DocsQuick StartAI News
AI NewsAnthropic spreads Mythos to more key infrastructure: 150 organizations, 15 countries
Product Update

Anthropic spreads Mythos to more key infrastructure: 150 organizations, 15 countries

2026-06-02T16:05:27.580Z
Anthropic spreads Mythos to more key infrastructure: 150 organizations, 15 countries

Anthropic has tripled the scale of Project Glasswing, opening the yet‑to‑be‑released Claude Mythos cybersecurity model to 150 key infrastructure organizations across 15 countries. Within two months, 10,000 high‑risk vulnerabilities were uncovered, while the public release remains far off.

Today Anthropic expanded the list of partners for Project Glasswing from 50 to 150 organizations, now spanning 15 countries and covering five key categories of critical infrastructure: power, water, healthcare, communications, and hardware manufacturing. What’s being made accessible is Claude Mythos—a cutting-edge model that hasn’t been publicly released yet but is already mythologized within professional circles. Internally, Anthropic classifies it as “Level 4”, with capabilities far beyond Opus 4.6.

The scale of this move can be traced back to April of this year. At that time, Anthropic made the unusual decision to delay the release of a fully trained flagship model because it was “too effective” at autonomously discovering and exploiting software vulnerabilities. After the first 50 partners received limited access, they collectively uncovered around 10,000 critical vulnerabilities within two months—roughly 160 per day, many of them dormant for 10–20 years. Expanding to 150 partners now effectively signals that Anthropic has validated the project’s controllability and internal containment mechanisms—so they’re “stepping on the gas.”

Diagram of Claude Mythos and Project Glasswing

Why 150 Partners in 15 Countries?

Anthropic’s stated focus: systems where an intrusion could directly affect over 100 million people. The newly expanded partners cover:

  • Power: cross‑regional grid dispatch, substation control systems
  • Water: city water‑supply SCADA, wastewater‑treatment PLCs
  • Healthcare: hospital EHRs, imaging systems, medical‑device firmware
  • Communications: telecom core networks, 5G base‑station firmware, CDNs
  • Hardware Manufacturing: chip‑design EDA toolchains, firmware signing pipelines

The initial 50 organizations were primarily U.S. tech giants—AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks—essentially the “upstream” of the American software ecosystem. The additional 100 partners expand geographically and vertically—from “protecting those who write code” to “protecting those who use code.” That pivot is crucial: fixing upstream vulnerabilities isn’t enough; security must extend to the factories, hospitals, and grid control centers actually running that code to gain the advantage in defense.

Anthropic hasn’t disclosed the exact 15 countries. It only confirmed that new partners must pass rigorous security reviews before gaining access. Based on coordination seen since April with U.K. financial regulators, Canada’s top financial authority, and several major banks, it’s likely focused on the Five Eyes alliance + core EU states + selected Asia‑Pacific allies.

How Much Stronger Mythos is than Opus 4.6

For developers, this is the key part: Anthropic’s own benchmarks show a quantum leap rather than gradual improvement.

  • CyberGym (vulnerability reproduction): 83.1% vs 66.6%—nearly 20‑point gap
  • GPQA Diamond (complex reasoning): 94.6%
  • Humanity’s Last Exam (with tools): 64.7% vs 53.1%

Anthropic’s red‑team lead, Logan Graham, notes that Mythos achieves roughly 10× higher end‑to‑end efficiency for vulnerability discovery and exploitation compared with the previous generation. Importantly, this isn’t just an upgraded “scanner”; Mythos operates as an autonomous‑agent‑level vulnerability researcher—it reads code, reasons, writes PoC exploits, and chains multiple low‑severity bugs into complete privilege‑escalation paths.

Three landmark April cases still define that “watershed moment” in the industry:

  1. OpenBSD remote crash vulnerability hidden for 27 years. Despite OpenBSD’s reputation as one of the world’s most audited operating systems (often used in firewalls), Mythos autonomously found a bug that could crash a target machine simply via network connection.
  2. FFmpeg single‑line bug dormant 16 years. That one line of code had survived 5 million automated fuzz‑tests without issue—Mythos spotted it instantly.
  3. Linux kernel chained privilege escalation. Mythos independently linked several minor, seemingly unrelated issues into a full exploit chain from normal user to root.

All were discovered and exploited end‑to‑end autonomously, without human intervention—hence why many compare it to a “Cybersecurity AlphaGo moment.”

Bar chart comparison of Mythos and Opus 4.6 on CyberGym and other benchmarks

How Project Glasswing Works

The name comes from the glasswing butterfly—its transparent wings let it hide among foliage, much like vulnerabilities lurking deep within critical software.

Partners receive access to the Claude Mythos Preview for four categories of work:

  • Local vulnerability detection: scan their own codebases
  • Binary black‑box testing: handle third‑party components without source code
  • Endpoint security: intrusion detection and behavioral analysis
  • System penetration testing: controlled red‑team exercises on production systems

Anthropic has committed $100 million worth of model‑usage credits for the entire project. Beyond that quota, usage is charged at $25 per million input tokens and $125 per million output tokens—roughly on par with Opus‑level pricing, though Mythos consumes far more tokens due to deeper reasoning. Access is standardized via Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.

Two important details for developers:

  • Partners must submit public‑shareable findings within 90 days; Anthropic will also publish a consolidated report.
  • Open‑source maintainers can apply for access through the “Claude for Open Source” program.
  • Anthropic has donated $2.5 million to Linux Foundation (Alpha‑Omega & OpenSSF) and $1.5 million to Apache Foundation.

Core logic: Before adversaries obtain equivalent capability, clean up existing vulnerabilities in global critical software. Anthropic repeatedly warns that abilities like those of Mythos are spreading on a monthly timeline, not annual, leaving a very narrow window.

The Offense‑Defense Paradox

Here lies the tension: Mythos is both shield and sword. Anthropic openly admits—“These capabilities, if misused, would make cyber‑attacks more frequent and more destructive.”

U.S. Congress, CISA, and NIST’s AI Center of Standards & Innovation were briefed in advance. Senate Intelligence Committee Vice Chair Mark Warner urged the industry to prioritize patching in line with AI’s vulnerability‑discovery speed. Former U.S. Cyber Command official Morgan Adamski put it bluntly: “From an adversarial standpoint, this clearly has massive offensive potential.”

But it’s a double‑edged matter: the same weaknesses found in enemy systems likely exist in one’s own infrastructure. National Cyber Director Sean Cairncross has since formed a dedicated task force to audit government systems for vulnerabilities exploitable by AI.

Wall Street’s reaction was equally intense. When Mythos was first released to limited partners in April, U.S. Treasury Secretary Bessent, Federal Reserve Chair Powell, and senior executives held an emergency closed‑door meeting—the likes of which hadn’t occurred since the 2020 pandemic shock. Goldman Sachs already secured priority access; CEO Solomon told investors that cybersecurity investment would increase. U.K. and Canadian regulators and major banks have held similar sessions.

Public Version? Not Yet

This expansion doesn’t change Anthropic’s fundamental stance: Mythos will not be publicly available.

The roadmap: first, test new cybersecurity safeguards in the forthcoming generation of Claude Opus—essentially teaching Opus to refuse producing exploit code under certain conditions. Once those safeguards prove capable of detecting and blocking dangerous outputs, Anthropic will consider broader release of Mythos‑level capabilities. In other words, the near‑term public version will be a “defanged” variant lacking attack functionality.

For developers, that means two things:

  1. Unless you’re among those 150 partners, don’t expect access to Mythos soon—Anthropic Console won’t list it.
  2. When the next‑gen Opus launches, its safeguard mechanism itself will be a major selling point—a clear indicator to watch for Anthropic’s next milestone.

Incidentally, OpenAI Hub’s model‑aggregation API already wraps all publicly released Claude models (Haiku, Sonnet, Opus) for OpenAI‑compatible access. If Mythos‑level models become more open later, they’ll likely be integrated immediately. Until Anthropic lifts restrictions, any “Mythos resale” offer is almost certainly fake—developers should stay alert.

A Few Observations

This expansion—modest in size but heavy in symbolism—shows that Anthropic sees Glasswing as a long‑term initiative, not just Mythos marketing. It’s a race: vulnerability remediation vs. vulnerability proliferation. 150 partners across 15 nations may sound large, but relative to “global critical infrastructure,” it’s only the beginning.

A sharper question arises: when a private company possesses a model capable of uncovering a 27‑year‑old OpenBSD bug, how should its relationship with governments evolve? Anthropic’s choice is proactive—reporting, coordinating, donating—to embed itself within a national‑security narrative. Whether this approach proves sustainable and whether other labs follow suit are likely to be the most compelling AI‑security storylines over the next year or two.

For developers: focus now on solid software‑bill‑of‑materials (SBOM) practices, run SAST/DAST in CI pipelines, track upstream open‑source patch cadence. Before AI lowers the attack barrier, clean your own house—don’t wait until patches can’t keep pace with vulnerabilities.

References

Related Articles

View All

Contact Us

We usually reply quickly during business hours

Scan WeChat

Support: Hub Assistant

WeChat ID: