ChannelLife US - Industry insider news for technology resellers
United States
HackerOne joins Anthropic cyber defence AI programme

HackerOne joins Anthropic cyber defence AI programme

Fri, 10th Jul 2026
Sofiah Nichole Salivio
SOFIAH NICHOLE SALIVIO News Editor

HackerOne has joined Project Glasswing, Anthropic's controlled-access programme for Claude Mythos 5, placing the cyber security company among a small group testing frontier AI for cyber defence.

Under the arrangement, HackerOne will use Claude Mythos 5 on its own infrastructure and products while measuring how the model performs across the continuous threat exposure management workflow. The work includes confirming whether vulnerabilities are exploitable with supporting evidence, ranking findings by business impact, and producing fixes developers can use within engineering workflows.

The scope is limited to improving the security of HackerOne's own systems and offerings. The model is not being used on customer programmes or for external-facing agentic uses.

Project Glasswing is Anthropic's controlled-access initiative for testing how advanced AI models can be used in practical cyber security settings. HackerOne plans to share lessons from the work with the wider security community as it assesses how AI can be applied beyond vulnerability discovery to validation, prioritisation, and remediation.

That focus reflects a broader shift in cyber security as companies examine whether large language models can do more than identify weaknesses. Security teams are increasingly asking whether AI tools can help determine which findings are most urgent, reduce false positives, and shorten the path from detection to repair.

HackerOne is best known for its bug bounty and vulnerability disclosure work, but it has also been expanding its position in continuous threat exposure management. In that field, companies seek to maintain an ongoing view of weaknesses across assets, assess which exposures matter most, and coordinate responses across technical and business teams.

Broader use

The programme gives HackerOne a defined environment in which to test an advanced model across several stages of that process. Rather than limiting the experiment to identifying potential flaws, it will examine how the model handles evidence-based exploitability checks and remediation tasks that fit into software development processes.

Kara Sprague, Chief Executive Officer of HackerOne, set out the company's reasoning for joining the initiative.

"Attackers are already using frontier AI to find and weaponise vulnerabilities faster than defenders can respond. The only viable answer is for defenders to operate on better models, faster. HackerOne's mission is to empower the world to build a safer internet. Anthropic's is safer software at scale. Same goal, different vantage point. Project Glasswing lets us put the most capable model available to work on our infrastructure and share what we learn across the full CTEM workflow," Sprague said.

HackerOne's product leadership also framed the effort as part of a broader attempt to test whether AI can support security work across the full cycle from discovery to remediation.

"Building more resilient software requires continuous innovation in how we identify, understand, and remediate risk," said Nidhi Aggarwal, Chief Product Officer of HackerOne. "We are excited to use Claude Mythos to strengthen the security of our internal systems, explore how frontier AI can strengthen every stage of the CTEM workflow from discovery to remediation, and contribute insights that help the security industry move toward continuous cyber defense."

Controlled scope

The restriction to internal infrastructure is notable at a time when many security companies are weighing how quickly to place generative AI into customer-facing products. By keeping the work within its own environment, HackerOne is limiting the immediate operational scope while still testing how the model performs in live defensive settings.

That approach may also help address a central question around AI in cyber security: whether these systems can reliably support operational decisions that affect remediation priorities and engineering effort. For defenders, the value of any model will depend not only on what it finds, but also on whether it can provide evidence, identify business relevance, and produce outputs teams can act on without creating more review work.

Anthropic's programme appears designed to gather that kind of practical feedback from a small number of organisations operating in real environments. For HackerOne, it also offers a way to compare an advanced model's performance with established human-led and platform-based exposure management practices.

HackerOne intends to share what it learns with the broader security community as it evaluates the use of frontier AI across the CTEM workflow.