Anthropic Expands Project Glasswing to Global Partners

Reuters and CNBC report that Anthropic is expanding Project Glasswing, adding roughly 150 additional organizations and increasing total participants to about 200, with new partners based in more than 15 countries (Reuters; CNBC; Politico). Per Anthropic's Project Glasswing page, the program provides selected organisations access to the frontier model Claude Mythos Preview as part of a coordinated defensive effort; Anthropic's page also states the company is committing up to $100M in usage credits for Mythos Preview and $4M in direct donations to open-source security organisations (Anthropic). Reuters reports that partners have identified more than 10,000 high- or critical-severity security flaws, according to Anthropic's reporting (Reuters). Coverage from Politico and CNBC notes that access will be gated by security requirements and that some EU agencies such as ENISA are seeking mechanisms to evaluate the model (Politico; CNBC).

Editorial analysis - technical context: Public reporting frames Claude Mythos Preview as a frontier-capability model with specialised performance on code analysis and vulnerability discovery. The exact technical training data, prompting pipelines, or exploit-generation heuristics for Mythos have not been disclosed publicly beyond Anthropic's promotional and program descriptions (Anthropic; Reuters). Industry reporting emphasises that the model can surface chains of small bugs that, when combined, create high-severity attack paths, a capability journalists and security professionals describe as accelerating what skilled humans can already do, rather than inventing a wholly new class of vulnerabilities (Reuters; CNBC).

Industry context: Observers in the security and policy community have treated Project Glasswing as a test case for defensive use of powerful code-capable models, while also flagging potential misuse. Reuters and CNBC document meetings among financial and governmental leaders following Anthropic's April Mythos disclosures, reflecting acute concern about how such models could affect critical infrastructure and financial systems (Reuters; CNBC). Bruce Schneier, writing on his blog, criticises the level of detail disclosed about results and notes that, per his reading of available materials, "almost none" of the reported vulnerabilities have been patched; he frames Anthropic's refusal to release granular data as problematic for independent verification (Schneier). This mix of rapid discovery, limited public technical disclosure, and slow remediation raises typical operational tensions between responsible disclosure, vendor confidentiality, and third-party verification in vulnerability research.

For practitioners: - Track the names and roles of organisations granted access and the security gating mechanisms used to control Mythos access; Politico and CNBC report that partner lists and access procedures will be central to trust-building. - Watch for technical write-ups or red-team reports from independent security researchers; the number 10,000 in reported high/critical flaws is a high-stakes figure reported by Reuters and merits independent validation. - Monitor whether affected vendors or open-source projects publish coordinated patches or advisories following Glasswing-identified findings; Schneier's critique highlights a current gap between discovery and remediation (Schneier). - Observe regulatory engagement, especially in the EU, where Politico reports ENISA and other agencies are exploring access and safeguards.

Industry reporting shows Anthropic is accelerating the scope of Project Glasswing and offering Claude Mythos Preview to a broader global set of organisations while committing sizeable credits and donations to the effort (Anthropic; Reuters; CNBC). Editorial analysis: This story exemplifies a broader pattern where powerful code-capable models create simultaneous defensive value and governance challenges, making transparency, rigorous vetting, and independent validation essential for practitioners and policy makers alike.