Anthropic Expands Mythos Access to 150 Organizations

According to Anthropic's blog post, the company is expanding Project Glasswing by granting roughly 150 additional organizations access to Claude Mythos Preview, its model for finding software vulnerabilities, after an initial cohort of about 50 partners. Anthropic says those early partners have already found more than 10,000 high- or critical-severity flaws. The new partners span more than 15 countries and sectors such as power, water, healthcare, communications, and hardware, and each must meet Anthropic's security requirements first; Bloomberg notes the expansion brings total groups with access to about 200. Anthropic estimates a successful attack on a typical partner's codebase could affect more than 100 million people. CNBC reports Anthropic has confidentially filed a draft S-1 with the SEC and intends to offer Mythos in the European Union.
What happened
According to Anthropic's blog post, the company is expanding Project Glasswing by granting access to approximately 150 additional organizations for Claude Mythos Preview, its model for detecting software vulnerabilities. Anthropic says the initial cohort of roughly 50 partners has already uncovered more than 10,000 high- or critical-severity security flaws. Bloomberg reports the expansion brings the total number of groups with access to about 200. Per Anthropic and CNBC, the new partners are based in more than 15 countries and span sectors such as power, water, healthcare, communications, and hardware; Anthropic says each organization must meet its security requirements before gaining access, and estimates that a successful attack on a typical partner's codebase could affect more than 100 million people.
Scale of findings
Anthropic has separately reported scanning more than 1,000 open-source projects with Mythos and identifying 23,019 issues, of which 6,202 were rated high- or critical-severity. The company frames Project Glasswing as a cooperative effort with partners, open-source maintainers, and the US government, and says partners have begun using the model not only to find vulnerabilities but also to write patches and run pre-release checks.
Why it matters
Class B analysis: models that automate vulnerability discovery can scale detection velocity and surface issue classes that manual review misses, while also multiplying the volume of findings that require triage. Teams using advanced automated scanners typically confront false positives, reproducibility challenges, and the need to integrate results into existing bug-tracking and disclosure pipelines. Access gating, operational controls, and coordination with maintainers materially affect how quickly high-confidence issues are mitigated.
Industry context
The expansion moves Claude Mythos beyond a tightly limited preview toward broader enterprise and critical-infrastructure use, amplifying both defender utility and dual-use concerns. CNBC and Bloomberg place the announcement alongside Anthropic's confidentially filed draft S-1 with the SEC, and CNBC reports Anthropic intends to offer Mythos in the European Union, underscoring commercial and regulatory dimensions to wider availability.
What to watch
- •How Anthropic and partners handle disclosure timelines and coordination with maintainers and national CERTs, including whether standardized processes are published.
- •Whether partner identities are disclosed, since CNBC notes the new organizations were not named.
- •Regulatory and policy responses in the EU and national-security communities given the planned EU offering and the draft S-1.
- •Technical metrics such as reproducible-finding rates versus false positives and integration of Mythos output into remediation workflows.
Key Points
- 1Anthropic is extending Project Glasswing to about 150 more organizations across 15-plus countries, scaling Claude Mythos vulnerability discovery into critical-infrastructure codebases.
- 2Automated discovery at this scale shifts the bottleneck to verification, disclosure, and patching, raising triage burdens for maintainers and security teams.
- 3Broader access to a frontier cyber-capable model intensifies dual-use and regulatory scrutiny, making partner-selection and disclosure practices key industry signals.
Scoring Rationale
Expanding a frontier, cyber-capable model to roughly 150 additional organizations across critical-infrastructure sectors materially increases the deployed footprint of large-scale automated vulnerability discovery and raises significant operational, disclosure, and regulatory questions. The accompanying confidential draft S-1 and planned EU availability add commercial and policy weight, placing this at the high end of notable, near major.
Sources
Public references used for this report.
View 5 more sources
- 04Anthropic Offers Mythos Model Access to 150 Additional Groupsbloomberg.com
- 05Anthropic to expand Mythos access to more than 15 countriesft.com
- 06Anthropic Expanding Mythos Access to 150 New Organizationsitsecuritynews.info
- 07Anthropic Gives 100 New Organizations Access to Mythospymnts.com
- 08Anthropic expands access to powerful Mythos AI modelthehindu.com
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

