Anthropic said Tuesday it is broadening Project Glasswing, its program for using advanced AI tools to improve software security, by adding about 150 new organizations. The move comes after the company gave roughly 50 early partners access to Claude Mythos Preview and reported that those users have already identified more than 10,000 high- or critical-severity vulnerabilities in codebases.
The new cohort includes organizations in more than 15 countries and spans sectors such as power, water, healthcare, communications, and hardware. Anthropic said many of the additions are infrastructure providers and vendors whose code is used by other companies, nonprofits, and governments. Before receiving access, each organization must satisfy Anthropic’s security requirements.
The company framed the expansion as part of a broader effort to make software more secure as AI capabilities advance. Anthropic said it expects cyber-focused models to become more widely available over the next year and warned that other companies may soon release similarly capable systems without sufficient safeguards. In that environment, the company argues, defenders will need to adapt how they detect, disclose, and fix vulnerabilities.
Project Glasswing began as a collaboration with security groups, open-source maintainers, and the US government. Anthropic said the program has already changed how partners work, with participants using the model at scale, comparing notes on findings, and coordinating with third parties to review results.
The company said its longer-term goal is to move beyond vulnerability discovery and help speed up the full security workflow, including disclosure and remediation. Anthropic noted that the main bottleneck is no longer only identifying bugs, but verifying them, notifying the right maintainers, and getting patches deployed.
To support that effort, Anthropic recently released Claude Security, a product that uses its public frontier models to scan code and recommend fixes. The company also said it is sharing, on request and with trusted security teams, tools developed during Project Glasswing that help surface vulnerabilities more quickly.
Partners in the program are using Claude Mythos Preview for more than scanning. According to Anthropic, the model is also being used to draft patches, run pre-release checks, simulate penetration tests, automate threat detection and response, and modernize older code by moving it to memory-safe languages.
Anthropic said the expansion reflects a balancing act between widening access to powerful cyber capabilities and preventing misuse. The company said it is trying to release Mythos-level capabilities more broadly, but that robust safeguards remain a technical challenge because the same tools can help both defenders and attackers.
The company said it is in talks with outside groups about scaling vulnerability review and patching for open-source software. It is also working on ways to make vulnerability reports easier for maintainers to process and act on.
Looking ahead, Anthropic plans to expand Project Glasswing further, including to more critical infrastructure providers, maintainers of important open-source projects, and safety testers in the US and abroad. The company also intends to scale up its Cyber Verification Program, which would provide Mythos-class capabilities for specific defensive tasks.
Anthropic cast the effort as an early test of how the cybersecurity industry may need to operate as AI systems become more capable. If the company’s approach works, it says it hopes to give defenders a lasting edge as frontier models continue to improve.