Anthropic expands Project Glasswing to ~150 organizations in 15+ countries after Claude Mythos finds 10,000+ critical software flaws
On June 2, 2026, Anthropic announced it is extending Project Glasswing — its restricted-access program built around the unreleased frontier model Claude Mythos Preview — to roughly 150 additional partner organizations ac.
At a glance
- Expansion to roughly 150 additional partner organizations across more than 15 countries, announced June 2, 2026
- Most new partners are critical-infrastructure operators where a single major attack could affect 100+ million people
- Initial partners ('upwards of 50', scanning 1,000+ open-source projects) identified more than 10,000 high/critical-severity flaws using Mythos Preview
- 1,752 findings independently reviewed by six security firms: 90.6% (1,587) true positives; 62.4% confirmed high or critical
- 530 high/critical bugs disclosed to maintainers; 75 patched
VERDICT — CORRECTED ON THE RECORD
On June 2, 2026, Anthropic announced it is extending Project Glasswing — its restricted-access program built around the unreleased frontier model Claude Mythos Preview — to roughly 150 additional partner organizations across more than 15 countries. The expansion deliberately targets industries underrepresented in the initial cohort, including power, water, healthcare, communications and hardware, with Anthropic noting most are critical-infrastructure operators where a single major attack could affect more than 100 million people. The trigger for the expansion: initial Glasswing partners (an earlier disclosure cited 'upwards of 50' partners scanning over 1,000 open-source projects) used Mythos Preview to identify more than 10,000 high- or critical-severity security flaws.
In the earlier open-source sweep, 1,752 of the findings were independently reviewed by six security firms, with 90.6% (1,587) validated as true positives and 62.4% confirmed high or critical; Anthropic disclosed 530 high/critical bugs to maintainers, 75 of which were patched, and committed over $100 million in usage credits plus $4 million in donations to open-source security groups. Major partners disclosed elsewhere include Apple, Nvidia, Microsoft, CrowdStrike and Palo Alto Networks. Each new organization must meet Anthropic's security requirements before gaining access.
The framing is explicitly defensive — Anthropic warns 'cheap, fast AI models with powerful cyber capabilities are around the corner' — and positions Mythos as a tool to harden critical systems before comparable offensive capabilities proliferate. Mythos Preview can scan codebases, write patches, run pre-release security checks, perform penetration testing and automate threat detection.
Update log · verification desk
Key facts on file
- Expansion to roughly 150 additional partner organizations across more than 15 countries, announced June 2, 2026
- Most new partners are critical-infrastructure operators where a single major attack could affect 100+ million people
- Initial partners ('upwards of 50', scanning 1,000+ open-source projects) identified more than 10,000 high/critical-severity flaws using Mythos Preview
- 1,752 findings independently reviewed by six security firms: 90.6% (1,587) true positives; 62.4% confirmed high or critical
- 530 high/critical bugs disclosed to maintainers; 75 patched
- Over $100 million committed in usage credits plus $4 million in donations to open-source security groups
- Major partners disclosed elsewhere: Apple, Nvidia, Microsoft, CrowdStrike, Palo Alto Networks
- Anthropic warning quote: 'cheap, fast AI models with powerful cyber capabilities are around the corner'


