Project Glasswing Expands Claude Mythos Preview Program

Anthropic has broadened Project Glasswing, significantly increasing access to its Claude Mythos Preview model to strengthen software security across critical sectors.

Launched in April 2026 with about 50 organizations, the program now includes roughly 200 partners in more than 15 countries.

New participants cover high-impact industries energy, healthcare, water systems, telecommunications, and hardware manufacturing where flawed software can affect millions of users and national stability.

Participation requires strict security controls and is focused on vendors and open-source maintainers whose code is widely deployed in enterprise and government environments.

Anthropic frames Project Glasswing as a defensive, controlled route to apply advanced AI for vulnerability discovery and lifecycle management while minimizing misuse risk. Impacts such as:

Vulnerabilities found: Project participants have used Claude Mythos Preview to surface over 10,000 high- and critical-severity vulnerabilities across diverse codebases.
Scale: The model can analyze massive legacy code repositories, flagging memory-safety errors, insecure configurations, and other issues that manual review would take weeks to detect.
Use cases adopted: organizations are deploying the model for automated patch generation, pre-release code audits, AI-driven penetration testing, and translating legacy code to safer languages.
Automated scanning: Bulk analysis of code and infrastructure configurations to prioritize high-risk findings.
Patch assistance: Producing candidate patches or remediation steps to accelerate developer response.
Adversarial simulation: Generating realistic attack scenarios for red-team exercises and risk validation.
Modernization support: Recommending safer language constructs or refactor patterns for legacy systems.
Patching bottleneck: Despite rapid detection, triage and remediation remain slow particularly in complex supply chains and open-source projects.
Disclosure processes: Coordinated vulnerability disclosure must scale to handle high volumes of findings and varied stakeholder responsibilities.
Access risk: Anthropic warns that Mythos-class capabilities could become available to adversaries within 6–12 months without safeguards, enabling automated discovery and exploitation at scale.

Mitigation

Access controls: Participant vetting and security requirements limit exposure of the model to vetted defenders and maintainers.
Collaboration: Anthropic is engaging governments, industry groups, and open-source communities to craft disclosure frameworks, response playbooks, and norms for AI-driven security tooling.
Third-party integration: The company is partnering with external groups to improve triage workflows and speed remediation, with special emphasis on open-source ecosystems.
Expansion focus: Further growth will prioritize critical infrastructure providers and the cybersecurity research community to concentrate defensive benefits where impact is greatest.
Cyber Verification Program: Anthropic plans a controlled-access program to grant curated use of advanced AI capabilities strictly for defensive verification and testing.
Commercial tooling: In parallel, Anthropic has introduced Claude Security a commercial product built on its frontier models to provide enterprises automated scanning and patch recommendations under standard security controls.