In brief
- Anthropic is expanding Project Glasswing, letting more organizations access its powerful Claude Mythos AI model.
- The company recently said broader customer access to Mythos-class models could arrive in the coming weeks.
- Researchers and government agencies continue to scrutinize the model's ability to identify vulnerabilities and conduct complex cyber operations.
Anthropic is expanding access to its Claude Mythos AI model through Project Glasswing, a program meant to let tech and security firms and governments discover and fix bugs and potential exploits before the powerful model is publicly released.
In a blog post on Tuesday, Anthropic said it is adding roughly 150 organizations to its controlled program as the company prepares for a broader release of the controversial model.
The expansion comes after Anthropic said it expects to bring Mythos-class models to customers "in the coming weeks" once it completes additional safeguards. The news also comes as Anthropic prepares to go public after confidentially filing for an IPO on Monday with the U.S. Securities and Exchange Commission.
“Following several weeks of close collaboration with our Project Glasswing partners, the security industry, open-source software maintainers, and the U.S. government, we’re extending the partnership to approximately 150 new organizations,” Anthropic wrote. “Each one will need to meet our security requirements before they gain access.”
The latest Project Glasswing expansion adds organizations from critical infrastructure sectors, including power, water, healthcare, communications, and hardware. Anthropic said many of the new organizations maintain software used by governments and hundreds of millions of people.
“What each partner has in common is that a successful attack on their codebase could be catastrophic,” Anthropic wrote. “For most partners, we estimate that a major attack could affect more than 100 million people, with important ramifications for both global and national security.”
Claude Mythos emerged publicly in March after draft Anthropic materials leaked online. According to Anthropic, organizations that previously received access have already used Mythos Preview to identify more than 10,000 high or critical-severity software vulnerabilities. Partners are also using the model to write patches, conduct security reviews, and test software before release.
The model's capabilities have raised concerns among researchers and government agencies that increasingly capable AI systems could make cyberattacks easier to execute.
The U.K. AI Security Institute reported that Mythos autonomously completed a 32-step simulated corporate network attack during testing. Mozilla said the model identified 271 vulnerabilities that it fixed in the Firefox web browser, while security startup Calif claimed a preview version helped researchers develop an exploit chain targeting Apple's M5 computer chips.
Anthropic said it is expanding access to Mythos because it believes defenders need increasingly capable AI tools before attackers gain similar capabilities. The company said it expects other developers to release Mythos-class models within six to 12 months, potentially without comparable safeguards, raising the prospect of more frequent and less predictable cyberattacks.
“In the future, frontier model releases will become increasingly high-stakes. Capabilities will continue to improve across all domains, including many that—like cybersecurity—can empower attackers and defenders alike,” Anthropic wrote. “If we’re successful, we hope to enable a permanent advantage for defenders.”
Anthropic did not immediately respond to a request for comment by Decrypt.
With the expanded private access, users on Myriad—a prediction market platform operated by Decrypt's parent company, Dastan—are losing confidence that Claude Mythos will be released to the public by the end of June. They pencil in just a 26.5% chance as of this writing, down from a peak of 58.5% last week.
Facts Only
Anthropic is expanding Project Glasswing, adding roughly 150 organizations to access its Claude Mythos AI model.
Project Glasswing is a controlled program for tech firms, security organizations, and governments to identify and fix software vulnerabilities.
The expansion includes organizations from critical infrastructure sectors: power, water, healthcare, communications, and hardware.
Anthropic expects to release Mythos-class models to customers in the coming weeks after completing additional safeguards.
Anthropic confidentially filed for an IPO with the U.S. Securities and Exchange Commission on Monday.
Claude Mythos was publicly revealed in March after draft Anthropic materials leaked online.
Organizations using Mythos Preview have identified over 10,000 high or critical-severity software vulnerabilities.
The U.K. AI Security Institute reported Mythos autonomously completed a 32-step simulated corporate network attack.
Mozilla used Mythos to identify and fix 271 vulnerabilities in the Firefox web browser.
Security startup Calif used a preview version of Mythos to develop an exploit chain targeting Apple's M5 computer chips.
Anthropic states that other developers may release Mythos-class models within six to 12 months, potentially without comparable safeguards.
Prediction markets estimate a 26.5% chance of Claude Mythos being publicly released by the end of June.
Executive Summary
Full Take
The strongest version of this narrative is that Anthropic is proactively managing the risks of its advanced AI model by allowing controlled access to defenders before attackers can exploit similar capabilities. The company’s expansion of Project Glasswing reflects a strategic effort to preemptively address cybersecurity threats, particularly in critical infrastructure, where vulnerabilities could have catastrophic consequences. The inclusion of high-profile cases, such as Mozilla’s use of Mythos to fix Firefox vulnerabilities, lends credibility to the model’s utility. However, the narrative also carries an undercurrent of urgency—Anthropic warns that other developers may release comparable models without safeguards, framing its actions as a race against time to maintain a defensive advantage.
Patterns detected: ARC-0024 Ambiguity (the timeline for public release remains uncertain, with prediction markets contradicting earlier optimism), ARC-0043 Motte-and-Bailey (Anthropic emphasizes defensive use while acknowledging the model’s offensive potential in cyberattacks).
The root cause of this narrative is the tension between innovation and security in AI development. Anthropic’s actions suggest a belief that defensive AI must outpace offensive capabilities, but this assumes that safeguards can be effectively implemented and that attackers won’t adapt. The broader implication is a potential arms race in AI-driven cybersecurity, where the balance of power between defenders and attackers becomes increasingly precarious. Who benefits? Anthropic positions itself as a responsible leader in AI safety, which could enhance its reputation and market position, especially as it prepares for an IPO. Who bears the costs? Organizations and governments must now grapple with the dual-use nature of AI, where the same tools that secure systems can also be weaponized.
Bridge questions: How can we verify that the safeguards Anthropic implements are sufficient to prevent misuse? What mechanisms exist to ensure that AI models like Mythos are not co-opted by malicious actors? Would a slower, more cautious rollout of such models better serve global security, even if it means delaying defensive benefits?
Counterstrike scan: If this were part of a coordinated influence campaign, the playbook would involve framing Anthropic as the sole responsible steward of AI cybersecurity to justify rapid expansion and market dominance. The actual content aligns with this to some extent—emphasizing urgency and defensive necessity—but does not exhibit overt manipulation. The focus on real-world vulnerabilities and third-party validations (e.g., Mozilla, U.K. AI Security Institute) adds legitimacy, though the lack of independent scrutiny of the safeguards remains a gap.
Sentinel — Human
The analysis presents grounded information from multiple named sources and demonstrates human-driven narrative focus rather than purely synthetic generation.