Anthropic says Project Glasswing is moving into a wider phase after work with early partners, security organizations, open-source maintainers, and the US government shaped the program’s next steps. Roughly 50 initial participants previously received access to Claude Mythos Preview to review software codebases for weaknesses. Those organizations later identified more than 10,000 software flaws classified as high or critical severity. Access will now extend to around 150 additional organizations that must first satisfy security requirements.

The expanded group includes organizations located in more than 15 countries, with many tied to systems that support essential services for larger populations. Sectors such as power, water, healthcare, communications, and hardware now appear more strongly represented than before. Several of the new participants maintain software relied upon by governments and institutions worldwide. According to the announcement, a successful compromise affecting many partners could carry consequences for more than 100 million people.

Anthropic also outlined why the effort is broadening at this stage. Discussions with governments, software organizations, and security groups influenced how the program evolved and sharpened attention on how stronger cyber-focused AI systems may affect existing cybersecurity assumptions. The company said lower-cost and faster systems with advanced cyber capabilities are approaching, creating pressure for defenders to adjust how they respond to digital threats and software risks.

The company described two priorities shaping the effort ahead. One focuses on helping organizations safely gain access to stronger tools, models, and supporting systems for cybersecurity work. The other centers on moving support beyond vulnerability discovery toward reviewing, disclosing, repairing, and deploying fixes. Participants have already begun using Mythos Preview at scale to inspect software, exchange operational practices, and coordinate reviews of findings with outside groups.

Anthropic also described a broader effort to strengthen software repair and defensive preparation. Partners now use the model for patch writing and pre-release reviews aimed at reducing software weaknesses before deployment. Discussions with third parties continue around increasing review and patching work for open-source software, while future expansion plans include additional infrastructure providers, software maintainers, safety testers, and wider access through the Cyber Verification Program.

📊 What This Means (Our Analysis)

Anthropic’s expansion of the initiative highlights a broader shift in cybersecurity work from simply detecting software weaknesses to managing the full response cycle around them. The announcement places equal weight on discovery, review, disclosure, and repair, suggesting a more structured defensive process that could help organizations respond faster and with greater coordination as cyber capabilities improve.

The decision to widen access across infrastructure providers, maintainers, and trusted security teams also matters because it spreads defensive tools to organizations supporting widely used systems and software. By pairing access with security requirements and operational collaboration, the effort points toward a more prepared environment for organizations facing increasingly advanced cybersecurity challenges.

📌 Our Take: The long-term test may rest on whether stronger defensive systems can scale as quickly as emerging cyber risks.