Anthropic Expands Project Glasswing to Global Partners
Reuters and CNBC report that Anthropic is expanding Project Glasswing, adding about 150 organizations to bring the program to roughly 200 partners across more than 15 countries. Per Anthropic's announcement, partners get gated access to the unreleased frontier model Claude Mythos Preview for finding and fixing software vulnerabilities, and Anthropic is committing up to $100M in usage credits plus $4M in donations to open-source security groups. Anthropic says partners have already identified more than 10,000 high- or critical-severity flaws. The expansion adds heavier representation from power, water, healthcare, communications, and hardware vendors whose code underpins critical infrastructure. Security researcher Bruce Schneier has publicly questioned the disclosures, noting that almost none of the reported vulnerabilities appear to have been patched and that Anthropic has withheld granular evidence. EU agencies including ENISA are reportedly seeking ways to evaluate the model.
What happened
Reuters and CNBC report that Anthropic is expanding Project Glasswing, adding roughly 150 organizations and bringing total participants to about 200 across more than 15 countries (Reuters; CNBC). Per Anthropic's announcement, selected partners receive gated access to the unreleased frontier model Claude Mythos Preview to find and fix vulnerabilities in critical software, and the company is committing up to $100M in usage credits for Mythos Preview plus $4M in donations to open-source security groups (Anthropic). Anthropic says partners have identified more than 10,000 high- or critical-severity flaws. The newly added partners skew toward power, water, healthcare, communications, and hardware vendors whose code underpins national-scale infrastructure.
The capability claim
Public reporting frames Claude Mythos Preview as a general-purpose frontier model with unusually strong code-analysis and exploit-discovery performance, able to chain together small memory-corruption bugs into high-severity attack paths - described as accelerating what skilled humans can already do rather than inventing a new class of vulnerability (Reuters; CNBC). Anthropic has not released the model publicly, citing misuse risk, and says Mythos-class access could broaden once additional safeguards are ready.
Independent scrutiny
Security researcher Bruce Schneier calls the rollout "very much a PR play," arguing reporters have repeated Anthropic's talking points uncritically and that, per his reading, almost none of the reported vulnerabilities have been patched (Schneier). Schneier also points to the security firm Aisle reportedly replicating Anthropic's findings using older, cheaper public models, which would undercut claims that Mythos is uniquely capable. Anthropic's refusal to release granular data limits independent verification of the 10,000+ figure.
Why it matters
For defenders and infrastructure owners, code-capable frontier models change vulnerability-discovery timelines and widen the window between discovery, coordinated disclosure, and remediation. Politico reports the expansion has drawn regulatory interest, with EU agencies such as ENISA seeking mechanisms to evaluate the model (Politico).
What to watch
- •Whether affected vendors and open-source projects publish coordinated patches or advisories for Glasswing-identified flaws.
- •Independent red-team or replication reports that can validate or contest the 10,000+ high/critical figure.
- •The partner list and access-gating mechanisms, which Politico and CNBC describe as central to trust-building.
- •Regulatory engagement in the EU and elsewhere over access and safeguards.
Bottom line
The program expansion and the $100M-plus commitment are confirmed by Anthropic and independent outlets, but the headline capability and vulnerability figures remain vendor-reported and contested. The story captures a broader tension: powerful code-capable models offer real defensive value while making transparency, rigorous vetting, and independent validation essential.
Key Points
- 1Anthropic is expanding Project Glasswing by about 150 organizations to roughly 200 partners across 15+ countries, with gated access to the unreleased Claude Mythos Preview model (Reuters; CNBC; Anthropic).
- 2Anthropic commits up to $100M in usage credits and $4M in donations and says partners found 10,000+ high/critical vulnerabilities, though Bruce Schneier notes almost none are patched and key evidence is undisclosed.
- 3For practitioners, code-capable frontier models compress vulnerability-discovery timelines, widening the gap between discovery, disclosure, and remediation and raising independent-verification and governance demands.
Scoring Rationale
A frontier cyber-capable model (Claude Mythos Preview) reaching about 200 organizations across 15+ countries, backed by a $100M-plus commitment and active EU regulatory interest, materially affects security practitioners and critical-infrastructure owners. Scored high-Major, trimmed slightly because the headline capability and 10,000+ vulnerability figures are vendor-reported and contested - Schneier notes almost none are patched and key evidence is undisclosed.
Sources
Public references used for this report.
View 6 more sources
- 04Anthropic expands access to cyber-capable Mythos model beyond USpolitico.eu
- 05Anthropic's Project Glasswing Updateschneier.com
- 06AI Vulnerability Detection With Anthropic Glasswing - Futurumfuturumgroup.com
- 07Anthropic's Project Glasswing Is a Positive Step Toward Cleaner ...orca.security
- 08India Among 15 Countries Granted Access To Anthropic's Powerful 'Mythos' AIndtv.com
- 09TrendAI™ Joins Anthropic's Project Glasswingnewsroom.trendmicro.com
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems