Anthropic expands Project Glasswing to 150 organizations in more than 15 countries
Anthropic is expanding Project Glasswing, its cybersecurity initiative built around the Claude Mythos Preview model, by adding about 150 organizations following several weeks of work with its initial group of partners, security firms, open-source maintainers, and government agencies.
Organizations joining the program must meet security requirements before gaining access, Anthropic noted.
The expansion brings the program to organizations in more than 15 countries and includes sectors such as healthcare, energy, communications, technology, and other infrastructure operators. Anthropic said it intends to broaden the program’s geographic reach over time.
“In critical infrastructure, one exposed vulnerability can affect far more than a single company. The expansion of Glasswing gives more essential sectors a chance to prepare for the next phase of cybersecurity, where finding vulnerabilities is faster and reducing real-world risk is what counts,” said Joe Saunders, CEO of RunSafe Security.
Project Glasswing launched in April with about 50 organizations using Claude Mythos Preview to scan software for vulnerabilities. The initiative has led to the discovery of more than 10,000 high- and critical-severity flaws since its launch, according to the company.
Project Glasswing and Claude Mythos Preview have sparked discussions within the software industry and government circles, helping shape the program’s expansion and purpose.
The initiative is intended to help organizations prepare for a future in which AI systems with advanced cyber capabilities become more widely available.
“Mythos Preview continues a long-term trend that we’ve been warning about for some time: within 6 to 12 months, we expect that many other AI companies will have Mythos-class models, and they could release them without safeguards that prevent misuse. In that world, cyberattacks could occur much more often, and in much more unpredictable forms. It’s imperative that cyberdefenders adapt to maintain pace,” Anthropic wrote.
Security teams still face a growing patching burden
Vulnerability discovery is becoming less of a bottleneck, according to Anthropic. Security teams still need to verify findings, disclose issues, develop patches, and deploy updates.
“My advice is to spend about five minutes processing Anthropic’s latest announcement and then immediately get back to looking at your own patch cycle, because that is where companies are going to get burned. Expect the next wave of security advisories to come from your vendors, in volume, faster than your change windows were built to handle,” noted Jim Sherlock, VP, AI & Cybersecurity R&D at ProCircular.
“Patch pipelines that are not able to handle the incoming flood of advisories and vulnerabilities will simply turn into a giant backlog full of good intentions,” added Sherlock.
Alongside the expansion, Anthropic plans to make vulnerability discovery tools developed for Project Glasswing available to trusted security teams upon request.
Last week, Anthropic announced plans to release its Mythos-class models to all customers once additional cyber safeguards are in place.
“We’re working as quickly as we can to safely release Mythos-level capabilities in general access. To do so, we’ll need highly robust safeguards that prevent the model’s cyber capabilities from being misused—safeguards that we have yet to develop,” the company concluded.