Project Glasswing is Anthropic's collaborative initiative aimed at securing the world's most critical software. In early April, approximately 50 initial partners were given access to Claude Mythos Preview, and since then they have been using the model to scan their codebases for vulnerabilities. Anthropic recently reported that these partners have identified more than 10,000 high- or critical-severity security flaws so far.
Anthropic is now broadening the scope of Project Glasswing. After several weeks of close work with existing partners, the security industry, open-source software maintainers, and the US government, the partnership is being extended to roughly 150 additional organizations. Each new participant must meet Anthropic's security requirements before receiving access.
The new group of organizations spans more than 15 countries, and most provide critical infrastructure serving many more nations. (Anthropic plans to expand geographic coverage significantly in the future.) This cohort covers several industries that were underrepresented in the initial group, including power, water, healthcare, communications, and hardware. Many of the new partners are vendors-companies or nonprofits maintaining codebases that other organizations worldwide, including governments, depend on.
What all partners share is that a successful attack on their codebase could be catastrophic. For most, Anthropic estimates that a major attack could impact more than 100 million people, with significant implications for both global and national security.
This expansion represents the next step toward Anthropic's long-term goals: enabling AI to make all software more secure and helping the industry adapt to how AI could reshape many of the fundamental assumptions of cybersecurity.
The Role of Project Glasswing
Project Glasswing and the capabilities of Claude Mythos Preview have sparked wide-ranging conversations-within the software industry and with governments-about how AI is transforming cybersecurity. These discussions have informed how Anthropic has expanded the program and have also shaped the company's thinking about the initiative's core purpose.
Cheap, fast AI models with powerful cyber capabilities are on the near horizon. Anthropic wants Project Glasswing to push institutions toward operating norms that reflect this reality.
Mythos Preview continues a long-term trend that Anthropic has been flagging: within 6 to 12 months, many other AI companies are expected to have Mythos-class models and could release them without safeguards to prevent misuse. In such a world, cyberattacks could become far more frequent and unpredictable. It is critical that cyberdefenders adapt to keep pace.
Anthropic sees its role as twofold. First, to help the software industry adapt by safely providing broad access to better models, tools, and common infrastructure. Second, to gradually shift the support provided from finding vulnerabilities to disclosing, fixing, and deploying patched software.
Supporting Cyberdefenders
So far, companies, nonprofits, maintainers, and researchers have moved quickly. Within the first weeks of Project Glasswing, each member began using Mythos Preview at large scale, sharing information and best practices with other partners, and working with third parties to triage the model's findings. These organizations' methods for adapting to new tools can and should be replicated widely across the millions of organizations and developers vulnerable to cyberattacks.
To support this effort, Anthropic recently released Claude Security, a product that uses the company's latest public frontier models, such as Claude Opus 4.8, to scan codebases and suggest patches. Anthropic is also making available-on request, to trusted security teams-the tools developed to help Project Glasswing partners find vulnerabilities more quickly.
Anthropic intends to go much further: the longer-term aim is to support the industry in creating new initiatives, standards, and infrastructure for the era of powerful cyber models.
Accelerating Patching and the Rest of Security
As Anthropic has previously discussed, the bottleneck in cybersecurity is now verifying, disclosing, and patching the large numbers of vulnerabilities that Mythos-class models can surface.
Mythos Preview itself can help with this. Many of Project Glasswing's partners now use the model to write patches and for pre-release checks that prevent vulnerabilities from appearing in the first place. Models like Mythos Preview can also be used for penetration testing (simulating a cyberattack to identify how vulnerabilities might be exploited), automating threat detection and response, and rebuilding legacy codebases in memory-safe languages, among many other defensive tasks.
Anthropic is in discussions with third parties about how to substantially scale up the reviewing and patching of vulnerabilities in open-source software. The company is also working on sharing ideas and best practices for disclosing vulnerabilities to open-source maintainers, with the goal of making these reports easier to triage and act upon.
The Path Ahead
To address the scale of this coming challenge, hundreds of thousands of organizations, researchers, and maintainers will likely need access to the most advanced cyber capabilities and tools available.
Anthropic is working as quickly as possible to safely release Mythos-level capabilities in general access. To do so, the company will need highly robust safeguards that prevent the model's cyber capabilities from being misused-safeguards that Anthropic (and, to its knowledge, all other AI developers) have yet to develop. Because cybersecurity has both helpful and destructive uses, making safeguards that are both strong and precise enough is a major challenge.
In the meantime, Anthropic plans to expand Project Glasswing even further-prioritizing additional essential infrastructure providers, maintainers of critical open-source software, and safety testers. Future expansions are intended to cover organizations in the US and overseas, just as this one does. Anthropic also intends to scale up its Cyber Verification Program, which would grant Mythos-class capabilities to many more organizations for specific cyberdefense tasks.
In the future, frontier model releases will become increasingly high-stakes. Capabilities will continue to improve across all domains, including many that-like cybersecurity-can empower attackers and defenders alike. This will not be the last time such a challenge needs to be confronted. But Project Glasswing has taught Anthropic a great deal about how to respond when models cross important capability thresholds. If successful, the initiative hopes to enable a permanent advantage for defenders.