Anthropic is expanding its gated cyberdefense program, Project Glasswing, to 150 additional organizations across more than 15 countries. The move scales access to Claude Mythos Preview, an unreleased frontier AI model possessing offensive hacking capabilities so advanced that the company locked it away from the general public. While the expansion is framed as a global shield for critical infrastructure like power grids, water systems, and financial networks, it exposes a terrifying operational bottleneck. The world is about to find software vulnerabilities thousands of times faster than human engineers can patch them.
This international rollout reveals a quiet panic occurring behind closed doors in Washington, London, and New Delhi.
By distributing Mythos to a wider circle of corporate and state actors, Anthropic is trying to patch the global software supply chain before rival AI firms release equivalent, ungated models. The strategy is a high-stakes gamble. If a single partner leaks the model weights or access credentials, the weaponized automation used to find zero-day vulnerabilities will belong to everyone.
The Weaponized Engine Under the Glass Wing
Anthropic initially limited Mythos to roughly 50 deeply vetted tech firms and government agencies, including the UK AI Security Institute and the US government. The model is a stark departure from standard large language models. While its public sibling, Claude Opus, suggests code or reviews syntax, Mythos is an active agent. It possesses an infinite context window, meaning it can ingest an entire multi-million-line operating system or banking application simultaneously.
More concerning is its autonomous agentic scaffolding. Mythos does not just read code; it formulates hypotheses about vulnerabilities, spins up isolated debugging containers, writes exploits, and tests them recursively until it achieves control flow hijack.
The results are mathematically undeniable and structurally terrifying. During initial testing, the model discovered more than 10,000 high- or critical-severity security flaws in codebases previously deemed stable. It uncovered a 27-year-old bug buried deep within OpenBSD that had survived decades of manual audits. It bypassed protections on advanced hardware and successfully weaponized exploits against major web browsers.
Faced with an AI that could systematically dismantle modern software architecture, Anthropic initiated Project Glasswing to weaponize the defense before bad actors weaponized the offense.
The Mirage of Global AI Defense
The newly expanded cohort of 150 organizations targets the soft underbelly of global infrastructure. Anthropic is bringing in sectors historically slow to modernize, including water districts, healthcare conglomerates, telecommunications networks, and defense alliances like NATO. Financial behemoths like Euroclear, the New York Stock Exchange owner ICE, and the international payments rails of Swift are now plugged into the Mythos matrix. Industrial tech giants like Samsung and SK Hynix are scanning their hardware codebases.
The corporate narrative suggests this creates a unified front against cyber warfare. The technical reality is a logistical nightmare.
Software security relies on a delicate sequence: discovery, verification, triage, patch creation, testing, and deployment. Human engineering teams are already drowning in backlogs. When an AI agent drops 500 critical vulnerabilities into a security team's queue on a Tuesday morning, the pipeline breaks.
Anthropic admits that the primary bottleneck of Project Glasswing has shifted completely from finding flaws to patching them. The company is experimenting with letting Mythos write its own patches and run pre-release checks. Relying on an AI to fix the vulnerabilities it found creates an unsettling loop of machine-authored code securing machine-discovered flaws.
The Six Month Countdown to Chaos
The expansion of Project Glasswing is not just a philanthropic effort to save the internet. It is a desperate race against the commoditization of frontier intelligence.
Anthropic explicitly warns that rival AI labs will develop Mythos-class capabilities within the next six to twelve months. Those competitors may not enforce a gated research preview. They may not vet their clients or restrict usage to defensive telemetry.
Once an open-source or adversarial model with these capabilities hits the web, the concept of a zero-day vulnerability changes forever. Legacy defensive strategies like signature detection, firewalls, and periodic penetration testing will become completely useless against an attacker that can automatically map an enterprise network, chain minor bugs into catastrophic failures, and execute novel attacks in seconds.
The geopolitical tension surrounding this reality is palpable. US Treasury officials and international finance ministers have held emergency briefings on what this means for global economic stability. India has engaged its largest IT firms to run secure testing on its national banking infrastructure, terrified of what happens when these automated exploitation techniques are unleashed at scale.
For decades, the cybersecurity industry operated under the assumption that human creativity was the limiting factor in hacking. That assumption is gone. Anthropic has widened the circle of trust to 150 new organizations, but in doing so, they have signaled that the window to secure the world's code before the floodgates open is rapidly closing. Enterprises waiting for a general release to fix their systems are already too late.
