What You'll Learn
- What Project Glasswing is and why Anthropic created it
- Full list of confirmed Glasswing partners and how to join
- How Mythos 5 discovers vulnerabilities with exploit-chain reasoning
- What this means for the future of AI-powered cybersecurity defense
What Is Project Glasswing?
Project Glasswing is Anthropic's collaborative cybersecurity initiative launched on April 7, 2026, designed to give defenders a strategic head start before offensive AI tools become widely available. The program provides trusted organizations with early access to the Mythos-class AI model — initially Mythos Preview, and from June 9, 2026, the full Claude Mythos 5 — explicitly for defensive vulnerability discovery and patch development.
The name "Glasswing" draws from the metaphor of making software transparent — using AI to see through code and identify hidden weaknesses before they can be exploited. The core thesis is straightforward: if attackers will soon have access to AI models capable of finding and exploiting vulnerabilities at scale, defenders must get that same capability first to secure critical systems.
Anthropic's announcement emphasized the urgency: "Within 6 to 12 months, we expect that many other AI companies will have Mythos-class models, and they could release them without safeguards that prevent misuse." Project Glasswing is designed to build the infrastructure, standards, and response mechanisms needed before that scenario arrives.
This initiative is distinct from the public-facing Claude Fable 5 release. While Fable 5 and Mythos 5 are the same underlying model, Mythos 5 operates without the safety classifiers that block cybersecurity, biology, and chemistry queries — because for Project Glasswing partners, those capabilities are the entire point.
The Urgency: Why Mythos 5 Changed the Cybersecurity Calculus
Anthropic's decision to restrict Mythos-level capabilities was not hypothetical caution. When Mythos Preview was tested internally, it demonstrated abilities that fundamentally changed the threat landscape.
Cloudflare — one of the first Project Glasswing partners — provided the most detailed public analysis. In a May 18, 2026, blog post, Cloudflare's security team described what they observed when they pointed Mythos Preview at fifty of their own repositories. Their conclusion was stark: "The jump from what was possible with previous general-purpose frontier models to what Mythos Preview does today is not just a refinement of what came before. It's a different kind of tool doing a different kind of work."
The two capabilities that stood out were exploit chain construction and proof generation — described in depth on Anthropic's Project Glasswing page. Mythos Preview can take multiple low-severity bugs — each individually harmless — and reason about how to combine them into a working exploit chain. It can then write code to trigger the suspected vulnerability, compile and run it in a scratch environment, and iterate on failures autonomously until it produces a working proof of concept.
In Cloudflare's words: "A model would identify an interesting bug, write a thoughtful description of why it mattered, and then stop, leaving the actual chain unfinished. What changed with Mythos Preview is that a model can now take those low-severity bugs, which would traditionally sit invisible in a backlog, and chain them into a single, more severe exploit."
Within the first weeks of Project Glasswing, partners had already found more than 10,000 high- or critical-severity security flaws using Mythos Preview. The volume and severity of these findings validated Anthropic's decision to keep Mythos behind restricted access — and simultaneously underscored why defenders needed it urgently.
Project Glasswing Partners: Confirmed Organizations
Anthropic initially launched Glasswing with approximately 50 organizations across 12 founding partners. On June 2, 2026, it expanded to roughly 200 organizations across more than 15 countries. On June 9, 2026, with the launch of Claude Mythos 5, existing partners were upgraded from Mythos Preview to the production-grade model.
| Partner | Sector | Role in Glasswing |
|---|---|---|
| Dragos | OT/ICS Security | Industrial control system vulnerability scanning |
| Tenable | Vulnerability Management | Exposure management and risk assessment |
| Trend Micro (TrendAI) | Enterprise Security | AI-powered threat detection platforms |
| Netskope | Cloud Security | Cloud and data protection scanning |
| BeyondTrust | Identity Security | Privileged access vulnerability analysis |
| Rubrik | Data Security | Backup and recovery code integrity |
| BT (British Telecom) | Telecommunications | Critical telecom infrastructure security |
| Intercontinental Exchange | Financial Markets | Trading and clearing system hardening |
| Hitachi | Industrial / Tech | Hardware and industrial software security |
| Cloudflare | Web Infrastructure | Edge network and CDN vulnerability research |
The expanded cohort in June 2026 added organizations in sectors that were underrepresented in the initial launch: power, water, healthcare, communications, and hardware manufacturing. Each of these sectors operates infrastructure where a successful cyberattack could affect more than 100 million people, according to Anthropic's estimates. The new partners are also geographically diverse, spanning more than 15 countries including the United States, Australia, EU member states, and India.
How Mythos 5 Finds Vulnerabilities: The Technical Architecture
Cloudflare's detailed technical analysis revealed that pointing a generic AI coding agent at a repository — the obvious approach — does not work at scale. The fundamental issue is that vulnerability research requires narrow, parallel investigation, while coding agents are designed for focused, sequential task execution.
Cloudflare built a sophisticated 7-stage harness to use Mythos Preview effectively, and their architecture provides a blueprint for how any organization can operationalize Mythos-class models for security:
Reconnaissance Stage
An agent reads the repository top-down, fans out to subagents responsible for each subsystem, and produces an architecture document covering build commands, trust boundaries, entry points, and likely attack surface. This gives every downstream agent shared context and eliminates what Cloudflare called "the wander problem" — unfocused model exploration that produces noise instead of findings.
Hunt Stage
Each task pairs one attack class with a scope hint. Hunters run concurrently — typically around 50 at once — each fanning out to exploration subagents. Each hunter has tools to compile and run proof-of-concept code in a per-task scratch directory. This parallel architecture achieves coverage that a single-agent approach could not approach.
Validation Stage
An independent agent re-reads the code using a different prompt and attempts to disprove the original finding. This adversarial review catches a meaningful fraction of false positives that the hunter would miss when reviewing its own work.
Gapfill, Dedupe, and Trace Stages
Gapfill re-queues areas the hunters touched but did not cover thoroughly. Dedupe collapses findings sharing the same root cause into a single record. The Trace stage is the most critical: for each confirmed finding in a shared library, a tracer agent fans out across consumer repositories to determine whether attacker-controlled input actually reaches the bug from outside the system.
Cloudflare's conclusion was decisive: "There is a flaw" must become "there is a reachable vulnerability," and Mythos Preview could make that determination autonomously. This capacity to trace exploitability across codebases is what distinguishes a Mythos-class model from conventional static analysis tools.
How to Join Project Glasswing
Project Glasswing is not an open application program. Anthropic selects organizations based on specific criteria related to infrastructure criticality and security readiness.
Organizations that qualify fall into three categories:
Critical Infrastructure Providers. Organizations in power, water, healthcare, communications, finance, and transportation that provide essential services. Anthropic estimates that a successful attack on these partners could affect over 100 million people.
Software Vendors and Open-Source Maintainers. Companies or nonprofits that maintain codebases relied upon by many other organizations and governments. If a vulnerability in their software could cascade across the global digital supply chain, they are candidates for Glasswing.
Government Agencies. The US government is directly collaborating on the Glasswing rollout. The EU's cybersecurity agency ENISA has received access, and India has joined through its national cybersecurity framework. More government partnerships are expected as the program expands.
To signal interest, organizations should contact Anthropic's security team through the official Claude Enterprise channels. Anthropic has stated it intends to expand Glasswing further — "prioritizing additional essential infrastructure providers, maintainers of critical open-source software, and safety testers." The company is also developing a Cyber Verification Program that would grant Mythos-class capabilities to a broader set of organizations for specific cyberdefense tasks.
The US Government Collaboration and Global Expansion
Project Glasswing represents a rare public-private partnership in frontier AI security. The US government is directly involved in the rollout, with Anthropic working closely on security requirements and vetting processes for new partners.
India joined the program in early June 2026, as reported by The Indian Express, making it one of the first non-Western nations to gain access to Mythos-level AI for cybersecurity defense. The EU's cybersecurity agency ENISA also received access, marking a coordinated Western approach to AI-powered cyber defense.
Australia gained access through its national cybersecurity framework, with the Sydney Morning Herald reporting that the country received access to an AI model "too dangerous to release" to the general public. The expansion to 15+ countries demonstrates Anthropic's intent to create a global defensive network, not just a US-centric initiative.
This government collaboration also influences how Anthropic approaches safety. The 30-day data retention requirement on Fable 5 and Mythos 5 — even for enterprises that previously had zero-retention agreements — is explicitly framed as a defensive measure. Anthropic stated it will use retained data only to "defend against complex and novel attacks, including new jailbreaks" and to "identify and reduce false positives."
OpenAI's Countermove: Daybreak and GPT-5.5 Cyber
Project Glasswing did not go unanswered by Anthropic's competitors. In May 2026, OpenAI launched Daybreak, its direct counter to Glasswing, alongside three GPT-5.5 Cyber models specifically tuned for defensive cybersecurity tasks.
OpenAI's strategy was to offer multiple model tiers — GPT-5.5-Cyber-Lite for routine scanning, GPT-5.5-Cyber-Pro for advanced vulnerability research, and GPT-5.5-Cyber-Enterprise for full-spectrum security operations. This three-tier approach mirrors Anthropic's Glasswing model, where Mythos 5 sits at the top while Opus 4.8 and Sonnet 4.6 handle lower-tier security tasks through the broader Claude Security product.
This competitive dynamic is accelerating the timeline for AI-powered cybersecurity across the industry. Both companies recognize that the barrier between defensive and offensive AI capabilities is thin — the same model that finds vulnerabilities to patch them can find vulnerabilities to exploit them. The race is not just about capability, but about who deploys those capabilities with adequate safeguards.
The Bottleneck: Vulnerability Patching, Not Discovery
One of the most important insights from Project Glasswing is that vulnerability discovery is no longer the bottleneck in cybersecurity — patching is. Anthropic's partners found over 10,000 high- and critical-severity flaws in the first weeks alone, and the capacity to find them will only increase as Mythos 5 scales.
Anthropic explicitly acknowledged this: "The bottleneck in cybersecurity is now verifying, disclosing, and patching the large numbers of vulnerabilities that Mythos-class models can surface." Many Glasswing partners are now using — similar to the multi-agent approach in Claude Opus 4.8 Dynamic Workflows — Mythos Preview to write patches in addition to finding bugs, and for pre-release checks that prevent vulnerabilities from appearing in the first place.
Cloudflare's analysis reinforced this point: "Patching faster does not change the shape of the pipeline that produces the patch. If regression testing takes a day, you cannot get to a two-hour SLA without skipping it, and the bugs you ship when you skip regression testing tend to be worse than the bugs you were trying to patch."
The architectural solution, according to Cloudflare, involves defenses that sit in front of the application and block exploitation even when a bug exists — designing systems so that a flaw in one component cannot cascade to others, and enabling instantaneous fix deployment across all instances of the vulnerable code. For Cloudflare's customers, these are exactly the principles their Web Application Firewall and Zero Trust platform are built to apply.
The Future of Project Glasswing
Anthropic's long-term vision for Project Glasswing extends well beyond the current 200-partner cohort. The company has outlined three strategic priorities:
Scale the Partnership. Anthropic plans to expand Glasswing to "hundreds of thousands of organizations, researchers, and maintainers" who need access to advanced cyber capabilities. This will require highly robust safeguards that prevent the model's cyber capabilities from being misused — safeguards that Anthropic acknowledges "all AI developers" have yet to develop.
Shift from Finding to Fixing. The program aims to steadily shift from vulnerability discovery to disclosure, fixing, and deploying patched software at scale. Anthropic is in discussions with third parties about substantially scaling up the reviewing and patching of vulnerabilities in open-source software.
Build Defensive Infrastructure. The company intends to support the industry in creating new initiatives, standards, and infrastructure for the era of powerful cyber models. This includes the recently launched Claude Security product, which uses public frontier models like Opus 4.8 for codebase scanning, and the Cyber Verification Program for broader Mythos-level access.
The broader context is that Anthropic is approaching its IPO, having filed confidentially on June 1, 2026, at a reported $965 billion valuation. Project Glasswing serves both a genuine security mission and a strategic positioning purpose, as covered in our analysis of Anthropic's IPO filing — demonstrating that Anthropic can responsibly manage the most powerful AI models while building deep relationships with governments, much like what we explored in our AI cybersecurity threats guide for enterprises and critical infrastructure providers worldwide — a topic explored further in our AI cybersecurity tools guide.
Conclusion
Project Glasswing represents an unprecedented approach to AI safety: instead of simply restricting powerful models, Anthropic is actively deploying them to defenders first. With 200 partners across 15+ countries, over 10,000 vulnerabilities already found, and a clear roadmap for expansion, Glasswing has demonstrated that the defensive potential of Mythos-class AI models is as significant as the offensive risk they pose.
The program's most important insight is that vulnerability discovery is no longer the hard part — the bottleneck has shifted to patching, architectural defense, and organizational readiness. Organizations that want to prepare for the AI-powered cybersecurity era should focus less on acquiring the latest model and more on building the harness, triage pipeline, and deployment infrastructure needed to act on AI-discovered vulnerabilities at scale.