Access to Anthropic’s most capable AI model has been extended to an additional 150 organizations, widening a program that uses frontier AI to find vulnerabilities in the world’s most critical software.
Anthropic announced the expansion of Project Glasswing on June 2, building on an initial group of roughly 50 partners that gained access to Claude Mythos Preview in April.
That cohort has since used the model to reportedly uncover more than 10,000 high- or critical-severity flaws, the AI company said.
Why the Scope of Glasswing has Widened
The new partners sit in more than 15 countries and cover sectors thinly represented at launch, including power, water, healthcare, communications and hardware, with many being software vendors whose code is embedded in other organizations.
Anthropic said it chose them because a cyber-attack on any of their codebases could be catastrophic, estimating that for most a major breach could affect more than 100 million people.
The firm framed the move as preparation for a shift it has repeatedly flagged. Within six to 12 months, it expects rival developers to field models with comparable cyber capabilities, potentially released without safeguards against misuse.
General access to Mythos-class models remains off the table, Anthropic acknowledged that the safeguards needed to release one safely do not yet exist anywhere.
Discovery is Outpacing the Fix
The expansion sharpens a problem the industry is already wrestling with: finding flaws has become far easier than fixing them. Anthropic itself has said the bottleneck now lies in verifying, disclosing and patching the vulnerabilities these models surface.
Jeff Williams, founder of OWASP and CTO of Contrast Security, said the announcement piles fresh pressure on teams that were already overwhelmed.
“AI is turning vulnerability discovery into an industrial-scale activity, but most organizations still remediate at human speed,” he said.
Finding more flaws does not make software safer, Williams argued, unless organizations can validate, prioritize, fix and deploy at the same pace. The real opportunity, he suggested, is to point AI at threat modeling and secure design rather than yesterday’s scan-and-patch cycle.
Read more on Project Glasswing: Anthropic Launches Project Glasswing to Fix Software Bugs With AI
Gunter Ollmann, CTO of Cobalt, said the findings show automated tools such as SAST and DAST can only reach so far, and that pairing AI analysis with skilled human direction surfaces flaws conventional approaches miss.
“The organizations that benefit most from these advances will be the ones that can rapidly validate, prioritize and remediate the issues being discovered before attackers find them first,” Ollmann concluded.
Image credits: JRdes / Samuel Boivin / Shutterstock.com
