Anthropic said Tuesday it is extending Project Glasswing to roughly 150 new organizations across more than 15 countries, opening up its restricted Claude Mythos Preview model to power, water, healthcare, communications, and hardware companies that weren't part of the first round. The announcement landed a day after the company confidentially filed for an IPO off a $65 billion round, which is its own story and not this one.
Here's the thing about Glasswing. The model at the center of it, Mythos, is the one Anthropic won't let you have. It calls Mythos its most capable model, capable of finding thousands of zero-days over a few weeks, and precisely because of that it's kept on a very short leash. The first 50 partners got access in early April. The U.S. government was among them. Everyone else has been watching from outside the glass.
The 10,000 number, and what it actually counts
The headline figure everyone is repeating: more than 10,000 high- or critical-severity vulnerabilities found since launch. It's a real number, but worth slowing down on. Anthropic's own initial update says Mythos scanned over 1,000 open-source projects and flagged what it estimates are 6,202 high- or critical-severity flaws, out of 23,019 total. Estimates. Of those, only 1,752 had been checked by independent security firms at the time, and after triage 90.6% held up as true positives.
So the 10,000 figure bundles the open-source haul together with whatever partners found in their own codebases, and a chunk of it is the model grading its own homework until humans catch up. That's not a knock, exactly. It's just that "found" and "confirmed" are doing different jobs, and the press release smooths over the gap.
The example Anthropic keeps reaching for is a partner bank that used Mythos to stop a fraudulent $1.5 million wire transfer after an attacker compromised a customer's email and made spoofed calls. Good story. Also not really a vulnerability-scanning story, which tells you the company is still figuring out what this thing is best at.
Who's actually in
Anthropic didn't name the new cohort. CyberScoop reported that Rubrik is among them, citing sources. The original Glasswing roster, for context, reads like a who's who: Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks. The new group leans toward vendors whose code quietly underpins everything else, plus nonprofit maintainers.
One genuinely interesting addition that didn't make Anthropic's own post: the company recently admitted ENISA, the European Union's cybersecurity agency, into the program, per Cybersecurity Dive. A national-bloc cyber agency getting a model the public can't touch is the part I'd watch.
The bottleneck nobody's solved
And this is where the enthusiasm runs into a wall. If you can find vulnerabilities ten or more times faster, you've just created ten times the patching backlog. Vendors are already slow. Microsoft recently went after a researcher who went public with flaws because he felt the company was dragging its feet.
Anthropic knows this. It's now pushing partners to use Mythos to write patches and run pre-release checks too, and it's in talks with third parties about scaling up open-source review. The flip side, noted in CSO Online's coverage: maintainers are already drowning in low-quality, AI-generated bug reports. Pour a frontier model's output on top of that and you'd better hope the triage scales with it.
When does everyone else get it?
The clock matters here. In its announcement Anthropic states plainly that within 6 to 12 months it expects other AI companies to have Mythos-class models, and warns they might ship them without misuse safeguards. That's the whole justification for keeping Mythos locked down while racing to build the safety scaffolding around it.
The company says it wants to bring Mythos-class capabilities into general access "in the coming weeks," but only once it has safeguards strong and precise enough to block offensive use, safeguards it admits neither it nor anyone else has built yet. So: imminent, conditional on solving a problem that's currently unsolved. Make of that what you will.
For now the path is incremental expansion plus a Cyber Verification Program meant to grant narrow Mythos-class access for specific defensive tasks. No public release date. The next thing to watch isn't a model launch, it's whether the 150 new partners can patch what Mythos finds before the 6-to-12-month window closes on everyone else getting the same firepower.
