← all news

Anthropic expands Project Glasswing to 150 partners across 15 countries

AI · · · source (anthropic.com)

Two weeks after the first results from Project Glasswing, Anthropic announced a roughly threefold expansion: about 150 new partner organizations across more than 15 countries, drawn from sectors that were thin in the first round, namely power, water, healthcare, communications, and hardware. The earlier 50 partners had used a preview model called Mythos to flag more than 10,000 high or critical vulnerabilities. The new cohort, Anthropic estimates, includes operators where a single breach could each affect "more than 100 million people".

Beyond finding bugs, partners are now using Mythos Preview for writing patches, doing pre-release security reviews, running penetration tests, automating threat detection, and modernizing legacy code. Anthropic is also releasing a product called Claude Security, built on its public models, for security teams that do not get the preview model. Specialized vulnerability-finding tools are being shared only with what Anthropic calls "trusted security teams".

The expansion sharpens a tension Anthropic has been clear about. It will not release Mythos-class models publicly, because no one has safeguards strong enough to prevent abuse, but it is also pushing those models into more and more places. The plan to scale patching across open-source software via third-party collaborations is the part to watch, because the May update made clear the bottleneck is no longer finding bugs.

Why it matters

If your code runs anywhere near critical infrastructure, you are now in the universe Mythos partners are scanning, whether you signed up or not. Decide how you would triage and disclose a batch of credible findings against your own stack before one shows up.

AnthropicSecurityVulnerabilities