Rafter Is Glasswing for the Rest of Us
Written by the Rafter Team
On April 7, 2026, Anthropic announced Project Glasswing — a $100 million cybersecurity initiative built around Claude Mythos Preview, a frontier model they've described as capable of surpassing all but the most skilled humans at finding and exploiting software vulnerabilities.
The results are striking. In early testing, Mythos identified thousands of high-severity zero-day vulnerabilities across every major operating system and browser. It found a 27-year-old bug in OpenBSD. It can chain multiple vulnerabilities together into sophisticated exploit sequences. Anthropic considers the model too dangerous to release publicly.
The partner consortium includes Amazon, Apple, Microsoft, Google, CrowdStrike, Palo Alto Networks, Cisco, the Linux Foundation, and roughly 40 additional organizations. Access is restricted. Anthropic has said they do not plan to make Mythos Preview generally available, though that position may soften in the coming weeks or months.
This post is not a critique of Glasswing. Finding and patching zero-day vulnerabilities in foundational software before attackers do is a genuine public good, and the restricted access model is a defensible decision given the dual-use nature of the capabilities. This post is about the gap Glasswing leaves open.
What Glasswing Does
Glasswing is a vulnerability research program for critical infrastructure — the operating systems, browsers, and foundational libraries that everything else depends on. It's focused on deep, zero-day discovery: bugs that have persisted for years or decades despite extensive prior review.
This might be a phase change in vulnerability research, not just more throughput. Mythos is presumably smarter than what came before, too — but the more interesting observation is that exploitable bugs often aren't discrete findings. They're compositions of smaller issues that only become dangerous when chained, and the combinatorial space is too large for any individual researcher to walk through by hand. The hypothesis is that a model that can hold more potential chains in its head at once finds combinations nobody would get around to considering.
The 27-year-old OpenBSD bug is the signal here. OpenBSD is among the most heavily audited codebases in the world, with a security culture built around catching exactly this kind of thing. What survived decades of manual scrutiny wasn't necessarily waiting on smarter researchers so much as on ones with more working memory.
The software Glasswing is scanning underpins the entire internet. A vulnerability in OpenBSD, Linux, or Chrome affects billions of devices and millions of applications.
What Glasswing Doesn't Do
Glasswing is not a security product for software teams. It is not available to the public. It does not scan your codebase, your dependencies, or your pull requests.
The vulnerabilities most teams actually ship are not 27-year-old kernel bugs. They are:
- Exposed secrets — API keys, database credentials, and tokens committed to source control
- Dependency vulnerabilities — compromised packages like the axios supply chain attack, or known CVEs in transitive dependency trees
- Application-layer flaws — injection, broken authentication, insecure direct object references, and the rest of the OWASP Top 10
- Insecure AI-generated code — code that looks plausible and passes review but contains subtle security flaws
These are not problems that require a frontier model with restricted access. They require automated scanning that runs on every pull request, catches known vulnerability patterns, and surfaces results before code merges into production.
The Gap
Here's a simple way to think about it:
| Glasswing | Rafter | |
|---|---|---|
| What it scans | Critical infrastructure (OS, browsers, foundational libraries) | Your codebase, dependencies, and secrets |
| Who has access | ~40 partner organizations | Any team with a GitHub, GitLab, or Bitbucket repository |
| What it finds | Zero-day vulnerabilities in foundational software | OWASP Top 10, dependency vulns, exposed secrets, supply chain compromises |
| When it runs | Research initiative | Every pull request, every commit |
| Setup | Part of a $100M restricted initiative | Five-minute integration, zero infrastructure |
Glasswing secures the infrastructure the world runs on. Rafter secures what you're building on top of it.
How Rafter Works
Rafter is built to be simple. You can hand it to your coding agents so they secure the code they're writing, or click a button to get a full security report on your repository. Same scans either way, available to any team with a repo.
Rafter runs three scan types in parallel:
-
Static analysis (SAST) — traces data flows through your source code to find injection, authentication, and cryptography flaws before runtime.
-
Dependency analysis (SCA) — checks your dependency tree against known vulnerability databases and supply chain compromise indicators. This is the scan that would have flagged the
plain-crypto-jsdependency in the axios attack. -
Secrets detection — identifies API keys, tokens, passwords, and credentials in your code before they reach your repository's history.
Results appear as inline PR comments with severity ratings and fix suggestions, or as a single report when you ask for one. No servers to provision, no scanners to update, no infrastructure to maintain. Connect your repository and the platform handles execution, rule updates, and results delivery.
Why This Matters Now
Glasswing is a signal that AI-powered vulnerability discovery has crossed a meaningful threshold. Models that can find and chain zero-days at this level change the economics of both offense and defense.
But the defensive side of security is not only about novel zero-day discovery. For the vast majority of software teams, the highest-impact security improvement is not finding a new class of vulnerability — it's consistently catching the known classes that have been in the OWASP Top 10 for over a decade.
The axios attack compromised millions of downstream projects not through a novel zero-day, but through social engineering and a malicious dependency — the kind of supply chain issue that dependency scanning catches. The Claude Code source leak happened because of a missing line in .npmignore — the kind of oversight that automated checks prevent.
Glasswing addresses the hardest problems in security. Rafter addresses the most common ones. Both matter, but only one of them is something your team can act on today.
Get Started
Rafter integrates with GitHub, GitLab, and Bitbucket. Setup takes under five minutes. Your first scan is free.