ResearchAnthropicVerified

Anthropic expands Project Glasswing to ~150 critical-infrastructure organizations across 15+ countries

ListenJun 2, 2026published Jun 4, 2026

On June 2, 2026, Anthropic disclosed that it is significantly expanding Project Glasswing, its program to harden critical-infrastructure software with frontier-model-assisted security analysis. Roughly fifty initial partners, onboarded in early April with access to Claude Mythos Preview, are now joined by approximately 150 new organizations spanning more than fifteen countries and the power, water, healthcare, communications, and hardware sectors. Anthropic says the initial cohort has already surfaced more than 10,000 high- or critical-severity security flaws.

What's new

The partner count grows from roughly fifty to about two hundred (fifty initial plus approximately 150 new), with reach extended to "more than 15 countries."
Sector coverage is named explicitly: power, water, healthcare, communications, and hardware, i.e., the canonical critical-infrastructure list that CISA-equivalent agencies regulate.
Many of the new partners are software vendors whose codebases sit upstream of governments and other organizations, which magnifies the blast radius of any defect found and fixed inside the program.
Anthropic confirms an associated product line: "We recently released Claude Security, a product that uses our latest public frontier models, like Claude Opus 4.8, to scan codebases and suggest patches."
Specialized tools, presumably more capable than the Claude Security generally-available SKU, are being offered "on request, to trusted security teams," an acknowledgement that some Glasswing tooling is dual-use enough that Anthropic is unwilling to ship it broadly.

Context

Project Glasswing began as a small preview tied to Claude Mythos, Anthropic's internal cyber-tuned frontier, in April 2026. The May 28 launch of Claude Opus 4.8, with a one-million-token context window, default high effort, and adaptive thinking, is the public-frontier model now underwriting the productized Claude Security offering.
The expansion sits alongside Anthropic's recently-published one-year cyber-threat review, which mapped a year of AI-enabled attack patterns to MITRE ATT&CK and argued that offensive use of frontier models is professionalizing quickly.
The framing Anthropic uses for urgency is that "cheap, fast AI models with powerful cyber capabilities are around the corner," with a stated expectation that within six to twelve months other AI providers will field comparable Mythos-class models. The implication is that the defender's lead is measured in months, not years.

Why it matters

The bet underneath Glasswing is that defenders extract more value from frontier models than attackers do, but only if they get them first and deploy them in coordinated programs. The expansion is the operational manifestation of that bet, scaled out from a controlled preview to roughly two hundred organizations.
A figure like 10,000 critical-severity flaws is the kind of number that pulls regulators in. Both general cybersecurity agencies and sector-specific bodies (FERC, FDA, FCC) will face pressure to formalize AI-assisted vulnerability disclosure norms once a frontier lab is reporting flaws at this rate.
For AI-consultancy and security buyers, the productization line matters. Scanning-and-suggesting-patches is now a frontier-lab SKU (Claude Security), not just an internal preview, which sets the price-and-capability anchor that vertical AppSec tools will have to compete against.
The "specialized tools on request" language formalizes a tiered cyber-AI access model, broad product GA at one end and vetted-only sharing at the other, that is likely to reappear across other labs' safety and security surfaces.

Corroborating sources

Anthropic
https://www.anthropic.com/news/expanding-project-glasswing
“We're now expanding Project Glasswing. Following several weeks of close collaboration with our Project Glasswing partners, the security industry, open-source software maintainers, and the US government, we're extending the partnership to approximately 150 new organizations.”

What's new

The partner count grows from roughly fifty to about two hundred (fifty initial plus approximately 150 new), with reach extended to "more than 15 countries."

Sector coverage is named explicitly: power, water, healthcare, communications, and hardware, i.e., the canonical critical-infrastructure list that CISA-equivalent agencies regulate.

Many of the new partners are software vendors whose codebases sit upstream of governments and other organizations, which magnifies the blast radius of any defect found and fixed inside the program.

Anthropic confirms an associated product line: "We recently released Claude Security, a product that uses our latest public frontier models, like Claude Opus 4.8, to scan codebases and suggest patches."

Specialized tools, presumably more capable than the Claude Security generally-available SKU, are being offered "on request, to trusted security teams," an acknowledgement that some Glasswing tooling is dual-use enough that Anthropic is unwilling to ship it broadly.

Context

Project Glasswing began as a small preview tied to Claude Mythos, Anthropic's internal cyber-tuned frontier, in April 2026. The May 28 launch of Claude Opus 4.8, with a one-million-token context window, default high effort, and adaptive thinking, is the public-frontier model now underwriting the productized Claude Security offering.

The expansion sits alongside Anthropic's recently-published one-year cyber-threat review, which mapped a year of AI-enabled attack patterns to MITRE ATT&CK and argued that offensive use of frontier models is professionalizing quickly.

The framing Anthropic uses for urgency is that "cheap, fast AI models with powerful cyber capabilities are around the corner," with a stated expectation that within six to twelve months other AI providers will field comparable Mythos-class models. The implication is that the defender's lead is measured in months, not years.

Why it matters

The bet underneath Glasswing is that defenders extract more value from frontier models than attackers do, but only if they get them first and deploy them in coordinated programs. The expansion is the operational manifestation of that bet, scaled out from a controlled preview to roughly two hundred organizations.

A figure like 10,000 critical-severity flaws is the kind of number that pulls regulators in. Both general cybersecurity agencies and sector-specific bodies (FERC, FDA, FCC) will face pressure to formalize AI-assisted vulnerability disclosure norms once a frontier lab is reporting flaws at this rate.

For AI-consultancy and security buyers, the productization line matters. Scanning-and-suggesting-patches is now a frontier-lab SKU (Claude Security), not just an internal preview, which sets the price-and-capability anchor that vertical AppSec tools will have to compete against.

The "specialized tools on request" language formalizes a tiered cyber-AI access model, broad product GA at one end and vetted-only sharing at the other, that is likely to reappear across other labs' safety and security surfaces.