Anthropic has expanded its Project Glasswing cybersecurity programme to around 150 additional organisations in more than 15 countries.
The move follows an initial phase in which roughly 50 partners were given access to Claude Mythos Preview to scan codebases for security vulnerabilities. Those early users identified more than 10,000 high- or critical-severity flaws.
The latest intake broadens the sector mix beyond the first cohort. It includes organisations in power, water, healthcare, communications and hardware, many of which maintain software used by other organisations, including governments.
Access is not automatic. Each organisation must meet Anthropic's security requirements before using the system.
Project Glasswing focuses on software Anthropic considers especially sensitive. The common factor among participants, it said, is that a successful attack on their codebase could have severe consequences. For most partners, a major incident could affect more than 100 million people.
Broader debate
The programme sits within a wider debate over how advanced AI systems are changing cyber defence and cyber offence. Anthropic said its work with partners, software maintainers, the security industry and the US government had shaped both the expansion and its view of the programme's role.
It argued that more AI developers could produce models with similar cyber functions within the next six to 12 months. In its view, that raises the prospect of more frequent and less predictable attacks unless defenders adapt quickly.
Anthropic sees two main tasks for itself. One is helping the software industry adapt by making stronger models, tools and shared infrastructure available in a controlled way. The other is extending support beyond finding vulnerabilities to disclosure, remediation and deployment of fixes.
Patch pressure
Anthropic said the main constraint in cybersecurity is no longer just detecting flaws, but verifying them, disclosing them responsibly and patching them at scale. Many Project Glasswing partners are already using Mythos Preview to draft patches and run checks before software releases in an effort to stop weaknesses from being introduced.
It also pointed to other defensive uses, including penetration testing, threat detection and response, and rewriting legacy code in memory-safe languages. Anthropic said it is discussing with third parties how to increase review and patching work for vulnerabilities in open-source software.
Alongside the programme, Anthropic recently released Claude Security, which uses its public models to scan codebases and suggest patches. It is also making available, on request to trusted security teams, tools developed during the Glasswing work to help locate vulnerabilities more quickly.
Critical suppliers
Many of the newly added organisations are vendors or nonprofits that maintain software codebases relied on by large numbers of users. That matters because weaknesses in shared software components can spread risk far beyond a single company or public body.
The new intake also reflects a push towards sectors that underpin daily life and public services. Power networks, water systems, healthcare providers and communications operators have become more central to national resilience planning as cyber incidents have grown in frequency and cost.
Anthropic presented the programme as part of a wider shift in how the industry prepares for advanced AI systems with dual-use characteristics. Cybersecurity is one of the clearest examples of that tension because the same tools that help defenders can also aid attackers.
It said it ultimately wants to support new standards, initiatives and infrastructure for what it called the era of powerful cyber models. For now, however, wider release remains limited because robust safeguards to prevent misuse of Mythos-level systems have not yet been developed.
That constraint is likely to shape how quickly such tools reach a broader market. Anthropic said hundreds of thousands of organisations, researchers and maintainers may eventually need access to advanced cyber tools, but any move towards general availability would depend on stronger protections against abuse.
In the meantime, the programme is being directed at operators of essential infrastructure, maintainers of critical open-source software and safety testers. Anthropic also said it is working on better ways to share ideas and practices for disclosing vulnerabilities to open-source maintainers so reports are easier to triage and act on.
The emphasis on open-source software reflects a practical challenge for governments and industry alike. Much of the digital infrastructure used across the economy depends on code maintained by small teams or nonprofits, leaving critical components exposed when security reports arrive faster than maintainers can review and fix them.
Anthropic said the early phase of Project Glasswing showed that participating organisations moved quickly to use the model at scale, share methods with peers and work with third parties to assess findings. It said those methods should be replicated more widely across organisations and developers exposed to cyberattacks.
The programme has shown it "a great deal about how to respond when models cross important capability thresholds," Anthropic said.