Anthropic announced Tuesday, June 2, 2026, that Project Glasswing — its joint initiative using Claude Mythos Preview to hunt software vulnerabilities — is expanding from roughly 50 initial partners to approximately 200 total organizations across more than 15 countries.

The 150 new entrants cover sectors that were deliberately left out of the first wave: power, water, healthcare, telecommunications, and hardware. According to Anthropic's own blog post, the company estimates a successful cyberattack on any one of these partners could affect more than 100 million people.

What Mythos Has Already Found

The first cohort of 50 partners has already uncovered more than 10,000 high-or-critical-severity vulnerabilities since the program launched in early April, according to CyberScoop.

Cloudflare alone found 2,000 bugs across its critical-path systems — 400 rated high or critical — with a false-positive rate better than human testers, per CyberScoop. Mozilla found and fixed 271 vulnerabilities in Firefox 150 during testing, more than ten times what was found in a previous Firefox version using an older Anthropic model. Multiple other partners reported bug-discovery rates increasing more than tenfold after deploying Mythos.

Anthropic also ran Mythos across more than 1,000 open-source projects, flagging 23,019 potential vulnerabilities. Of those, 6,202 were estimated high or critical. Of 1,752 independently reviewed findings, over 90% were confirmed valid, according to CyberScoop.

Who's in the New Cohort

Anthropic did not publicly disclose all new partners. But the Financial Times, citing a person familiar with the matter, identified several key additions: NATO, the EU cybersecurity agency ENISA, South Korean chipmakers Samsung and SK Hynix, telecom giant SK Telecom, and U.S. identity security firm Okta, according to TechCrunch.

The geographic spread now includes Australia, Canada, France, Germany, Italy, Switzerland, the Netherlands, Spain, Belgium, Sweden, India, Japan, New Zealand, and South Korea — all U.S. allies, per TechCrunch. Anthropic is not handing this capability to China or Russia.

Already-confirmed first-wave members include Apple, Nvidia, Microsoft, CrowdStrike, Palo Alto Networks, Amazon Web Services, Cisco, Google, JPMorganChase, and the Linux Foundation, according to CyberScoop and CNBC.

The Patching Problem

Anthropic acknowledges that finding vulnerabilities is no longer the limiting factor. It's fixing them.

"The bottleneck in fixing bugs like these is the human capacity to triage, report, and design and deploy patches for them," Anthropic said in its blog post, as quoted by CyberScoop.

A joint report from the Cloud Security Alliance, the SANS Institute, and OWASP concluded that organizations are "likely to be overwhelmed" in the near term by threat actors using AI to find and exploit vulnerabilities faster than defenders can patch them, according to CyberScoop.

The same AI that's helping defenders find flaws could also help attackers exploit them. Anthropic knows this. That's the entire reason the company is racing to build out Project Glasswing before rivals catch up.

OpenAI's Competing Model

Rival OpenAI didn't sit still. According to TechCrunch, since Mythos launched, OpenAI released its own cybersecurity-focused model — GPT-5.5-Cyber — and has begun rolling it out to a large group of partners for testing. The AI cybersecurity arms race is moving fast.

Anthropic acknowledged this directly, stating it expects other AI companies to soon develop models as capable as Mythos Preview — which is precisely why the company says it's racing to establish safeguards now, per TechCrunch.

Beyond the IPO Headline

Most outlets are overshadowing this expansion story with Monday's bigger headline: Anthropic confidentially filed its IPO prospectus with the SEC, following a $65 billion funding round at a nearly $1 trillion valuation, per CNBC and TechCrunch.

But the expansion deserves attention in its own right. The software running hospitals, electric grids, banks, and phones is riddled with flaws that an AI can now find in weeks — and the same AI can help attackers exploit them just as fast. A compromised water treatment system affects millions of people directly.

Security Requirements for Access

New partners must meet security requirements before gaining access to Mythos, according to CNBC. Anthropic has been explicit that it will not release Mythos-class models to the general public, citing insufficient safeguards, per CyberScoop.

The company is also exploring how Mythos can help open-source maintainers triage vulnerability reports, which have skyrocketed in the AI era, according to Cybersecurity Dive.

The Reckoning

Anthropic just handed the keys to some of the world's most consequential software systems to an AI model and expanded that program to 200 organizations across four continents. The AI has already found 10,000+ critical flaws in just the first 50 partners. Humans cannot patch vulnerabilities as fast as this thing can find them.