Anthropic Expands Mythos Access to 150 Organizations

According to Anthropic's blog post, the company is expanding Project Glasswing by granting access to approximately 150 additional organizations for testing Claude Mythos, its model for detecting software vulnerabilities. Anthropic reported that the initial cohort of roughly 50 partners had already uncovered more than 10,000 high- or critical-severity security flaws, a figure cited in the company's announcement and in CNBC coverage. Bloomberg reports the expanded cohort brings total groups with access to about 200. CNBC and Anthropic's post say the new partners are based in more than 15 countries and include sectors such as power, water, healthcare, communications, and hardware. Anthropic's blog post states that each organization must meet its security requirements before being granted access.

Anthropic frames Project Glasswing as a cooperative effort to surface high-impact software vulnerabilities using Claude Mythos. SecurityWeek reported earlier that Mythos-detected findings included as many as 23,000 potential vulnerabilities across 1,000 open-source projects, a separate tally that underscores the model's reach in scanning widely used code. CNBC reports that Anthropic has not disclosed the identities of the new organizations joining the coalition. Anthropic's announcement also ties the expansion to coordinated work with open-source maintainers and government stakeholders.

Models that automate vulnerability discovery can scale detection velocity and surface classes of issues that manual review often misses, while also increasing the volume of potential findings requiring triage. Companies that use advanced automated scanners typically confront false positives, reproducibility challenges, and the need to integrate results into existing bug-tracking and disclosure pipelines. Observed patterns in comparable deployments show that operational controls, access gating, and collaboration with maintainers materially affect how quickly high-confidence issues are mitigated.

The expansion is notable because it moves Claude Mythos beyond a tightly limited preview into broader enterprise and critical-infrastructure contexts, which amplifies both defender utility and dual-use concerns flagged in public reporting. CNBC and Bloomberg place the announcement alongside Anthropic's confidential draft S-1 filing with the SEC, underscoring commercial and regulatory dimensions to wider Mythos availability. For practitioners, the practical consequences will include greater upstream disclosure workload for open-source maintainers and security teams needing robust triage and remediation workflows.

• •Observers will monitor how Anthropic and partners handle vulnerability disclosure timelines and coordination with maintainers and national CERTs, including whether standardized disclosure processes are published.
• •Watch for public lists or named partners, since CNBC notes Anthropic did not disclose the identities of the newly added organizations; transparency will affect community trust and triage capacity.
• •Regulatory and policy responses in the EU and national security communities merit attention, given CNBC's reporting that Anthropic intends to offer Mythos to the European Union and has filed a draft S-1 with the SEC.
• •Track technical metrics: rates of reproducible findings versus false positives, integration of Mythos outputs into bug-tracking systems, and whether vendors publish remediation guidance or automated fixes.