Claude Mythos Expands to Critical Infrastructure as Project Glasswing Scales to 200 Organizations

The model Anthropic won't release

Anthropic's Claude Mythos is not a model you can download, call via API, or put on a waitlist for. Since its April 7 announcement, it has operated inside a controlled program called Project Glasswing - available only to vetted organizations that pass Anthropic's security requirements. On June 2, Anthropic expanded that program from roughly 50 organizations to more than 200 total, adding 150 new partners across more than 15 countries. The latest additions cover sectors that were underrepresented in the original cohort: power utilities, water systems, hospital networks, telecommunications operators, and hardware manufacturers.

Claude Mythos Preview is Anthropic's top-of-the-line frontier model - positioned above the public Opus and Sonnet lines that developers use every day. The capability gap is not marginal. On the 2026 USA Mathematical Olympiad, Mythos scored 97.6%, compared to 42.3% for Opus 4.6 - a 55-point separation that signals a generational leap rather than an incremental update. On SWE-bench Pro, a software engineering benchmark, the Anthropic Mythos model outperforms GPT-5.4 by more than 20 points (77.8% vs. 57.7%).

The capability that keeps it off the public market is its performance on offensive security tasks. The UK AI Security Institute evaluated Mythos on expert-level hacking challenges and found a 73% success rate on tasks that no AI model could complete at all before April 2025. On a benchmark covering roughly 7,000 open-source repository entry points, Mythos achieved tier-5 control-flow hijacks in 10 cases. Sonnet 4.6 and Opus 4.6 each managed one tier-3 result.

Anthropic's position is that releasing this model publicly - before the security industry has tools to defend against what it can do - would be irresponsible. That's the logic behind Project Glasswing: give defenders early access, let them use the model offensively to find and patch their own vulnerabilities, before adversaries get there.

Ten thousand flaws in eight weeks

The results from Glasswing's initial 50 partners make a stronger case than any benchmark. Since the program launched in April, those organizations have surfaced more than 10,000 high- or critical-severity security vulnerabilities using Claude Mythos Preview.

A few results stand out. Cloudflare identified 2,000 bugs across its critical-path systems, including 400 rated high or critical, with a false-positive rate the company described as better than human testers. Mozilla found and fixed 271 vulnerabilities in Firefox 150 while testing the model - more than ten times the number found in a previous Firefox version using an earlier Anthropic model. Multiple other partners reported that bug discovery rates increased more than tenfold after deploying Mythos in their workflows.

Partners are using the model for more than static code scanning. Members are deploying it for penetration testing, threat detection, patch generation, and translating existing code into memory-safe languages - tasks that typically require substantial security engineering headcount and long timelines.

Why power grids and hospitals are next

The June 2 expansion targets a specific gap. The original Glasswing cohort was concentrated in general software companies and the US government. The sectors with the highest downstream exposure to cyberattacks - critical infrastructure - were not well represented. Anthropic estimates that a major attack on the systems now joining the program could affect more than 100 million people.

The new partners span power, water, healthcare, communications, and hardware manufacturing, based across more than 15 countries. Anthropic also confirmed that ENISA, the European Union's cybersecurity agency, has joined the program - a notable move given Europe's historically cautious stance on frontier AI deployment in sensitive contexts.

Every organization entering Project Glasswing must pass Anthropic's security requirements before gaining access to the model. That vetting process is designed to keep Claude Mythos Preview in defensive use. Current major partners already in the program include Apple, Nvidia, Microsoft, CrowdStrike, and Palo Alto Networks.

The race Anthropic is actually running

The timing of the expansion is not incidental. On June 1 - one day before the Glasswing announcement - Anthropic filed a confidential draft S-1 with the SEC for an initial public offering. This followed the company closing a $65 billion Series H round led by Altimeter Capital, Dragoneer, Greenoaks, and Sequoia Capital at a nearly $1 trillion post-money valuation.

Project Glasswing is now a central pillar of Anthropic's enterprise security narrative heading into that IPO. But the company's own published warnings suggest the program is also driven by something more urgent than revenue positioning. Anthropic has stated publicly that within 6 to 12 months, it expects multiple other AI companies to have Mythos-class models - and that some of those companies may release them without the safeguards built into Glasswing.

If that happens, the cost structure of cyberattacks changes fundamentally. Attacks that currently require nation-state resources and years of planning become accessible to well-funded criminal organizations. The window Anthropic is working inside is narrow - and Glasswing is the attempt to harden the highest-value targets before it closes.

What enterprise security teams should know now

US enterprises that cannot access Claude Mythos through Glasswing are not without options. Anthropic launched Claude Security in public beta on April 30, using Claude Opus 4.7 to scan codebases and generate patches without custom tooling. The capability gap versus Mythos is real, but Opus 4.7 represents a significant step up from standard code review pipelines for most American security teams.

Anthropic also connected its models to 28 security and compliance platforms through the Claude Compliance API in late May 2026, embedding AI-powered code analysis inside enterprise stacks that already include CrowdStrike and Palo Alto Networks. That means some teams may already have access to Claude-powered scanning through tools they are currently paying for.

Separately, existing Glasswing members are not just scanning - they are using Claude Mythos Preview for penetration testing and pre-release code vetting, building new workflows that will become standard practice once the broader market catches up. Teams that start building those workflows now, even with Opus-tier tools, will have a structural advantage when capabilities become more widely distributed.

The near-term question for most security organizations is not whether they can access Mythos - they likely cannot. The question is whether they are using what is available today to close ground before Mythos-class capabilities reach the open market.

Sources