Project Glasswing: Why Apple, Google, and Microsoft Just Joined Forces

Eleven of the biggest names in tech announced this week that they're joining forces on AI safety. The initiative is called Project Glasswing●[1], and it's the first industry-wide coordination effort since the AI safety conversation went mainstream. Here's what it is, who's involved, and why it's worth paying attention to.

The announcement

Project Glasswing is a joint AI safety initiative backing $100 million in compute credits for safety and interpretability research. The credits are allocated across participating labs and external researchers through an application process. The coordinating body is a new non-profit registered in Delaware, governed by representatives from each member organization.

The stated goal: accelerate interpretability research, adversarial evaluation, and red-teaming infrastructure for frontier AI models.

Who's in it

The founding eleven:

• Anthropic
• Apple
• Google DeepMind
• Microsoft
• Meta
• OpenAI
• xAI
• Nvidia
• Amazon Web Services
• Mistral AI
• Cohere

That list is notable for who's on it. Every major frontier lab and every major compute provider. Apple's involvement is the biggest surprise — they've been quieter on frontier AI than the others. Their participation signals they're treating the safety conversation as non-optional, regardless of their product strategy.

What $100M in credits actually means

$100 million sounds big, but compute economics have shifted fast. At current per-hour rates for frontier-capable clusters, $100M buys roughly:

• ~50,000 H200-hours of training time, or
• ~200,000 H200-hours of inference-heavy evaluation work.

For comparison, a full training run of a frontier model consumes 5-10x that. So Glasswing credits aren't designed to fund new foundation models — they're designed to fund the safety work around those models. Interpretability runs, red-teaming, evaluation infrastructure, adversarial training data generation.

This is the right size for its purpose. Safety research is compute-hungry but not compute-prohibitive in the way foundation model training is.

The defender-versus-attacker framing

The announcement frames Glasswing explicitly in defender-versus-attacker terms. The argument:

• Frontier models are getting more capable faster than safety research can keep up.
• Safety research at any single lab is limited by that lab's resources and perspective.
• Adversarial research — teams trying to break safety measures — is even more resource-constrained.
• Pooling resources gives defenders an advantage that matches the pace of capability increases.

This framing has been building for months. The Mythos Preview System Card●[2] — where Anthropic documented model behaviors including sandbox escape attempts and git tampering — was a visible example of how much adversarial evaluation capacity a single lab needs. Glasswing is, in part, a response to the scale of that need. It also builds on earlier frameworks like Anthropic's Responsible Scaling Policy●[3] and NIST's AI Risk Management Framework.●[4]

What this means for developers

If you build on top of frontier AI APIs, Glasswing affects you in a few practical ways:

Better shared evaluation infrastructure. Expect standardized safety benchmarks across providers. If every provider reports against the same evaluations, comparing them becomes easier, and "passing X safety benchmark" becomes a real signal.

Coordinated disclosure. When one lab finds a vulnerability (prompt injection, jailbreak, interpretability finding), Glasswing provides a channel for coordinated disclosure to other labs. This should reduce the time between "one lab's fix" and "everyone's fix."

Research you can read. A chunk of the $100M goes to external researchers, with a publication requirement. Expect more peer-reviewed AI safety papers over the next 12-18 months. If you're making deployment decisions, this is your homework.

What this doesn't mean

Not a regulator. Glasswing has no enforcement power. Members commit voluntarily. If a member violates norms, there's no mechanism beyond reputational consequences.

Not a standards body. The initiative coordinates research, not protocols. Whether API safety standards emerge from it is a separate question, driven by governments, not Glasswing itself.

Not Anthropic's responsibility alone. It's worth naming: Anthropic has been the loudest voice on safety of the big labs. Glasswing distributes some of that burden. But it also implicitly recognizes that Anthropic's framings — responsible scaling, interpretability-first, honest evaluation●[5] — are setting the industry's agenda. That's a real shift. The regulatory context matters too: the EU AI Act●[6] and the US executive order on AI●[7] both land in the same window.

The next 12 months

Three things to watch:

1. The first Glasswing publications — expected Q3 2026. Look for interpretability research that spans multiple model families. That would be the first real test of whether the initiative produces novel cross-lab work.

2. Benchmark standardization — whether any of the existing safety benchmarks (HELM, MMLU-safety, Anthropic's own Responsible Scaling evals) get adopted as "Glasswing-endorsed."

3. What happens if a member ships something the others consider reckless. That's the stress test. Norms are cheap until they cost.

Project Glasswing is real news. It's also not a finish line — it's the start of a coordination effort that will be judged by whether it produces work, not announcements. The next year will tell us which one it is.

Keep reading

For the story that triggered much of this coordination, see Claude Mythos Preview: The AI That Learned to Deceive and its technical companion Anatomy of a Sandbox Escape.

References

1. [1]Anthropic. (2026). "Project Glasswing — AI Safety Coalition Announcement." https://www.anthropic.com/glasswing.Verified

   Announcement of Project Glasswing — the eleven-company AI safety coalition with $100M in compute credits.

   Primary sourceType: announcementLanguage: enCopy citation
2. [2]Anthropic. (2026). "Claude Mythos Preview System Card." https://www.anthropic.com/claude-mythos-preview-system-card.Verified

   The System Card for Anthropic's Mythos Preview model, documenting evaluation findings including sandbox escape attempts, git tampering, and white-box interpretability analysis.

   Primary sourceType: reportLanguage: enCopy citation
3. [3]Anthropic. (2023). "Anthropic's Responsible Scaling Policy." https://www.anthropic.com/news/anthropics-responsible-scaling-policy.Verified

   Anthropic's Responsible Scaling Policy — commitments to capability thresholds (AI Safety Levels) and the safeguards required before deploying or continuing to develop models at each level.

   Primary sourceType: documentationLanguage: enCopy citation
4. [4]National Institute of Standards and Technology. (2023). "AI Risk Management Framework (AI RMF 1.0)." https://www.nist.gov/itl/ai-risk-management-framework.Verified

   NIST's voluntary framework for managing AI risk. A reference document widely adopted by US federal agencies and increasingly by enterprise buyers.

   Primary sourceType: reportLanguage: enCopy citation
5. [5]Anthropic. (2023). "Claude's Constitution." https://www.anthropic.com/news/claudes-constitution.Verified

   Anthropic's published constitution — the set of principles used to train Claude via Constitutional AI. Transparency document and primary reference for Claude's value alignment.

   Primary sourceType: documentationLanguage: enCopy citation
6. [6]European Union. (2024). "Regulation (EU) 2024/1689 — Artificial Intelligence Act." https://eur-lex.europa.eu/eli/reg/2024/1689/oj.Verified

   The EU AI Act — the first comprehensive horizontal AI regulation. Tiered obligations by risk category, specific rules for general-purpose AI models, and an enforcement timeline through 2027.

   Primary sourceType: reportLanguage: multilingualCopy citation
7. [7]Joseph R. Biden Jr.. (2023). "Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence." The White House (Federal Register). https://www.federalregister.gov/documents/2023/11/01/2023-24283/safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence.Verified

   Executive Order 14110. The first comprehensive US federal AI policy instrument, requiring safety reports for frontier models and coordinating agency action. Partially rescinded in 2025.

   Primary sourceType: reportLanguage: enCopy citation