Anthropic Expands Glasswing, Promises Mythos-class Public Release

Per Anthropic's June 2 blog post, Project Glasswing, the company's restricted cybersecurity program, is expanding by approximately 150 new organizations, bringing the partner list to around 200 organizations across more than 15 countries. Anthropic wrote that partners in the program have deployed the Claude Mythos Preview to scan codebases and have so far identified more than 10,000 high- or critical-severity security flaws. Reuters reported on May 28 that Anthropic plans to roll out Mythos-class models "to all customers in the coming weeks" and simultaneously launched Claude Opus 4.8 as a broadly available model update.

Per Anthropic and reporting in TheNextWeb, Claude Opus 4.8 is available at the same published price as its predecessor and shows measured improvements on Anthropic's internal benchmarks. TheNextWeb cited Anthropic's published scores, including a rise on Terminal-Bench 2.1 for agentic coding and gains on multidisciplinary reasoning and agentic computer use. Reuters and TheNextWeb also highlighted that Opus 4.8 is described by Anthropic as more likely to flag uncertainties and less likely to make unsupported claims, an attribute the company frames as improved "honesty".

Editorial analysis: Projects that couple advanced models with targeted defensive access typically aim to accelerate vulnerability discovery among defenders while limiting misuse vectors. Reporting by Forbes and Reuters frames Mythos as a model class with unusually strong cybersecurity capabilities, and public coverage has emphasized the dual-use nature of those capabilities: they can accelerate patching work for defenders while also lowering the technical barrier for attackers if widely available.

Editorial analysis: The claimed discovery of more than 10,000 high- or critical-severity flaws in an initial, controlled cohort represents a material data point for practitioners focused on software supply-chain and infrastructure security. Observers who track defensive tooling will view a broader Mythos release as an inflection in the defender resources available for large-scale codebase scanning. At the same time, the same reporting has prompted public debate about release controls, disclosure timelines, and coordination with national security stakeholders, as reflected in Anthropic's partnership mix reported by 9to5Mac and the Anthropic blog.

Editorial analysis: Observers and practitioners should monitor three indicators. First, the exact timing and access conditions for the advertised "coming weeks" public availability reported by Reuters. Second, whether the broader partner set publishes remediation data or coordinated-disclosure timelines following scans. Third, uptake and integration patterns among major cloud providers and large maintainers, which will determine how quickly fixes propagate. For practitioners, changes in exploit scanning prevalence, disclosure cadence, and new red-team reports will be the earliest signals of practical impact.

Per the Anthropic blog and the news coverage cited, sources do not provide a public technical whitepaper enumerating Mythos's internal architecture or the exact guardrails that will accompany general availability. Where the sources quote Anthropic's language about safeguards and rollout timing, those are company statements and subject to future updates.