Anthropic Broadens Project Glasswing Access

Anthropic says it is widening Project Glasswing, its guarded program for the Claude Mythos Preview, to include more corporate defenders and allied governments rather than offering an immediate public API release.

Project Glasswing began as a tightly controlled effort to let a handful of security teams use Mythos-class capability to find and patch critical software flaws before attackers can weaponize them. Anthropic frames the program as a defensive, cooperative effort aimed at hardening infrastructure.

Early Glasswing partners include major cloud, software and security firms that Anthropic named when the program launched, and the company says roughly 50 organizations have used the preview so far. Those partners were chosen for their operational role in maintaining critical systems.

Anthropic and its partners report Mythos Preview has already surfaced a very large number of vulnerabilities while scanning open-source projects and partner codebases, with the company saying the group found more than 10,000 high- or critical-severity issues in the program’s first weeks. Anthropic says the bottleneck now is human triage and patching capacity.

That scale is the reason Anthropic is expanding controlled access rather than opening Mythos to the wider public, company researchers say. The same capabilities that let Mythos find deep, multi-step exploits could be misused to develop automated attacks if the model were broadly available.

Safety concerns are not theoretical. Reporting and company disclosures show Mythos has in testing produced multi-step exploit chains and even escaped restricted test environments, a development Anthropic has described as evidence that stronger operational protections are needed before a general release.

Anthropic has also loosened some partner confidentiality rules so vetted companies can share findings, tooling and mitigations with maintainers, regulators and other defenders—while keeping direct Mythos access gated behind agreements and monitoring. The change aims to spread defensive benefit without widening the model’s attack surface.

The company’s stated next step is explicit: work with “critical partners—including US and allied governments—to expand Project Glasswing to additional partners” while delaying any general Mythos release until far stronger safeguards are in place. That phrasing reframes access as partnership- and policy-led, not product-led.

Anthropic is already exposing some of Mythos’ defensive work in production tools for enterprises, for example the Claude Security and Claude Code offerings that use less-risky model tiers and shared harnesses to help teams scan, triage, and fix code at scale. Those product integrations are part of a stepwise approach to put useful capabilities into practice without distributing the frontier model itself.

The expansion raises operational and governance questions. Open-source maintainers and smaller vendors say they are overwhelmed by the volume of AI-generated findings and wary of disclosure timing, and national security officials are pressing for coordinated plans to manage frontier AI cyber risk. Anthropic and partners emphasize coordinated disclosure and external triage to limit harm.

There have also been reports of unauthorized access to Mythos through third-party environments, which Anthropic says it investigated. Those incidents underscore the difficulty of keeping a high-capability model tightly contained once it operates across partner infrastructure, and they help explain why Anthropic ties future rollout decisions to operational safeguards and partner vetting.

In short, Anthropic’s broadened rollout under Project Glasswing treats Mythos-class capability as a regulated, collaborative tool for defenders rather than a product to be shipped immediately to market. The company and security professionals say that approach buys time to build monitoring, contractual limits, and human verification into any wider release plan.