What Project Glasswing Is and Why It Matters for Critical Infrastructure Security
Project Glasswing is Anthropic’s collaborative critical infrastructure security initiative that combines advanced AI models, cybersecurity training, and developer education programs to help organizations find and fix dangerous software vulnerabilities before they can be exploited. By giving vetted partners access to Claude Mythos Preview, the program focuses on protecting codebases that support essential services and large user populations. The expanded effort now covers roughly 150 organizations across more than 15 countries, many operating in power, water, healthcare, communications, and hardware. In these sectors, a single successful cyberattack against core software could disrupt services for more than 100 million people and carry broader national or global security implications. Glasswing aims to turn AI into a permanent part of the security stack, shifting organizations from reactive incident response toward continuous, AI-supported vulnerability management and resilience building.
From 50 to 150+ Partners: Claude Mythos Deployment at Global Scale
Anthropic has moved Project Glasswing from an initial cohort of around 50 partners to about 150 organizations worldwide, concentrating on systems where failure has outsized impact. Early partners used Claude Mythos Preview to scan codebases at scale and have reported discovering more than 10,000 high- or critical-severity flaws, a figure that underlines both the reach of Mythos and the depth of existing risk. Many new partners are vendors whose software underpins government, corporate, and nonprofit operations far beyond their own boundaries. Anthropic’s controlled Anthropic Claude deployment strategy restricts Mythos-class access to approved institutions that meet specific security requirements, a move intended to prevent misuse while still enabling aggressive defense. As other AI firms prepare models with similar cyber capabilities within six to twelve months, Glasswing doubles as a reference point for how powerful AI security tools can be introduced responsibly.
AI Cybersecurity Training and Developer Education at the Heart of Glasswing
Beyond scanning code, Project Glasswing is structured as a long-term AI cybersecurity training and developer education effort. Partners include developers, software teams, cybersecurity researchers, and education providers teaching AI and cyber skills, all encouraged to share techniques and workflows. By pairing Mythos with documentation, examples, and collaborative forums, Anthropic is turning model access into a practical developer education program focused on secure software development. Participants are using Claude to assist with code review, suggest safer patterns, and support secure design decisions earlier in the lifecycle. This helps organizations build internal muscle for critical infrastructure security, rather than relying only on external audits. As AI becomes a permanent security backbone, the program shows how upskilling developers in AI-assisted defenses can narrow talent gaps, spread better practices across supply chains, and embed security thinking into everyday coding work.
From Finding Bugs to Fixing Them: Patching as the New Bottleneck
Glasswing’s first phase has shifted the main challenge in many environments from detection to patching. With Claude Mythos capable of surfacing thousands of vulnerabilities, organizations now need reliable ways to triage, verify, disclose, and deploy fixes at scale. Some partners have already begun using Mythos to draft patches and run pre-release checks aimed at preventing new vulnerabilities from entering production. Anthropic has also released Claude Security, which uses its latest public models, such as Claude Opus 4.8, to scan codebases and propose patches for trusted teams. According to Anthropic, the new bottleneck is no longer finding flaws but "verifying, disclosing, fixing, and deploying patched software" fast enough to keep up with AI-driven discovery. The company is in discussions with third parties on scaling open-source patching and improving how vulnerability reports are delivered to maintainers.
AI Governance, Self-Regulation, and the Future of AI-Powered Defense
The expansion of Project Glasswing is also a governance experiment. Anthropic expects many other AI companies to reach Mythos-class capabilities within six to twelve months, raising the stakes for how such tools are released. By limiting access to vetted partners and pairing AI deployment with clear safeguards, Anthropic is trying to set norms before less restricted models appear. Rival firms may choose different strategies, forcing enterprises to balance innovation against exposure when choosing AI security tools. Glasswing signals to regulators that the industry is attempting self-regulation in AI-powered cybersecurity rather than waiting for mandates. It also underlines a strategic shift: AI is becoming integral to global security infrastructure, and cybersecurity budgets and policies will increasingly revolve around AI adoption, developer readiness, and the ability to coordinate standards for detecting and patching vulnerabilities across critical infrastructure systems.
