What is Project Glasswing and how does Claude Mythos fit into it?

Project Glasswing is Anthropic's joint industry initiative to identify and remediate critical software vulnerabilities using AI. Claude Mythos, described by Anthropic as its most powerful model, can identify thousands of zero-day vulnerabilities over several weeks and is the core technology powering the program.

Why is this expansion focused on critical infrastructure?

Anthropic states that each partner's codebase, if successfully attacked, could affect more than 100 million people according to the company's estimates. The expanded cohort now includes power, water, healthcare, and communications sectors that were underrepresented in the initial 50-organization pilot.

How does this compare to OpenAI's cybersecurity model?

OpenAI released GPT-5.5-Cyber, its own cybersecurity-focused model, which it has rolled out to a large group of partners for testing. Anthropic expects rival AI companies to develop models with similar capability.

Anthropic expands Claude Mythos vulnerability-scanning to 150 organizations across 15 countries

Q: Which countries and organizations have access to Claude Mythos?

According to The Financial Times, the 15 countries include Australia, Canada, France, Germany, Italy, Switzerland, the Netherlands, Spain, Belgium, Sweden, India, Japan, New Zealand, and South Korea. Named partners include Okta, Samsung, SK Hynix, SK Telecom, NATO, and the EU cyber-security agency ENISA.

BLUF

Anthropic is expanding Project Glasswing, its vulnerability-disclosure initiative powered by Claude Mythos, from 50 initial partners to 150+ organizations across more than 15 allied nations. According to Anthropic’s estimates, a successful attack on each partner’s codebase could affect more than 100 million people. The expansion marks a significant scaling of AI-driven critical-infrastructure security, announced one day after Anthropic filed confidentially for an initial public offering following a $65 billion funding round.

Claude Mythos: from 50 to 150 organizations in eight weeks

According to TechCrunch, Anthropic granted initial access to Claude Mythos Preview in early April to 50 organizations, including the U.S. government. As of June 2, that cohort has grown to approximately 150 organizations spread across power, water, healthcare, communications, and hardware sectors.

Anthropic describes Claude Mythos as capable of identifying thousands of zero-day vulnerabilities within several weeks of codebase scanning. The rapid expansion reflects confidence in the model’s security-scanning capabilities, though Anthropic has publicly stated it expects rival AI companies to develop comparably powerful models in the near term. OpenAI, for instance, released GPT-5.5-Cyber and rolled it out to a large group of testing partners, according to TechCrunch.

The 15-country coalition: NATO, ENISA, Okta, Samsung, and allied nations

According to The Financial Times, citing a person familiar with the matter, the expanded partner roster now spans 15 countries aligned with U.S. interests: Australia, Canada, France, Germany, Italy, Switzerland, the Netherlands, Spain, Belgium, Sweden, India, Japan, New Zealand, and South Korea. This geographic distribution deliberately avoids adversarial jurisdictions and prioritizes allied governments and their critical-infrastructure operators.

The Financial Times and TechCrunch name specific organizations granted access to Claude Mythos, including the North Atlantic Treaty Organization (NATO), the European Union’s cybersecurity agency ENISA, South Korean chipmakers Samsung and SK Hynix, the South Korean telecommunications company SK Telecom, and Okta, a U.S.-based identity and access management platform. Anthropic’s blog post notes that most new partners maintain codebases that other organizations and governments depend upon—a criterion highlighting the interconnected nature of critical-infrastructure risk.

Timing within broader AI security context

The Project Glasswing expansion arrives one day after Anthropic disclosed a confidential filing for an initial public offering (IPO) on the heels of a $65 billion funding round that values the company at nearly $1 trillion, according to TechCrunch. The timing suggests Anthropic is positioning AI-driven security as a core business proposition and differentiator relative to competitors, particularly OpenAI.

Anthropic has stated it is racing to establish safeguards within Project Glasswing precisely because it expects other AI labs to release equally capable models. By securing partnerships with critical-infrastructure operators before competing offerings mature, Anthropic aims to establish Project Glasswing as the de facto standard for AI-powered vulnerability disclosure in sensitive sectors.

Why This Matters

The scaling of Claude Mythos to 150+ critical-infrastructure operators across 15 allied nations represents a watershed moment for AI’s role in national security and supply-chain resilience. Organizations managing power grids, telecommunications networks, and healthcare systems now have a shared AI-driven vulnerability-detection tool, which could accelerate zero-day remediation cycles and reduce the attack surface available to state and non-state adversaries.

However, this expansion also concentrates security-scanning capability—and thus knowledge of new vulnerabilities—within a single AI provider’s ecosystem. If Anthropic’s access controls fail, or if Claude Mythos produces false positives that delay patching, the downstream consequences could be severe. The hedge that “many organizations and governments rely upon” these partners’ codebases underscores the systemic risk inherent in centralized vulnerability disclosure.

For teams evaluating AI-driven security platforms, this expansion signals that Anthropic intends Claude Mythos to be the primary industrial standard. Organizations not yet granted access may face pressure to petition for inclusion, while those with access face decisions around how deeply to integrate Claude Mythos into patch-management workflows.