Anthropic expands Project Glasswing to ~150 organizations, releases Claude Security

Anthropic significantly broadened Project Glasswing, bringing roughly 150 new organizations from more than 15 countries — including critical infrastructure operators — into preview access for its Claude Mythos security model. The expansion follows early collaborations in which Glasswing partners collectively identified over 10,000 high- or critical-severity security flaws, a figure Anthropic uses to argue the model materially raises defensive capability.

Alongside the expansion, Anthropic released Claude Security, a product built on Claude Opus 4.8 that scans codebases for vulnerabilities and proposes patches — pushing Mythos's offensive-discovery capabilities toward a defensive remediation workflow. The pairing is deliberate: find flaws, then fix them within the same vendor stack.

The context is fraught. As the BBC reported, Anthropic has blocked UK banks from Mythos previews, and Bank of England Governor Andrew Bailey confirmed banks still lack access — even as OpenAI swoops in with GPT-5.5 Cyber. So Anthropic is widening access to 150 organizations while gatekeeping others, fueling debate over how dual-use security models should be distributed. Skeptics note the 10,000-flaw figure is self-reported and that releasing offensive-capable tooling broadly, even to vetted operators, raises the stakes if a partner is compromised. Watch how regulators reconcile Anthropic's expansion with their stated concerns about systemic financial-sector risk.