Anthropic’s Project Glasswing expands to 150 organizations globally

Anthropic is significantly scaling its cybersecurity initiative, Project Glasswing, by onboarding approximately 150 new organizations globally. This expansion follows an initial phase of collaboration with a select group of security firms, open-source maintainers, and government agencies, all leveraging the Claude Mythos Preview model.

To gain entry into the program, organizations must first satisfy specific security criteria. The new cohort spans more than 15 countries and encompasses critical sectors including healthcare, energy, communications, technology, and other infrastructure operators. Anthropic has indicated plans to further broaden the program’s geographic footprint over time.

“In critical infrastructure, one exposed vulnerability can affect far more than a single company,” said Joe Saunders, CEO of RunSafe Security. “The expansion of Glasswing gives more essential sectors a chance to prepare for the next phase of cybersecurity, where finding vulnerabilities is faster and reducing real-world risk is what counts.”

Originally launched in April with roughly 50 organizations, Project Glasswing uses the Claude Mythos Preview model to scan software for security flaws. Since its debut, the initiative has uncovered more than 10,000 high- and critical-severity vulnerabilities. The program has also sparked meaningful conversations within the software industry and government circles, which have helped refine its purpose and scope.

The core mission of Project Glasswing is to help organizations brace for a future where AI systems with advanced cyber capabilities become commonplace. Anthropic warns that this future is approaching rapidly.

“Mythos Preview continues a long-term trend that we’ve been warning about for some time: within 6 to 12 months, we expect that many other AI companies will have Mythos-class models, and they could release them without safeguards that prevent misuse,” the company wrote. “In that world, cyberattacks could occur much more often, and in much more unpredictable forms. It’s imperative that cyberdefenders adapt to maintain pace.”

Despite the acceleration in vulnerability discovery, security teams still face a mounting patching burden. Finding flaws is no longer the primary bottleneck, according to Anthropic. The real challenge lies in verifying findings, disclosing them responsibly, developing patches, and deploying updates across systems.

“My advice is to spend about five minutes processing Anthropic’s latest announcement and then immediately get back to looking at your own patch cycle, because that is where companies are going to get burned,” said Jim Sherlock, VP of AI & Cybersecurity R&D at ProCircular. “Expect the next wave of security advisories to come from your vendors, in volume, faster than your change windows were built to handle.”

Sherlock added, “Patch pipelines that are not able to handle the incoming flood of advisories and vulnerabilities will simply turn into a giant backlog full of good intentions.”

Alongside this expansion, Anthropic also plans to make vulnerability discovery tools developed for Project Glasswing available to trusted security teams upon request. Last week, the company announced its intention to release Mythos-class models to all customers once additional cyber safeguards are finalized.

“We’re working as quickly as we can to safely release Mythos-level capabilities in general access,” the company stated. “To do so, we’ll need highly robust safeguards that prevent the model’s cyber capabilities from being misused,safeguards that we have yet to develop.”