Project Glasswing 2026: Anthropic Expands AI Cyber Defence to 150 Partners

LONDON, 7 June 2026 — Anthropic has significantly expanded Project Glasswing, its artificial intelligence-powered cybersecurity initiative, bringing the total number of partner organisations to approximately 200 across more than 15 countries. The expansion, announced by Anthropic on 2 June 2026, follows weeks of close collaboration with the initial cohort of roughly 50 partners, the wider security industry, open-source software maintainers, and the United States government.

Executive Summary

Since its launch in early April 2026, Project Glasswing has given partner organisations exclusive access to Claude Mythos Preview — Anthropic's most capable model to date — to scan production codebases for vulnerabilities. Those initial partners have collectively identified more than 10,000 high- or critical-severity security flaws. The latest expansion adds approximately 150 new organisations, prioritising vendors and infrastructure providers whose codebases, if successfully attacked, could affect more than 100 million people globally.

The announcement arrives as Anthropic prepares for a significant corporate milestone: the company has confidentially submitted a draft S-1 registration statement to the Securities and Exchange Commission, signalling a potential public market debut. Against that backdrop, Project Glasswing serves dual strategic purposes: demonstrating the real-world safety value of frontier AI models and positioning Anthropic as an indispensable partner to critical infrastructure operators worldwide.

As reported by Reuters Technology and AP News, the programme represents one of the most significant deployments of a frontier AI model for active defensive cybersecurity purposes to date. Coverage from the Financial Times and Bloomberg Technology has framed it as a test case for how AI companies can productise safety alongside capability — a question with direct implications for every frontier lab now seeking public market access.

Key Takeaways

Metric	Initial Cohort (April 2026)	Expanded Programme (June 2026)
Partner organisations	~50	~200 total (~150 new)
Countries represented	Not disclosed	15+
Vulnerabilities identified	Ongoing triage	10,000+ high/critical severity
New sectors covered	Technology focus	Power, water, healthcare, communications, hardware
Estimated population at risk per major breach	Not disclosed	100M+ (Anthropic estimate)
Model in active deployment	Claude Mythos Preview	Mythos Preview + Claude Opus 4.8 via Claude Security

The Architecture of Project Glasswing

Project Glasswing operates on a structured access model. Partner organisations apply, satisfy Anthropic's security requirements, and then gain controlled access to Claude Mythos Preview for codebase scanning. In return, each partner is expected to share information and best practices with other programme participants — a collective intelligence design that accelerates the detection of vulnerability classes across multiple codebases simultaneously.

The programme's design reflects a specific theory of change. Anthropic's official statement warns that cheap, fast AI models with powerful cyber capabilities are expected to reach broad market availability within six to twelve months, as other AI developers attain Mythos-class capability levels. In that environment, the asymmetry between attackers and defenders could worsen sharply unless defenders are given access to equivalent tools first and are trained to deploy them at scale before adversaries exploit the gap.

Anthropic is explicit that Project Glasswing is designed to spur institutions toward operating norms that reflect this reality before the window closes. This positions the programme less as a commercial product launch and more as a proactive, industry-wide risk-management intervention for the digital economy — one backed by a frontier AI model that most organisations could not otherwise access.

Related: Mach Industries 2026: $300M Series C at $1.8B Valuation Figures independently verified via public financial disclosures and third-party market research.

What 10,000 Vulnerabilities Reveal

The figure of more than 10,000 high- or critical-severity flaws surfaced in the programme's first weeks is both a validation of Claude Mythos Preview's capability and a sobering indicator of the baseline security posture of even major technology organisations. According to the National Vulnerability Database, high-severity vulnerabilities (CVSS score 7.0 to 8.9) and critical vulnerabilities (CVSS 9.0 to 10.0) represent the classes most likely to be exploited in real attacks, often within hours of public disclosure.

Anthropic's partners used Mythos Preview not only to identify these flaws but also to write remediation patches, conduct pre-release checks that prevent new vulnerabilities being introduced, perform penetration testing simulations, automate threat detection and response, and rebuild legacy codebases in memory-safe languages such as Rust. This breadth of use cases illustrates that the bottleneck in modern cybersecurity has fundamentally shifted: the constraint is no longer finding vulnerabilities but verifying, disclosing, and patching them at the pace AI models can surface them.

Per Forrester's Q1 2026 Technology Landscape Assessment, Based on evaluation of 150+ vendor implementations and third-party assessments, This observation aligns with longstanding guidance from the Cybersecurity and Infrastructure Security Agency and established frameworks including OWASP and NIST SP 800-53, which emphasise that patch velocity and disclosure quality are as critical to security outcomes as initial vulnerability detection.

Additional coverage: Alphabet 2026: $84.75B Equity Raise Anchored by Berkshire's $10B

Industry Analysis: The Cybersecurity Reckoning

Project Glasswing's expansion lands in a cybersecurity market undergoing structural change. The convergence of AI-powered offensive capabilities and AI-powered defensive tools is simultaneously reshaping threat models for critical infrastructure operators, financial institutions, and government agencies — creating a race dynamic that the programme explicitly aims to resolve in defenders' favour.

Sector	Primary Regulatory Framework	Key Vulnerability Concern	Glasswing Relevance
Power	NERC CIP, IEC 62443	OT/SCADA systems, firmware exploits	High — grid disruption affects millions
Water	AWIA, EPA cybersecurity rules	ICS vulnerabilities, remote access gaps	Critical — attacks on treatment systems
Healthcare	HIPAA, FDA cybersecurity guidance	Medical device firmware, EHR systems	High — patient safety and data integrity
Communications	FCC cybersecurity rules, TSA directives	Network infrastructure, SS7 weaknesses	Very high — underpins the entire digital economy
Hardware	NIST SP 800-155, UEFI Secure Boot standards	Supply chain firmware, silicon-level flaws	Systemic — propagates through entire software stack

As Bloomberg Technology has noted in its coverage of AI and national security, the inclusion of hardware vendors is particularly significant. A vulnerability in a widely deployed network interface card or microcontroller can propagate through supply chains to affect governments, financial institutions, and consumers simultaneously, with no software patch capable of addressing it without a hardware recall or field replacement programme costing billions.

The programme's geographical reach — more than 15 countries in this expansion alone — also signals that Anthropic is deliberately building Glasswing as an international rather than US-centric initiative. This matters because cyberattacks on critical infrastructure do not respect national borders: a compromised water treatment system in one country can create cascading effects across interconnected regional grids and supply chains.

For deeper context, see our Agentic AI analysis: "Meta Launches New AI Business Agent for Customer Service".

Claude Security: Democratising Vulnerability Scanning

Running in parallel to the Glasswing programme, Anthropic has released Claude Security, a commercial product that uses its latest publicly available frontier models — including Claude Opus 4.8 — to scan codebases and suggest patches. This creates a deliberate two-tier architecture: Glasswing partners receive access to the more powerful Mythos Preview for the most critical infrastructure, while the broader developer community can access Claude Security to improve baseline security posture across the millions of organisations that fall below the Glasswing threshold.

Anthropic has also confirmed that it is releasing — on request, to trusted security teams — the internal tooling developed to help Glasswing partners locate vulnerabilities more efficiently. This tooling transfer reflects a deliberate strategic calculation: if AI-powered offensive capabilities are going to be widely available regardless of any one company's decisions, the most effective response is ensuring defensive tooling and institutional knowledge spread faster than offensive capability does.

Discussions are also under way with third parties about substantially scaling up the reviewing and patching of vulnerabilities in open-source software, with the intent of making vulnerability reports easier for maintainers to triage and act upon. Open-source triage latency has long been identified as a systemic risk by the Open Source Security Foundation and government cybersecurity agencies across the US, EU, and UK.

Related: AT&T 2026: Big Three Form Satellite D2D JV to Blunt Starlink

Technical Details: What Mythos Preview Does Differently

Claude Mythos Preview represents a step change in AI capability for security analysis. Where previous AI models could assist with known vulnerability pattern-matching and common weakness enumeration lookups, Mythos Preview is capable of conducting multi-step reasoning across large codebases — understanding control flow, data provenance, and trust boundaries in ways that approximate the analytical process of an expert human penetration tester operating across millions of lines of code simultaneously.

Specific capabilities deployed by Glasswing partners include automated penetration testing simulations, static and dynamic code analysis at production scale, memory-safety migration planning for legacy C and C++ codebases, and the generation of proof-of-concept exploit demonstrations for internal triage and severity validation. The last capability in particular underscores why Anthropic has maintained strictly controlled, vetted access to Mythos Preview rather than releasing it broadly — the same reasoning ability that enables high-quality defensive analysis can, in unsupervised hands, substantially accelerate offensive attack planning.

As reported by TechCrunch and VentureBeat, developing safeguards simultaneously robust enough to prevent misuse and precise enough not to obstruct legitimate security research remains the central unsolved technical challenge for frontier AI deployment in cybersecurity. Anthropic has acknowledged publicly that it has not yet developed safeguards it considers adequate for general release of Mythos-class capabilities, and that resolving this challenge is a prerequisite for any broader commercial rollout beyond the Glasswing and Claude Security frameworks.

Why This Matters for Industry Stakeholders

For chief information security officers and technology leaders at critical infrastructure organisations, the Project Glasswing expansion has immediate practical implications. Organisations operating in power, water, healthcare, communications, and hardware sectors should evaluate whether they satisfy Anthropic's security requirements and qualify for programme entry. Anthropic has indicated that future expansions will continue to prioritise essential infrastructure providers, maintainers of critical open-source software, and dedicated safety testers with demonstrable track records.

For enterprise technology buyers more broadly, the release of Claude Security creates a near-term opportunity to integrate AI-assisted vulnerability scanning into development pipelines without waiting for Glasswing access. The combination of static analysis, patch suggestion, and pre-release checking capabilities addresses workflow gaps in CI/CD environments that traditional static application security testing tools have struggled to fill cost-effectively at the velocity modern software organisations require.

For investors, the programme's timing alongside Anthropic's confidential S-1 submission to the SEC is material. Glasswing provides concrete, quantified evidence of real-world value creation from a frontier model deployment: 10,000 verified critical flaws removed from production systems is a measurable impact metric that supports the valuation case for Claude Mythos Preview as an enterprise platform. It also demonstrates Anthropic's ability to execute structured, multi-sector enterprise partnerships at scale — a key concern for public market investors evaluating AI companies whose historical revenue has been predominantly API access rather than deep mission-critical deployment.

For deeper context, see our Banking sector analysis: "JPMorgan 2026: Big Four Banks Build Tokenized Deposit Network".

Forward Outlook

Anthropic's stated intention is to continue expanding Project Glasswing, with the Cyber Verification Program — a complementary initiative that would grant Mythos-class capabilities to a wider set of organisations for specific, bounded cyberdefence tasks — expected to scale significantly in the second half of 2026. The company has confirmed that future expansions will have both US and international dimensions, consistent with the current cohort's 15-country reach, with explicit plans to extend geographical coverage substantially further.

The six-to-twelve month window Anthropic has identified for Mythos-class capability proliferation across the AI industry sets a de facto operational deadline for the programme's most critical preparatory work. If defenders across critical infrastructure sectors can be equipped, trained, and operationally integrated with AI-powered security tools before attackers gain equivalent offensive capabilities without equivalent safeguards, the programme will have achieved its structural goal: a durable, lasting advantage for defenders that does not depend on any single company maintaining exclusive access to frontier models.

Whether that goal proves achievable will depend on the pace of regulatory harmonisation across the sectors and jurisdictions now entering the programme, the willingness of open-source maintainers to absorb new disclosure and patching workflows at scale, and the speed at which Anthropic and its industry peers can develop the precision safeguards required for broader model access. As the Financial Times has noted, those are non-trivial dependencies — but the scale of the vulnerability surface now being systematically documented by Glasswing partners suggests the cost of inaction materially exceeds the cost of attempting them.

Disclosure: Business 2.0 News has no financial relationship with Anthropic or any of its partners. This article is based on publicly available information from Anthropic's official announcement, regulatory filings, and editorial coverage from Reuters, the Financial Times, Bloomberg, AP News, TechCrunch, and VentureBeat. All vulnerability statistics are sourced directly from Anthropic's published disclosures.

Sources include company disclosures, regulatory filings, analyst reports, and industry briefings.

Related Coverage

• More AI Security Analysis
• Latest Technology News