Expanding Project Glasswing

扩展“玻璃翼”项目 (Project Glasswing)

Project Glasswing is our collaborative effort to secure the world’s most important software. In early April, we announced that roughly 50 initial partners had access to Claude Mythos Preview, and since then, they’ve been deploying the model to scan their codebases for vulnerabilities. We recently described how these partners have so far found more than 10,000 high- or critical-severity security flaws.

“玻璃翼”项目是我们旨在保护全球最重要软件的协作计划。今年 4 月初，我们宣布约 50 家首批合作伙伴已获得 Claude Mythos Preview 的使用权限。自那时起，他们一直在部署该模型以扫描其代码库中的漏洞。我们近期介绍过，这些合作伙伴迄今已发现了超过 10,000 个高危或严重级别的安全漏洞。

We’re now expanding Project Glasswing. Following several weeks of close collaboration with our Project Glasswing partners, the security industry, open-source software maintainers, and the US government, we’re extending the partnership to approximately 150 new organizations. Each one will need to meet our security requirements before they gain access.

我们现在正在扩展“玻璃翼”项目。在与项目合作伙伴、安全行业、开源软件维护者以及美国政府进行了数周的密切合作后，我们将合作伙伴范围扩大至约 150 家新机构。每家机构在获得访问权限前，都必须满足我们的安全要求。

The organizations in this new group are based in more than 15 countries, and most provide critical infrastructure to many more. (In the future, we intend to expand our geographical reach much further.) The group covers several industries that weren’t well represented in our initial cohort, such as power, water, healthcare, communications, and hardware. And many of the new partners are vendors—companies or nonprofits that maintain codebases that are relied upon by lots of other organizations around the world, including governments.

这一新加入的机构群体分布在 15 个以上的国家，其中大多数为更多国家提供关键基础设施。（未来，我们计划进一步扩大地理覆盖范围。）该群体涵盖了首批成员中代表性不足的多个行业，例如电力、水务、医疗保健、通信和硬件。此外，许多新合作伙伴是供应商——即那些维护着全球众多机构（包括政府部门）所依赖的代码库的公司或非营利组织。

What each partner has in common is that a successful attack on their codebase could be catastrophic. For most partners, we estimate that a major attack could affect more than 100 million people, with important ramifications for both global and national security.

这些合作伙伴的共同点在于，一旦其代码库遭受成功攻击，后果将是灾难性的。对于大多数合作伙伴，我们估计一次重大攻击可能会影响超过 1 亿人，并对全球和国家安全产生重大影响。

This expansion is the next step toward our long-term goals: for AI to make all software more secure, and for us to help the industry adjust to how AI could change many of the core assumptions of cybersecurity.

此次扩展是我们实现长期目标的下一步：让 AI 使所有软件变得更安全，并帮助行业适应 AI 如何改变网络安全核心假设的现状。

The role of Project Glasswing

“玻璃翼”项目的作用

Project Glasswing and the capabilities of Claude Mythos Preview have sparked broad conversations—both within the software industry and with governments—about how AI is changing cybersecurity. These conversations have informed how we’ve expanded the program. They’ve also shaped our thinking about the very purpose of Project Glasswing.

“玻璃翼”项目和 Claude Mythos Preview 的能力在软件行业内部及政府层面引发了广泛讨论，探讨 AI 如何改变网络安全。这些讨论为我们扩展该项目提供了参考，也塑造了我们对“玻璃翼”项目核心宗旨的思考。

Cheap, fast AI models with powerful cyber capabilities are around the corner. We want Project Glasswing to spur institutions toward operating norms that reflect this reality.

具备强大网络能力的廉价、快速 AI 模型即将问世。我们希望“玻璃翼”项目能推动各机构建立符合这一现实的运营规范。

Mythos Preview continues a long-term trend that we’ve been warning about for some time: within 6 to 12 months, we expect that many other AI companies will have Mythos-class models, and they could release them without safeguards that prevent misuse. In that world, cyberattacks could occur much more often, and in much more unpredictable forms. It’s imperative that cyberdefenders adapt to maintain pace.

Mythos Preview 延续了我们长期以来一直警示的趋势：预计在 6 到 12 个月内，许多其他 AI 公司也将拥有 Mythos 级别的模型，且他们发布时可能不会配备防止滥用的安全防护措施。在那种环境下，网络攻击可能会更频繁地发生，且形式更加不可预测。网络防御者必须做出调整以保持同步，这一点至关重要。

We see our role as twofold. First, to help the software industry adapt by safely providing wide access to better models, tools, and common infrastructure. Second, to steadily shift the support we provide, from finding vulnerabilities to disclosing, fixing, and deploying patched software. We’ll now discuss each of these in turn.

我们认为自己的角色有二：首先，通过安全地提供对更优模型、工具和通用基础设施的广泛访问，帮助软件行业进行调整；其次，稳步转变我们提供的支持，从发现漏洞转向漏洞披露、修复及补丁部署。下面我们将逐一讨论。

Supporting cyberdefenders

支持网络防御者

So far, companies, nonprofits, maintainers, and researchers have acted quickly. Within the first weeks of Project Glasswing, each member began using Mythos Preview at large scale, sharing information and best practices with other partners, and working with third parties to triage the model’s findings. These organizations’ methods for adapting to new tools can, and should, be replicated widely across the millions of organizations and developers who are vulnerable to cyberattacks.

到目前为止，各公司、非营利组织、维护者和研究人员行动迅速。“玻璃翼”项目启动后的最初几周内，每位成员就开始大规模使用 Mythos Preview，与其他合作伙伴分享信息和最佳实践，并与第三方合作对模型的发现结果进行分类处理。这些机构适应新工具的方法，完全可以也应该在数百万易受网络攻击的机构和开发者中广泛推广。

To support this, we recently released Claude Security, a product that uses our latest public frontier models, like Claude Opus 4.8, to scan codebases and suggest patches. We’re also releasing—on request, to trusted security teams—the tools we developed to help Project Glasswing’s partners find vulnerabilities more quickly.

为支持这一点，我们近期发布了 Claude Security，该产品利用我们最新的公开前沿模型（如 Claude Opus 4.8）来扫描代码库并建议补丁。我们还应受信任安全团队的请求，发布了我们为帮助“玻璃翼”合作伙伴更快发现漏洞而开发的工具。

We intend to go much further: our longer-term aim is to support the industry in creating new initiatives, standards, and infrastructure for the era of powerful cyber models.

我们打算走得更远：我们的长期目标是支持行业创建新的倡议、标准和基础设施，以迎接强大网络模型时代的到来。

Accelerating patching and the rest of security

加速补丁修复及其他安全工作

As we’ve previously discussed, the bottleneck in cybersecurity is now verifying, disclosing, and patching the large numbers of vulnerabilities that Mythos-class models can surface.

正如我们之前讨论过的，当前网络安全的瓶颈在于验证、披露和修复 Mythos 级别模型所能发现的大量漏洞。

Mythos Preview itself can help. Many of Project Glasswing’s partners now use the model to write patches, as well as for pre-release checks that prevent vulnerabilities from appearing in the first place. Models like Mythos Preview can also be used for penetration testing (simulating a cyberattack to identify how vulnerabilities might be exploited), automating threat detection and response, and rebuilding legacy codebases in memory-safe languages, among many other defensive tasks.

Mythos Preview 本身就能提供帮助。许多“玻璃翼”合作伙伴现在使用该模型编写补丁，并进行发布前的检查，从而从源头上防止漏洞出现。像 Mythos Preview 这样的模型还可用于渗透测试（模拟网络攻击以识别漏洞如何被利用）、自动化威胁检测与响应，以及使用内存安全语言重构遗留代码库等多种防御任务。

We’re in discussions with third parties about how we might substantially scale up the reviewing and patching of vulnerabilities in open-source software. We’re also working on sharing ideas and best practices for disclosing vulnerabilities to open-source maintainers, with the intent of making these reports easier to triage and to act upon.

我们正在与第三方讨论如何大幅扩大开源软件漏洞的审查和修复规模。我们也在致力于分享向开源维护者披露漏洞的思路和最佳实践，旨在使这些报告更易于分类处理和采取行动。

The path ahead

未来之路

To address the scale of this coming challenge, hundreds of thousands of organizations, researchers, and maintainers will likely need access to the most advanced cyber capabilities and tools available.

为了应对即将到来的挑战规模，成千上万的机构、研究人员和维护者可能都需要获得最先进的网络能力和工具。

We’re working as quickly as we can to safely release Mythos-level capabilities in general access. To do so, we’ll need highly robust safeguards that prevent the model’s cyber capabilities from being misused—safeguards that we (and, to our knowledge, all other AI developers) have yet to develop. Because cybersecurity has both helpful and destructive uses, making safeguards that are both strong and precise enough is a major challenge.

我们正以最快速度努力，以安全地向公众发布 Mythos 级别的能力。为此，我们需要极其稳健的安全防护措施，以防止模型的网络能力被滥用——而这些防护措施，我们（据我们所知，所有其他 AI 开发商也是如此）尚未开发出来。由于网络安全既有益处也有破坏性用途，制定既强大又精准的防护措施是一项重大挑战。

In the meantime, we plan to expand Project Glasswing even further—prioritizing additional essential infrastructure providers, maintainers of critical open-source software, and safety testers. We intend for future…

在此期间，我们计划进一步扩大“玻璃翼”项目，优先考虑更多的关键基础设施提供商、关键开源软件维护者以及安全测试人员。我们计划在未来……