Anthropic expands Project Glasswing as Claude Mythos Preview targets critical cybersecurity

Anthropic expands Project Glasswing as Claude Mythos Preview moves deeper into critical cybersecurity

Image credit: Anthropic, “Expanding Project Glasswing.” The source image is JPG, not SVG. Image source: Anthropic.

Quick summary

Anthropic is expanding Project Glasswing, a controlled-access program that lets selected organizations use Claude Mythos Preview to find software vulnerabilities. According to Anthropic’s official announcement, the program is adding about 150 new organizations after starting with roughly 50 initial partners. Reuters also reported the expansion, noting that the wider group will bring access to about 200 partners across more than 15 countries and several critical sectors, including power, water, healthcare, communications and hardware.

This is not just another chatbot update. It is a sign that major AI providers are moving beyond general-purpose assistants and into specialized, high-impact models. Claude Mythos Preview is being positioned as a powerful cybersecurity model, but Anthropic has not released it broadly because the same capability that helps defenders find vulnerabilities could also help attackers if deployed without strong safeguards.

What happened

Anthropic launched Project Glasswing in April 2026 as a collaborative effort to secure critical software before more capable AI systems can be used against it. In its latest update, the company said the initial partners had already used Claude Mythos Preview to identify more than 10,000 high- or critical-severity software vulnerabilities.

Reuters reported that Project Glasswing is expanding from about 50 organizations to roughly 200. Anthropic said the new partners must meet security requirements before receiving access to Claude Mythos Preview. The company also said it worked with the U.S. government, existing Glasswing partners and the broader security industry on the rollout.

The new group is not limited to ordinary software teams. Anthropic said the expansion covers organizations in sectors that are systemically important, including power, water, healthcare, communications and hardware. The company estimated that a major attack on some partner organizations could affect more than 100 million people.

What is Claude Mythos Preview?

Claude Mythos Preview is a specialized AI model for cybersecurity work, especially vulnerability discovery. Unlike general-purpose chatbots built for writing, answering questions or assisting with everyday coding tasks, Mythos Preview is described as a model that can analyze code, find serious bugs, assist with patch writing and support defensive testing.

In an earlier Project Glasswing update, Anthropic said partners had found more than 10,000 high- or critical-severity vulnerabilities. In open-source scanning, Anthropic said Mythos Preview identified 23,019 vulnerabilities across severity levels, including 6,202 that the model rated as high or critical. A subset of those findings was later reviewed by independent security research firms or Anthropic itself, with the company reporting a high validation rate for the reviewed findings.

That explains why the model remains under controlled access. A system that can find vulnerabilities quickly is valuable for defenders, but the same capability could also be misused to discover attack paths if it were released without limits.

Why this news matters

This update matters because it shows how the AI model race is becoming more specialized. Until recently, providers such as OpenAI, Google, Anthropic, Microsoft and Meta were mostly discussed in terms of chatbots, large language models, image generation, coding assistants and office-productivity tools. Claude Mythos Preview points to a more sensitive category: models that can directly affect the security of digital infrastructure.

For enterprises, the news cuts both ways. On the positive side, AI could make vulnerability discovery faster and cheaper. Security teams with limited resources may be able to scan code, prioritize serious bugs and draft patches more efficiently. If used properly, that could harden critical systems before attackers reach them.

The risk is that the current software-security ecosystem may not be ready for the volume of AI-generated findings. Anthropic itself says the bottleneck is no longer only finding bugs. The harder problem is verifying results, disclosing vulnerabilities responsibly, writing patches and deploying those patches to real users.

Impact for developers and security teams

For developers, the clearest message is that patch cycles need to get shorter. If Mythos-class models can find software flaws faster, projects cannot rely on slow dependency updates, occasional audits or reactive patching after incidents. Security checks need to move earlier into the software-development pipeline.

For security teams, AI is becoming a new defensive layer. Tasks such as code review, bug pattern detection, risk prioritization, report drafting and patch suggestion can increasingly be assisted by models. However, human review remains essential. AI findings need verification, especially for severe vulnerabilities, because inaccurate reports or missing context can waste time and create a false sense of safety.

For companies that depend on open-source software, the biggest practical issue is exposure. If many new vulnerabilities are discovered across foundational libraries at once, organizations need better SBOM management, dependency monitoring, update automation and patch-deployment discipline.

Market context: AI models are no longer just for chat

Project Glasswing also shows how Anthropic is positioning itself against OpenAI, Google, Microsoft, Meta and other AI providers. Instead of focusing only on consumer-facing chatbots, Anthropic is leaning into enterprise adoption, safety, security and controlled deployment of high-capability models.

Reuters framed the expansion in the context of Anthropic’s confidential IPO filing, which suggests growing investor and enterprise interest in specialized AI systems. The more important product signal is that Mythos Preview is not being marketed as a mass-market tool. It is being distributed through a controlled-access program aimed at selected organizations with important security responsibilities.

That approach reflects the dual-use nature of cybersecurity AI. The same model capability can help defend systems or attack them. Anthropic’s strategy is to widen access gradually while requiring safeguards and security standards.

Verified facts

The following points are confirmed by Anthropic’s official posts and Reuters reporting:

• Project Glasswing is expanding from roughly 50 initial partners by adding about 150 new organizations, bringing the program to around 200 partners.
• The new partners span more than 15 countries and include organizations in critical infrastructure sectors.
• Claude Mythos Preview has been used to identify more than 10,000 high- or critical-severity software vulnerabilities in the early stage of the program.
• Anthropic has not broadly released Mythos-class models because it says stronger safeguards are needed to prevent misuse.
• Anthropic is also building defensive tools such as Claude Security to help enterprise customers scan codebases and generate proposed fixes.

What remains unclear

Anthropic has not published the full list of new Project Glasswing partners. It also has not given a precise public-release date for Mythos-class models. The expansion should therefore not be interpreted as a general public launch of Claude Mythos Preview.

Another open question is how quickly discovered vulnerabilities will be patched and deployed. Finding a vulnerability is not the same as fixing it for end users. Anthropic says verification, disclosure and patch deployment are now the major bottlenecks.

Conclusion

Anthropic’s Project Glasswing expansion is a strong signal that specialized AI models are entering higher-risk domains beyond ordinary chat and productivity. Claude Mythos Preview may help defenders find vulnerabilities faster, but it also raises difficult questions about access control, responsible disclosure and patching capacity.

For a general reader, the story is simple: Anthropic is testing a powerful AI security assistant with selected critical organizations. For developers and enterprises, the practical lesson is that software-security workflows need to become faster, more systematic and more automated, because the era of AI-accelerated vulnerability discovery has already begun.

Sources

1. Reuters — Anthropic Mythos access to quadruple to about 200 Glasswing partners
2. Anthropic — Expanding Project Glasswing
3. Anthropic — Project Glasswing: An initial update
4. Claude by Anthropic — Claude Security
5. Image source — Anthropic Project Glasswing image