Anthropic Expands Project Glasswing to 150 Organizations Protecting Critical Infrastructure Worldwide

By Hector Herrera | June 3, 2026

Anthropic has expanded Project Glasswing to approximately 150 additional organizations across more than 15 countries, with the new cohort focused exclusively on critical infrastructure — power grids, water systems, hospitals, communications networks, and hardware supply chains. Since the program's restricted Claude Mythos Preview model went live in early April, it has already surfaced more than 10,000 high- or critical-severity software vulnerabilities across participating organizations.

Background

Anthropic launched Project Glasswing earlier this year as a tightly controlled program giving select security teams access to Claude Mythos, a restricted variant of its frontier model built specifically for offensive and defensive security research. The initial cohort was small and invite-only. Tuesday's expansion marks the first time Anthropic has disclosed the full scale of the program and named critical infrastructure as the central focus.

The name Glasswing — a nod to a butterfly whose wings are transparent, exposing what lies beneath — signals Anthropic's framing: use AI to make hidden vulnerabilities visible before adversaries find them first.

What the Expansion Covers

According to Help Net Security, the roughly 150 newly onboarded organizations span:

• Power and energy — grid operators, utilities, and energy management platforms
• Water systems — municipal and regional water treatment and distribution infrastructure
• Healthcare — hospital networks and medical device manufacturers
• Communications — telecommunications carriers and internet exchange operators
• Hardware — semiconductor and hardware supply chain companies

Anthropic says most partner organizations provide critical services to populations of more than 100 million people, which places their security posture directly in the national and global security tier.

The 10,000+ vulnerabilities flagged since April represent high- or critical-severity findings — the class most likely to be exploited in real attacks, as distinct from low-severity edge cases.

Why This Matters

Critical infrastructure has become the highest-stakes arena in AI-assisted security. Adversaries, including nation-state actors, are already using AI tools to accelerate reconnaissance and exploit development. The asymmetry — attackers iterate in hours, defenders patch in weeks — is what programs like Glasswing are designed to close.

The 10,000-vulnerability number is significant for two reasons. First, it validates that frontier AI models can find real security holes at scale, not just in controlled research environments. Second, it means Anthropic's restricted model is operating on live production infrastructure at organizations that, if compromised, could affect essential services for tens of millions of people.

For security teams in these sectors, access to Claude Mythos Preview provides something they rarely have: a system that can reason across complex codebases and infrastructure configurations to identify chained exploits that static analysis tools miss.

What to Watch

The program is still restricted — organizations must apply and be vetted by Anthropic. The key question now is whether the 10,000 vulnerability count leads to measurable patching rates and whether Anthropic will publish aggregated findings to help organizations outside the program benefit from what's being learned. As critical infrastructure security becomes an explicit AI policy battleground in Washington and Brussels, Glasswing's results will likely inform regulatory discussions about what responsible AI deployment in high-risk sectors actually looks like.

Hector Herrera covers AI infrastructure and security for NexChron. Sources: Help Net Security, Cybersecurity Dive, CSO Online.