Joining Project Glasswing: Securing the Privilege Backbone of the AI Era

Today, BeyondTrust joins Anthropic’s Project Glasswing as part of the program’s expansion to organizations that build or maintain critical software for the world. With this inclusion, BeyondTrust gains access to Claude Mythos Preview, the frontier model that has already helped Glasswing partners surface more than 10,000 high and critical severity software vulnerabilities.

Project Glasswing is designed for organizations whose software plays a foundational role in the operation of critical systems and whose compromise could have significant downstream consequences across industries, economies, and public services.

We believe participation in Project Glasswing aligns directly with BeyondTrust's mission to secure privilege across human, machine, and AI identities. As the identity attack surface expands, protecting the software that governs access to critical systems becomes increasingly important.

Trusted by 20,000 customers in 120 countries worldwide, including 75 of the Fortune 100, BeyondTrust’s privilege-centric identity security platform helps secure access to the systems, applications, and infrastructure organizations rely on every day.

When a bank moves money, when a hospital pulls a patient record, when a government agency issues credentials, when a manufacturer ships product from an OT environment, there is a very good chance that the privilege controls keeping that workflow safe were built by us. That is a privilege, and it is a responsibility.

Identity is the only perimeter that matters. Privilege is the power inside that perimeter. Attackers do not just want access. They want leverage, and privilege is the leverage they are looking for.

Mythos Preview has compressed a timeline that used to favor defenders. Vulnerabilities that escaped human detection for decades have been surfaced in days. The window between discovery and exploitation is now measured in seconds. We have to assume that within 6 to 12 months, similar capabilities will exist outside the safeguards of programs like Project Glasswing. The advantage we have right now is precious, and it is short.

That is why Project Glasswing matters, and why our role inside it matters. We are not joining to add a logo. We are joining to use the most capable AI-driven vulnerability discovery available to make our platform measurably more resilient, and to share what we learn with the security community that depends on us.

Our use of Mythos Preview will be focused on strengthening the security of the software and services our customers rely on every day. Specifically, we will:

• Use Mythos Preview to identify potential vulnerabilities, insecure coding patterns, and previously unknown attack paths across our product portfolio so they can be investigated, validated, and remediated through our existing product security processes.
• Integrate validated findings into our secure development lifecycle and our product security operations, helping our engineering and security teams identify recurring patterns and strengthen coding practices, and ensuring what we learn from Mythos compounds in every release that follows.
• Share appropriate findings and lessons learned back to the Project Glasswing cohort and the broader security community, supporting the collective effort to strengthen critical software infrastructure—because the goal of this program is collective resilience, not individual headlines.

For more than twenty years, BeyondTrust has focused on securing privilege. The identities have changed. The challenge has not. Human administrators were the original privileged identities. Service accounts, API keys, and workload identities followed. AI agents are the newest and fastest growing class, and they are the least governed. The identity type changes. The risk vector does not. It is always privilege.

Inclusion in Project Glasswing reinforces a point we have been making to customers and to the market all year. As the identity attack surface expands, the bar for the companies that defend it has to rise with it. We have to be the first to use the best defensive tools available. We have to be the first to validate our own work. We have to be transparent about what we find. That is what custodians of critical infrastructure do.

Project Glasswing is ultimately bigger than any individual participant. The challenge facing our industry is not simply to build more software or more AI. It is to ensure the systems that underpin critical infrastructure remain resilient.

Programs like Glasswing represent an important step toward that goal. They recognize that the software powering commerce, government, healthcare, and essential services deserves extraordinary scrutiny, and that the organizations responsible for securing it have a responsibility to continuously raise the bar.We are grateful to Anthropic for the rigor behind this program, for the care with which Mythos Preview is being shared, and for the conviction that AI’s earliest, most powerful, and most important early applications should make the world more secure, not less.

We are honored to contribute, and we are ready to get to work.

AI agents are rapidly becoming one of the fastest-growing classes of privileged identities. Explore our latest research on AI agent security, shadow AI, and the evolving identity attack surface.

• The latest AI research from BeyondTrust Phantom Labs™: https://www.beyondtrust.com/channel/phantom-labs
• Closing The Agentic AI Security Gap: Why Identity Protection Must Evolve Now (blog): https://www.beyondtrust.com/blog/entry/closing-the-agentic-ai-security-gap
• Securing Agentic AI Workloads with Visibility and Privileged Control (Blog): https://www.beyondtrust.com/blog/entry/securing-agentic-ai-workloads
• Operationalizing AI Security: How To Govern AI Agent Identities Before Attackers Exploit Them (blog): https://www.beyondtrust.com/blog/entry/how-to-govern-ai-agent-identities
• Preventing Shadow AI Agent and NHI Takeover with Privilege-Centric Security (blog): https://www.beyondtrust.com/blog/entry/preventing-shadow-ai-and-nhi-risk
• AI Identity and Privilege Security Solutions Page: https://www.beyondtrust.com/solutions/ai-security
• Agentic AI Security Posture Management Solutions Page: https://www.beyondtrust.com/solutions/ai-security-posture-management