What Claude Mythos and Project Glasswing Are Changing
Claude Mythos is Anthropic’s security-focused AI model family that performs large‑scale software vulnerability detection, scanning complex codebases to identify high‑severity flaws that could disrupt critical infrastructure or threaten national security. Through Project Glasswing, Anthropic gives vetted organizations secure access to a Claude Mythos Preview variant that it says already surpasses most human experts at finding and exploiting software vulnerabilities. The initiative began with around 50 partners and has now grown to roughly 200 organizations in total, spanning more than 15 countries and multiple high‑risk sectors. Participants point Mythos at their codebases to uncover hidden weaknesses before attackers can exploit them. Anthropic positions this as both a defensive shield and a way to rewrite assumptions about how cybersecurity teams work, moving from manual, sample‑based reviews to continuous AI‑driven inspection of vast, interconnected software stacks.
Project Glasswing Expansion: 150 New Partners, 10,000+ Severe Flaws
Anthropic’s Project Glasswing expansion adds about 150 organizations to its original cohort, giving them controlled access to Claude Mythos Preview for enterprise‑scale software vulnerability detection. The new group operates across more than 15 countries and fills gaps from the first wave by bringing in providers in power, water, healthcare, communications, and hardware infrastructure—areas where a single compromise can ripple through essential services. Early Glasswing partners report that Mythos has already surfaced over 10,000 high‑ or critical‑severity vulnerabilities across their codebases, and Anthropic says the model has found thousands of serious issues in every major operating system and web browser in use today. In its announcement, Anthropic warned that “for most partners, we estimate that a major attack could affect more than 100 million people, with important ramifications for both global and national security,” underscoring why access is tightly controlled.
AI Cybersecurity Tools and a New Defensive Mindset
The Glasswing expansion signals a broader shift in how organizations think about AI cybersecurity tools. Instead of using general‑purpose models to write or review code, participants are starting to treat Mythos‑class systems as core infrastructure for critical software vulnerability detection. Anthropic argues that frontier models have reached a coding capability where they can outperform all but the most skilled human security researchers at finding and exploiting flaws. That raises the stakes: the same talent that attackers might use now powers defensive scanning across sprawling, legacy codebases that rarely received such scrutiny. By restricting Claude Mythos to vetted partners and pairing access with strong security requirements, Anthropic is trying to demonstrate that frontier cyber capabilities can be deployed defensively without accelerating offensive misuse, setting expectations for how advanced code‑analysis models should be managed as they spread.
Banks, Regulators and Tech Giants in a Cyber Arms Race
As Mythos Preview rolls out to more Glasswing partners, competitors are racing to build comparable AI cybersecurity tools. Microsoft has introduced its MAI model family spanning reasoning and coding, positioning itself closer to Anthropic and other model providers in enterprise security infrastructure. Under a revised, non‑exclusive agreement with OpenAI, Microsoft is also free to develop independent frontier systems, adding fuel to the competitive fire. Meanwhile, access to Mythos is becoming a strategic issue in finance. Some banks in the U.K. and elsewhere have complained they cannot yet use Mythos, prompting regulators to acknowledge that they are exploring alternative frontier models. According to Bank of England Governor Andrew Bailey, banks “don’t have access to Mythos at the moment and that’s an issue that is very important,” but he noted that Mythos is not the only option the sector is considering.
From Vulnerability Detection to Skills, Training and Governance
Glasswing is not only about plugging Mythos into production pipelines; it is also framed as an attempt to build AI skills, cybersecurity education and developer training around frontier tools. Many of the new partners maintain codebases relied on by governments and global supply chains, so Anthropic stresses training secure‑coding practices and helping teams interpret Mythos’s findings rather than treating the model as a black box. At the same time, the expansion sets early norms for governance. Within 6–12 months, other AI firms are expected to release models with similar cyber capabilities, and Anthropic’s cautious, vetted rollout is meant to show regulators that the industry can self‑impose safeguards. The company’s stance implies a new balancing act for critical infrastructure security: organizations want cutting‑edge detection, but they also need assurance that the tools themselves are not widening the attack surface by empowering less constrained actors.
