原文:anthropic.com/glasswing
发布日期:2026 年 4 月 7 日
翻译:AI Insight 编辑部(AI 辅助翻译 + 人工审校)
说明:本页为 Anthropic 官方博客的逐段翻译与解读,灰色区块为原文要点释义,正文为中文翻译。标注「编辑注」的部分为编辑团队补充的背景信息。
发布日期:2026 年 4 月 7 日
翻译:AI Insight 编辑部(AI 辅助翻译 + 人工审校)
说明:本页为 Anthropic 官方博客的逐段翻译与解读,灰色区块为原文要点释义,正文为中文翻译。标注「编辑注」的部分为编辑团队补充的背景信息。
引言:Project Glasswing
Today we're announcing Project Glasswing, a new initiative that brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world's most critical software.
今天我们宣布 Project Glasswing——一项全新计划,汇集了 Amazon Web Services、Anthropic、Apple、Broadcom、Cisco、CrowdStrike、Google、JPMorganChase、Linux Foundation、Microsoft、NVIDIA 和 Palo Alto Networks,共同致力于保护全球最关键的软件安全。
AWS
Apple
Broadcom
Cisco
CrowdStrike
Google
JPMorganChase
Linux Foundation
Microsoft
NVIDIA
Palo Alto Networks
Anthropic
This project grew out of our work with Claude Mythos Preview, a new, unreleased frontier, general-purpose model that has a striking ability to spot vulnerabilities in software and develop exploits for them, surpassing all but the most skilled humans.
这个项目源于我们在 Claude Mythos Preview 上的工作。这是一个尚未发布的前沿通用模型,在发现软件漏洞和开发利用方式方面展现出惊人的能力,超越了除最顶尖安全专家外的所有人类。
Claude Mythos Preview has already identified thousands of high-severity vulnerabilities in every major operating system and every major web browser. The capabilities AI models have today will likely soon become more widely available, potentially reaching bad actors who do not share our commitment to safety.
Claude Mythos Preview 已经在每个主流操作系统和每个主流浏览器中发现了数千个高危漏洞。AI 模型目前具备的能力很可能很快会变得更加普及,可能会落入那些不像我们一样重视安全承诺的恶意行为者手中。
In addition to the twelve launch partners, Anthropic has provided access to more than forty organizations that maintain critical software infrastructure. We've committed $100 million in usage credits for the Mythos Preview model and $4 million in donations to open-source security organizations.
除了 12 家发起合作方外,Anthropic 还向超过 40 家维护关键软件基础设施的组织提供了访问权限。我们承诺为 Mythos Preview 模型提供 1 亿美元的使用额度,并向开源安全组织捐赠 400 万美元。
这可能是 AI 历史上最豪华的合作方阵容。Apple、Google、Microsoft 三家在消费市场互为死敌的公司同时出现在一份联合声明中——网络安全是为数不多能让它们坐到同一张桌子上的事。
AI 时代的网络安全
The software that all of us rely on every day—responsible for running banking systems, storing medical records, linking up logistics networks, keeping power grids functioning—has always contained bugs. Some of those bugs are serious security vulnerabilities that could allow attackers to hijack systems, take down operations, or steal sensitive data.
我们每天依赖的软件——运行银行系统、存储医疗记录、连接物流网络、维持电网运转——一直都存在 bug。其中一些 bug 是严重的安全漏洞,可能让攻击者劫持系统、瘫痪运营或窃取敏感数据。
Global cybercrime costs approximately half a trillion dollars per year. Historically, finding and exploiting security vulnerabilities in software has required rare technical skill. Today's frontier AI models have dramatically reduced the expertise, time, and cost required to find and exploit these vulnerabilities.
全球网络犯罪每年造成约五千亿美元的损失。历史上,发现和利用软件安全漏洞需要稀有的专业技能。如今的前沿 AI 模型已经大幅降低了发现和利用这些漏洞所需的专业知识、时间和成本。
AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities. Ten years after the first DARPA Cyber Grand Challenge, frontier AI models are now becoming competitive with the best humans.
AI 模型的编码能力已经达到了这样一个水平:在发现和利用软件漏洞方面,它们能够超越除最顶尖人类之外的所有人。在 DARPA 网络安全大挑战赛十年后的今天,前沿 AI 模型正在与最优秀的人类安全专家一较高下。
The same capabilities that make AI models dangerous in the wrong hands make them invaluable for finding and fixing flaws in important software, and for producing new software with far fewer security bugs.
让 AI 模型在恶意使用者手中变得危险的同一种能力,也使它们在发现和修复重要软件缺陷方面具有无可替代的价值,并能生产出安全漏洞远少的新软件。
这段话精准概括了 AI 安全的核心悖论:同一个模型既是矛也是盾。Anthropic 的策略是:在恶意行为者获得同等能力之前,先用这个能力修好尽可能多的漏洞。
用 Claude Mythos Preview 发现漏洞
Over the past few weeks, we have used Claude Mythos Preview to identify thousands of zero-day vulnerabilities—flaws that were previously unknown to the software's developers—many of them critical, in every major operating system and every major web browser.
在过去几周里,我们使用 Claude Mythos Preview 发现了数千个零日漏洞——即此前软件开发者完全未知的缺陷——其中许多被评为关键级别,遍布每一个主流操作系统和每一个主流浏览器。
The vulnerabilities it has spotted have in some cases survived decades of human review and millions of automated security tests. The model identified nearly all of these vulnerabilities entirely autonomously, without human steering.
它发现的漏洞在某些情况下经历了数十年的人工审查和数百万次自动化安全测试而未被发现。该模型几乎完全自主地发现了所有这些漏洞,无需人类引导。
三个代表性漏洞发现
OpenBSD · 存在 27 年
A vulnerability in OpenBSD—one of the world's most security-hardened operating systems, commonly used to power firewalls and other critical infrastructure—that had been present for 27 years and could allow a remote crash via connection.
OpenBSD 中的一个漏洞——这是全世界公认最注重安全加固的操作系统之一,通常用于运行防火墙和其他关键基础设施——该漏洞已存在 27 年,可通过远程连接导致系统崩溃。
FFmpeg · 存在 16 年
A 16-year-old flaw in FFmpeg, a core video encoding/decoding library. The specific line of code containing the bug had been contacted by automated testing tools approximately five million times without detection.
FFmpeg 中一个存在 16 年的漏洞——FFmpeg 是一个核心的音视频编解码库。包含该 bug 的那行代码被自动化测试工具执行了大约五百万次,从未被检测出来。
Linux 内核 · 漏洞链式利用
Multiple vulnerabilities chained together in the Linux kernel, enabling escalation from ordinary user access to complete machine control.
Linux 内核中多个漏洞被链式利用,实现从普通用户权限到完全控制整台机器的权限提升。
All vulnerabilities mentioned above have been patched by their maintainers. For many additional vulnerabilities, we have released cryptographic hashes and intend to disclose full details once patches are deployed.
上述所有漏洞均已由维护者修复。对于更多尚未修复的漏洞,我们已发布加密哈希,并计划在补丁部署后公开完整细节。
据 Twitter 用户 @JoshKale 测算,发现那个 OpenBSD 27 年漏洞的 API 成本仅约 50 美元。人类安全团队花了几十年未能发现的漏洞,AI 用 50 美元在几分钟内找到了。
性能基准:Mythos vs Opus 4.6
Mythos Preview's cybersecurity capabilities are rooted in its sophisticated agentic coding and reasoning abilities. The model achieves the highest scores of any model we have developed across multiple software engineering benchmarks.
Mythos Preview 的网络安全能力根植于其精密的智能体编程和推理能力。该模型在多项软件工程基准测试中取得了我们所开发的任何模型中的最高分。
| 基准测试 | Mythos Preview | Opus 4.6 | |
|---|---|---|---|
| CyberGym 漏洞复现 | 83.1% | 66.6% | +16.5 |
| SWE-bench Verified | 93.9% | 80.8% | +13.1 |
| SWE-bench Pro | 77.8% | 53.4% | +24.4 |
| SWE-bench Multimodal | 59.0% | 27.1% | +31.9 |
| SWE-bench Multilingual | 87.3% | 77.8% | +9.5 |
| Terminal-Bench 2.0 | 82.0% | 65.4% | +16.6 |
| GPQA Diamond | 94.6% | 91.3% | +3.3 |
| HLE (w/o tools) | 56.8% | 40.0% | +16.8 |
| HLE (w/ tools) | 64.7% | 53.1% | +11.6 |
| BrowseComp | 86.9% | 83.7% | +3.2 (1/5 tokens) |
| OSWorld-Verified | 79.6% | 72.7% | +6.9 |
System Card 中还有更多数据:USAMO 2026 数学证明 97.6%(Opus 4.6: 42.3%)——从四成到接近满分,@dotey 评价"这个跳跃幅度在最近几年的模型迭代里几乎没见过"。Cybench CTF 100% 全解。Firefox JS 引擎漏洞发现 181 个(Opus 4.6: 2 个)——90 倍差距。
Project Glasswing 计划
Project Glasswing partners will receive Mythos Preview access to identify and address vulnerabilities in foundational infrastructure. Anticipated focus areas include local vulnerability detection, black-box assessment of compiled binaries, endpoint security, and system penetration assessment.
Glasswing 的合作方将获得 Mythos Preview 的访问权限,用于识别和修复基础设施中的漏洞。重点关注领域包括本地漏洞检测、编译二进制文件的黑盒评估、端点安全和系统渗透测试。
Anthropic's commitment of $100 million in model usage credits will cover substantial research preview expenses. Following the research phase, Mythos Preview access will be available at $25 per million input tokens / $125 per million output tokens, via Claude API, Amazon Bedrock, Google Cloud's Vertex AI, or Microsoft Foundry.
Anthropic 承诺的 1 亿美元模型使用额度将覆盖大量研究预览费用。研究阶段结束后,Mythos Preview 的访问价格为每百万输入 token 25 美元 / 每百万输出 token 125 美元,可通过 Claude API、Amazon Bedrock、Google Cloud Vertex AI 或 Microsoft Foundry 访问。
Anthropic has contributed $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation, with an additional $1.5 million to the Apache Software Foundation, enabling open-source maintainers to address the evolving security landscape.
Anthropic 通过 Linux Foundation 向 Alpha-Omega 和 OpenSSF 捐赠了 250 万美元,并额外向 Apache Software Foundation 捐赠了 150 万美元,帮助开源维护者应对不断演变的安全形势。
We do not plan to make Mythos Preview generally available. Our goal is to deploy Mythos-class models safely at scale, but first we need safeguards that reliably block their most dangerous outputs. We'll begin testing those safeguards with an upcoming Claude Opus model.
我们不计划向公众开放 Mythos Preview。我们的目标是安全地大规模部署 Mythos 级别的模型,但首先我们需要能够可靠阻断其最危险输出的安全措施。我们将在即将推出的 Claude Opus 模型上开始测试这些安全措施。
NYT 记者 Kevin Roose 指出:这是继 GPT-2 以来,第一次有主要 AI 实验室因安全顾虑而扣住已公布的模型。公开可用模型与私有模型之间可能首次出现显著的能力差距。
合作方声音(节选)
Cisco · Anthony Grieco, SVP & Chief Security & Trust Officer
"AI 能力已经跨过了一个门槛,从根本上改变了保护关键系统的紧迫性。"
AWS · Amy Herzog, VP & CISO
"我们每天分析 4000 亿次网络流量。AI 是我们大规模防御的核心。"
CrowdStrike · Elia Zaitsev, CTO
"从漏洞发现到被利用的时间窗口已经坍缩到分钟级别。我们必须一起更快地行动。"
Linux Foundation · Jim Zemlin, CEO
"开源维护者历史上一直在独自应对安全问题。这改变了一切。"
Google · Heather Adkins, VP of Security Engineering
"行业必须在新兴安全问题上合作。Google 已构建了 Big Sleep、CodeMender 等 AI 安全工具。"
政府合作与长期愿景
Securing critical infrastructure is a top national security priority for democratic countries. The emergence of AI cybersecurity capabilities underscores why the United States and its allies must maintain a decisive lead in AI technology.
保护关键基础设施是民主国家的首要国家安全优先事项。AI 网络安全能力的出现凸显了为什么美国及其盟友必须在 AI 技术上保持决定性领先。
We envision Project Glasswing as a catalyst for broader industry and public-sector initiatives. In the medium term, we believe this work should be housed in an independent, third-party body that brings together private and public-sector organizations.
我们将 Project Glasswing 设想为更广泛的行业和公共部门合作的催化剂。中期来看,我们认为这项工作应由一个独立的第三方机构来承载,汇集私营和公共部门组织。
名字的含义
The project is named after the glasswing butterfly (Greta oto). The butterfly's transparent wings allow it to hide by being visible—a metaphor for vulnerabilities that hide in plain sight. Transparent wings also help the butterfly avoid harm, paralleling the transparency-focused approach of this initiative.
项目以玻璃翼蝶(Greta oto)命名。蝴蝶的透明翅膀让它通过"可见"来"隐藏"——这是对那些藏在众目睽睽之下的漏洞的隐喻。透明的翅膀也帮助蝴蝶避免伤害,呼应了这一计划以透明为核心的方法论。
"Mythos" comes from Ancient Greek, meaning "utterance" or "narrative"—the systems of stories through which civilizations construct understanding.
"Mythos" 源自古希腊语,意为"话语"或"叙事"——文明通过故事体系来构建理解的方式。
参考链接
[1] Anthropic 官方博客 — Project Glasswing
[2] Claude Mythos Preview System Card — anthropic.com/research/mythos-system-card
[3] Frontier Red Team 技术博客 — red.anthropic.com
[4] Claude for Open Source 计划 — anthropic.com/claude-for-open-source
[2] Claude Mythos Preview System Card — anthropic.com/research/mythos-system-card
[3] Frontier Red Team 技术博客 — red.anthropic.com
[4] Claude for Open Source 计划 — anthropic.com/claude-for-open-source