Cybersecurity
Anthropic Turns Project Glasswing Into an AI Security Scale Test
Published June 03, 2026 by Dillip Chowdary
Anthropic is expanding Project Glasswing from a limited partner program into a larger controlled vulnerability-discovery network. The June 2 update says roughly 50 initial partners used Claude Mythos Preview against real codebases and reported more than 10,000 high or critical-severity flaws.
The next wave is materially larger. Anthropic plans to extend access to approximately 150 additional organizations across more than 15 countries, with access gated by security requirements. That detail matters because the model is not being distributed like a normal developer tool; it is being treated as sensitive security capability.
What Changed
The original Glasswing framing was model-assisted auditing for important software. The expansion reframes it as an operating program: partner eligibility, secure access, triage expectations, and coordination with security industry and government stakeholders.
For critical infrastructure maintainers, the upside is faster discovery of latent defects in complex codebases. The risk is that high-capability vulnerability agents can also compress attacker timelines if access control, logging, disclosure workflow, and result handling are weak.
How Teams Should Evaluate It
Security leaders should not evaluate Glasswing-style systems only by raw finding count. Useful metrics include duplicate rate, exploitability proof quality, mean time to confirm, mean time to remediate, disclosure completeness, and whether the agent can explain data flow and privilege boundaries well enough for reviewers to trust the report.
The durable lesson is that frontier-model security tools are becoming managed programs. The model is only one component; the deployment boundary, human approval path, and evidence trail decide whether the capability improves defense without creating unmanaged risk.