About Project Glasswing

Free security tooling for developers, inspired by Anthropic's frontier AI cybersecurity initiative.

Important Disclaimer

This website (Glasswing Security / projectglasswing.net) is an independent project. We are not affiliated with, endorsed by, sponsored by, or in any way officially connected to Anthropic PBC or any of their products and services. "Project Glasswing" and "Claude" are trademarks of Anthropic. We use the name "Glasswing" purely as a reference to Anthropic's publicly announced initiative and do not claim any official relationship.

What is Anthropic's Project Glasswing?

Project Glasswing is an initiative by Anthropic, the AI safety company, to leverage their frontier Claude models for cybersecurity applications. The project is focused on using AI to help find, understand, and remediate software vulnerabilities at scale — capabilities that are traditionally bottlenecked by the availability of expert security engineers.

The project's name is inspired by the glasswing butterfly (Greta oto), whose transparent wings make hidden structures visible — a fitting metaphor for AI-powered visibility into software vulnerabilities.

Anthropic has signaled that Claude Mythos, a specialized cybersecurity model under the Glasswing umbrella, will provide expert-level security analysis capabilities to developers. Learn more about Claude Mythos →

What This Site Is

We built Glasswing Security as a free, independent toolkit of security tools for developers. Our mission: make the kind of security checks that Project Glasswing will eventually automate accessible to every developer, right now, for free.

While we wait for Anthropic's full Glasswing suite to become available, there's no reason your applications should ship with missing security headers, misconfigured JWTs, leaked secrets, or vulnerable dependencies. Our tools take minutes and require no account.

"Security tooling should be accessible to every developer, not locked behind enterprise paywalls or requiring a dedicated security engineer. We believe free, instant tooling raises the baseline for everyone."

Our Tools

Security Headers Checker

Live

Audit any website's HTTP security headers. Get per-header grades and fix recommendations.

JWT Decoder

Live

Decode JWT tokens in real time. Flags alg:none, expired tokens, and missing security claims.

Secret Scanner

Live

Paste code or config files to find accidentally committed API keys, tokens, and secrets.

Dependency Checker

Live

Audit your package.json or requirements.txt for known CVEs and outdated packages.

OWASP Checklist

Live

Interactive OWASP Top 10 checklist. Track your security coverage by category.

AI Code Review

Coming Soon

Submit code for AI-powered security review. Finds injection risks, auth flaws, and insecure patterns.

Browse All Tools →

Our Principles

Always Free

No paywalls, no sign-up gates, no freemium tricks. Security tooling is a public good.

Privacy First

We never store your code, tokens, or URLs. Analysis is ephemeral by design.

Open Standards

All findings map to OWASP, CWE, or CVE so you can verify and go deeper independently.