Anthropic expands Project Glasswing to 150 organisations across 15 countries

Anthropic has expanded Project Glasswing, its cybersecurity initiative designed to help secure critical software infrastructure, to around 150 additional organisations across more than 15 countries, as per their latest release. 

The new participants span sectors including power, water, healthcare, communications, and hardware, which are industries that were not widely represented in the programme’s initial phase. Many are software vendors and open-source maintainers whose code underpins services used by governments, businesses, and millions of consumers globally.

The expansion comes less than two months after Anthropic granted roughly 50 initial partners access to Claude Mythos Preview, an advanced AI model designed to identify security vulnerabilities in software. According to the company, those organisations have already uncovered more than 10,000 high- and critical-severity flaws in their codebases.

“What each partner has in common is that a successful attack on their codebase could be catastrophic,” Anthropic said in the release. “For most partners, we estimate that a major attack could affect more than 100 million people, with important ramifications for both global and national security.”

Project Glasswing is part of Anthropic’s broader effort to prepare organisations for a future in which increasingly capable AI systems reshape cybersecurity. The company said it expects other AI developers to release models with cyber capabilities comparable to Mythos Preview within the next six to 12 months.

“Cheap, fast AI models with powerful cyber capabilities are around the corner,” Anthropic said. “We want Project Glasswing to spur institutions toward operating norms that reflect this reality.”

The company said participating organisations have already begun using Mythos Preview at scale to scan codebases, identify vulnerabilities and share best practices with other partners and security researchers.

From finding flaws to fixing them

Anthropic said the cybersecurity challenge is increasingly shifting from finding vulnerabilities to verifying, disclosing and patching them quickly.

“As we’ve previously discussed, the bottleneck in cybersecurity is now verifying, disclosing, and patching the large numbers of vulnerabilities that Mythos-class models can surface,” the company said.

Several Project Glasswing participants are already using the model to generate software patches and conduct pre-release security checks aimed at preventing vulnerabilities from reaching production environments. Anthropic added that advanced AI systems can also assist with penetration testing, automated threat detection and response, and modernising legacy software by rewriting it in memory-safe programming languages.

To support broader adoption, the company recently launched Claude Security, a product that uses its latest public AI models to scan software and suggest patches. Anthropic also said it is making some of the tools developed for Project Glasswing available to trusted security teams upon request.

Looking ahead, the company plans to further expand Project Glasswing to additional critical infrastructure operators, open-source software maintainers and safety-testing organisations. It also intends to scale up its Cyber Verification Program, which provides advanced cyber capabilities to organisations for specific defensive use cases.

“We’re working as quickly as we can to safely release Mythos-level capabilities in general access,” Anthropic said. “In the meantime, we plan to expand Project Glasswing even further.”

The company said the initiative is intended to help establish a long-term advantage for defenders as frontier AI systems become increasingly capable and cybersecurity risks evolve alongside them.