According to Anthropic's blog post, the company is expanding Project Glasswing access by roughly 150 additional organizations after an initial cohort of about 50 partners tested Claude Mythos. Anthropic reported that early partners detected more than 10,000 high- or critical-severity flaws in their codebases, and Bloomberg reports the total groups with access will be about 200. Per Anthropic and CNBC, the new partners span more than 15 countries and include sectors such as power, water, healthcare, communications, and hardware; each organization must meet security requirements before gaining access. CNBC also reports Anthropic has confidentially submitted a draft S-1 to the SEC and intends to offer Mythos in the European Union.
What happened
According to Anthropic's blog post, the company is expanding Project Glasswing by granting access to approximately 150 additional organizations for testing Claude Mythos, its model for detecting software vulnerabilities. Anthropic reported that the initial cohort of roughly 50 partners had already uncovered more than 10,000 high- or critical-severity security flaws, a figure cited in the company's announcement and in CNBC coverage. Bloomberg reports the expanded cohort brings total groups with access to about 200. CNBC and Anthropic's post say the new partners are based in more than 15 countries and include sectors such as power, water, healthcare, communications, and hardware. Anthropic's blog post states that each organization must meet its security requirements before being granted access.
Technical details
Anthropic frames Project Glasswing as a cooperative effort to surface high-impact software vulnerabilities using Claude Mythos. SecurityWeek reported earlier that Mythos-detected findings included as many as 23,000 potential vulnerabilities across 1,000 open-source projects, a separate tally that underscores the model's reach in scanning widely used code. CNBC reports that Anthropic has not disclosed the identities of the new organizations joining the coalition. Anthropic's announcement also ties the expansion to coordinated work with open-source maintainers and government stakeholders.
Editorial analysis - technical context
Models that automate vulnerability discovery can scale detection velocity and surface classes of issues that manual review often misses, while also increasing the volume of potential findings requiring triage. Companies that use advanced automated scanners typically confront false positives, reproducibility challenges, and the need to integrate results into existing bug-tracking and disclosure pipelines. Observed patterns in comparable deployments show that operational controls, access gating, and collaboration with maintainers materially affect how quickly high-confidence issues are mitigated.
Industry context
The expansion is notable because it moves Claude Mythos beyond a tightly limited preview into broader enterprise and critical-infrastructure contexts, which amplifies both defender utility and dual-use concerns flagged in public reporting. CNBC and Bloomberg place the announcement alongside Anthropic's confidential draft S-1 filing with the SEC, underscoring commercial and regulatory dimensions to wider Mythos availability. For practitioners, the practical consequences will include greater upstream disclosure workload for open-source maintainers and security teams needing robust triage and remediation workflows.
What to watch
- •Observers will monitor how Anthropic and partners handle vulnerability disclosure timelines and coordination with maintainers and national CERTs, including whether standardized disclosure processes are published.
- •Watch for public lists or named partners, since CNBC notes Anthropic did not disclose the identities of the newly added organizations; transparency will affect community trust and triage capacity.
- •Regulatory and policy responses in the EU and national security communities merit attention, given CNBC's reporting that Anthropic intends to offer Mythos to the European Union and has filed a draft S-1 with the SEC.
- •Track technical metrics: rates of reproducible findings versus false positives, integration of Mythos outputs into bug-tracking systems, and whether vendors publish remediation guidance or automated fixes.
Scoring Rationale #
The expansion materially increases the deployed footprint of a high-impact vulnerability-finding model and raises operational, disclosure, and regulatory questions that matter to security and ML practitioners.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.