Anthropic has announced a significant expansion of its Project Glasswing program, granting access to its advanced and highly restricted AI model, Claude Mythos Preview, to roughly 150 new organizations across 15 countries. This move follows early success in identifying thousands of severe software vulnerabilities since the program's launch.
Initially, the program included around 50 partners from major technology and finance firms such as Amazon Web Services, Cisco, Google, Microsoft, and JPMorgan Chase. The latest expansion targets sectors underrepresented in the first phase, including power, water, healthcare, communications, and hardware, with many new participants providing the essential codebases that support critical infrastructure systems. Among the newly added participants is Rubrik, a cloud security and data management company, according to sources.
The impact of Claude Mythos Preview’s vulnerability detection has attracted strong attention. Cloudflare reported discovering 2,000 bugs in its core systems, including hundreds classified as high or critical severity, with fewer false positives than traditional human testing. Mozilla found and remedied 271 vulnerabilities in Firefox 150, a figure exceeding ten times the bugs detected in earlier versions using previous Anthropic models. Other partner organizations have seen similar multiple-fold increases in vulnerability detection after integrating Mythos into their testing workflows.
Anthropic also deployed Mythos on over 1,000 open-source projects, flagging more than 23,000 potential security flaws, over 6,000 of which were rated high or critical severity. Independent verification confirmed over 90% of a sample of serious findings as valid. Despite these breakthroughs, Anthropic highlights a major challenge remains: the limited human capacity to triage, report, and develop patches for vulnerabilities swiftly enough to prevent exploitation.