TL;DR
Anthropic said it is extending Project Glasswing to about 150 new organizations after an initial group used Claude Mythos Preview to find more than 10,000 high- or critical-severity flaws. The confirmed shift is from discovery at scale to the slower work of verification, disclosure, patching and deployment.
Anthropic said it is expanding Project Glasswing to approximately 150 new organizations, widening access to Claude Mythos Preview after roughly 50 initial partners used the cyber-focused AI model to find more than 10,000 high- or critical-severity software flaws.
Anthropic described Project Glasswing as a collaborative effort to secure widely used software. In its June 2 expansion post, the company said each new organization must meet its security requirements before gaining access to the Glasswing tooling. The new cohort is based in more than 15 countries and includes organizations in power, water, healthcare, communications and hardware, along with vendors whose code is used by governments and other organizations.
The company said the expansion follows several weeks of work with partners, the security industry, open-source maintainers and the U.S. government. Anthropic’s account of the program is available at https://www.anthropic.com/news/expanding-project-glasswing, with earlier program details at https://www.anthropic.com/glasswing and https://www.anthropic.com/research/glasswing-initial-update?xs=1.
The company is also shifting the program’s emphasis. Anthropic said the main limit is no longer finding vulnerabilities, but verifying which findings are real, disclosing them safely, writing patches and getting those patches deployed. It said partners are using Mythos Preview not only to scan code, but also to write fixes, run pre-release checks, perform penetration testing and rebuild legacy code in memory-safe languages.
Why It Matters
The expansion matters because it shows how advanced AI models may change the workload of cybersecurity teams. If one restricted model can help a small group find thousands of severe flaws in weeks, software vendors and maintainers may face a backlog that current disclosure and patching systems were not built to handle.
The risk is largest where a single codebase supports many downstream users. Anthropic said many of the new partners maintain software relied on by other organizations, including governments. If flaws in those systems remain unpatched, the exposure can spread far beyond the organization that owns the code.
The defensive benefit is also clear: faster discovery can reduce risk if teams can validate and patch at the same pace. The unresolved issue is whether verification, maintainer capacity and end-user deployment can keep up with AI-assisted bug finding.
Network Vulnerability Assessment: Identify security loopholes in your network's infrastructure
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Anthropic launched Project Glasswing in early April 2026 with major technology and security partners including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks. The company said at the time that Claude Mythos Preview would remain restricted because of its ability to find and exploit software vulnerabilities.
In a later update, Anthropic said approximately 50 partners had collectively found more than 10,000 high- or critical-severity vulnerabilities. The company has not published full technical details for many findings, citing standard vulnerability disclosure timelines and the need to protect users before patches are widely deployed.
Anthropic has also committed up to $100 million in Mythos Preview usage credits and $4 million in direct donations to open-source security organizations, according to its Project Glasswing materials.
“approximately 150 new organizations”
— Anthropic, June 2 Project Glasswing expansion post
Kali Linux Bootable USB for Ethical Hacking & Cybersecurity
Dual USB-A & USB-C Bootable Drive – works on almost any desktop or laptop (Legacy BIOS & UEFI)….
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
Several details remain unclear. Anthropic has not named all of the new organizations, and the full list of vulnerabilities found by partners has not been made public. It is also not clear how many of the 10,000-plus findings have been independently confirmed, how many have been patched, and how many patches have reached end users.
Anthropic’s estimate that many other AI companies could have Mythos-class models within 6 to 12 months is a company projection, not a confirmed industry timeline.
The C Programming Language
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
The next stage is partner vetting, expanded access for approved organizations and more work on patching and disclosure. Anthropic said it plans further Project Glasswing expansions, priority for infrastructure providers and open-source maintainers, and a Cyber Verification Program that would grant Mythos-class capabilities for defined defensive tasks. More public detail is expected as patches are deployed and advisories can be released without adding risk for users.
Code Until Burnout Patch – Funny Programmer Embroidered Iron-On Badge – Retro PC on Fire – Hacker, Coder, IT Humor Patch, 3.3 x 3.9 Inches
Bold Design: Features a retro computer on fire with “Code Until Burnout” slogan – perfect for devs and…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What is Project Glasswing?
Project Glasswing is Anthropic’s controlled cybersecurity initiative using Claude Mythos Preview to help selected partners find and fix vulnerabilities in widely used software.
What changed with this expansion?
Anthropic is extending the partnership from an initial group of roughly 50 partners to about 150 new organizations across more than 15 countries, pending security requirements.
Are all 10,000-plus flaws confirmed and patched?
No. Anthropic has reported the aggregate number of high- or critical-severity findings, but many details remain under disclosure limits. The public record does not yet show how many have been confirmed, patched and deployed.
Why is access to Claude Mythos Preview restricted?
Anthropic says Mythos Preview can find and exploit software vulnerabilities at a level that creates misuse risk. The company says broader access would require stronger safeguards than it currently has.
What should readers watch next?
Watch for public vulnerability advisories, patch releases from affected vendors, updates on open-source disclosures and any move by Anthropic or other AI labs to release Mythos-class cyber tools more broadly.
Source: Thorsten Meyer AI
