety pages of projects recognized as OpenBSD or the security section of multimedia projects such as FFmpeg.

Anthropic presents Project Glasgow as an urgent response: before hostile actors incorporate similar techniques, the idea is to use those same tools to strengthen defenses. The plan includes working with top-level companies and organizations, as well as allocating model-use credits and donations to open-source security initiatives. It is a commitment to turn a risky technological capacity into a defensive lever coordinated with industry, a strategy that recalls public-private collaboration efforts in cybersecurity.

Public discussion, however, cannot be separated from recent episodes that call into question Anthropic's own operational resilience. Before the announcement, accidental filtrations of documentation and code were produced: preliminary materials on Mythos were mistakenly made available, and thousands of source-code files associated with Claude Code were then displayed for a few hours. These incidents illustrate that even when an organization decides to restrict access to sensitive technologies, human errors or failures in internal processes can cause problematic divulgences.

The incident with Claude Code also revealed a specific security problem in the behavior of the agent who runs commands on developer machines. An external security report noted that, for performance reasons, the system stopped applying certain denial rules when a command contained more than 50 subcommands. In practice, a protection set up to block a dangerous instruction could be avoided if such an instruction was introduced along with a long list of apparently harmless sentences. It is a clear example of the tension between performance, cost and safety: sacrificing comprehensive checks by speed can open shortcuts that the attackers exploit. To contextualize these types of vulnerabilities and their impact on software ecosystems, it is appropriate to review resources such as the database of vulnerabilities of the CVE or publications of organisations investigating safety in artificial intelligence.

The situation raises ethical and regulatory questions with practical implications. Who decides which models can be used to evaluate critical infrastructure and under what conditions? How can the need for security transparency be compatible with the danger of disseminating methods that could be reused by attackers? In the case of Anthropic, the response has been to limit access, establish collaborative agreements with key actors and finance work in the open security community. These measures are in line with the idea that the governance of border technologies should include both technical controls and channels of cooperation between companies, open source projects and governments.

But operational constraints do not replace the need for independent audits, clear policy frameworks and design safety practices. Models that reason over code and build exploits autonomously require more robust security controls, from third-party penetration tests to internal policies that prevent accidental exposure of sensitive information. In addition, the technical community and policy makers must discuss how to balance innovation with safeguards: donating resources and credits to open-source security projects can help, but it does not in itself resolve the broader issue of governance and accountability.

Another aspect to consider is the speed at which these capabilities emerge from general improvements in code writing and automatic reasoning, rather than from training specifically aimed at exploiting failures. This means that models that become significantly more competent in programming may have unintended consequences in safety areas. The challenge for companies developing IA is to anticipate and mitigate these side effects without stopping useful research.

Ultimately, the case of Project Glasgow and Claude Mythos highlights a practical lesson: the era in which cybersecurity faced only human errors or software defects is changing. Automated tools now appear with the capacity to find, exploit and, crucially, help correct vulnerabilities on a scale that requires coordinated responses. For information on the media coverage and analysis of these events in specialized media, see the technology section of information agencies. Reuters or the monitoring of major projects and foundations on pages such as the Linux Foundation which are often involved in collaborative security initiatives.

The combination of responsible transparency, external audit, investment in the security community and clear rules for the use of powerful models today seems the most prudent way. Meanwhile, the ecosystem must learn to live with tools that are both a hope to defend critical systems and a warning about the power of automation when not accompanied by adequate controls.