Anthropic scales Project Glasswing to 150 partners across 15 countries to hunt critical software flaws

2026-06-02 · Source: The Decoder · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Intermediate, quick

Summary

Anthropic is significantly expanding Project Glasswing, adding approximately 150 new partner organizations across more than 15 countries. This initiative utilizes the Claude Mythos Preview model to identify security flaws in critical software. Existing partners, numbering around 50, have already discovered over 10,000 serious vulnerabilities. The new partners operate in vital sectors such as energy, water, healthcare, and communications, where a successful attack could impact over 100 million people. The EU's cybersecurity agency, ENISA, is also expected to gain access, though terms are still under negotiation. Anthropic warns that rival AI companies might release comparable models within 6 to 12 months, potentially lacking misuse safeguards, and plans to broadly release Mythos capabilities after implementing sufficient protections. The company also offers Claude Security, a commercial product based on Claude Opus 4.8, which scans codebases and suggests patches, addressing threats similar to those Project Glasswing highlights.

Key takeaway

For security engineers managing critical infrastructure, Anthropic's Project Glasswing highlights the urgent need to integrate advanced AI-driven vulnerability scanning. Your organization faces a growing threat from AI models capable of rapidly discovering software flaws, with rival models potentially emerging without safeguards. You should proactively evaluate and deploy AI tools like Claude Security to identify and patch vulnerabilities faster, mitigating risks to systems affecting millions and preparing for future AI-enabled attack vectors.

Key insights

AI models like Claude Mythos can rapidly identify critical software vulnerabilities, posing both defensive and offensive capabilities.

Principles

• AI-driven vulnerability discovery scales rapidly.
• Critical infrastructure faces new AI-enabled threats.
• Proactive AI security requires robust safeguards.

Method

Project Glasswing uses the Claude Mythos Preview model to scan critical software for security flaws, partnering with organizations across various sectors to expand coverage.

In practice

• Deploy AI models for large-scale vulnerability scanning.
• Prioritize security for energy, water, healthcare systems.
• Develop AI-powered patch suggestion systems.

Topics

• Project Glasswing
• Claude Mythos Preview
• Software Vulnerabilities
• Critical Infrastructure Security
• AI Security
• Cybersecurity Partnerships

Best for: CTO, VP of Engineering/Data, Investor, AI Security Engineer, Security Engineer, Policy Maker

Related on AIssential

• Trump administration to ask US AI firms to voluntarily submit models for cybersecurity tests — The U.S. government seeks voluntary AI model cybersecurity testing from firms like OpenAI and Google via CAISI.
• Your JWT Is Lying to You - The Authorization Problem Nobody Solves Correctly — JWTs alone are insufficient for dynamic, fine-grained authorization; external policy engines are essential for scalable security.
• Hackers hijacked high-profile Instagram accounts by simply asking Meta's AI chatbot to change the email — Meta's AI support chatbot was exploited via prompt injection to hijack Instagram accounts, bypassing 2FA and automated identity checks.
• Chrome stops hackers from stealing your browser cookies now - how its new security feature works — Device Bound Session Credentials (DBSC) cryptographically ties browser cookies to a device's security chip, preventing their use if stolen.
• Reference your own AWS Secrets Manager secrets in Amazon Bedrock AgentCore Identity — Amazon Bedrock AgentCore Identity now allows referencing existing AWS Secrets Manager secrets for enhanced credential governance.
• A Three-Minute Protocol to Reduce AI Manipulation Risk — The "Think First, Verify Always" (TFVA) protocol significantly reduces AI manipulation risk by fostering independent judgment and verification.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by The Decoder.