Anthropic announced on Tuesday that it is expanding Project Glasswing, its collaborative program aimed at securing critical software using AI.
The initiative, launched with roughly 50 initial partners in early April, granted them access to Claude Mythos Preview. Those partners have since used Mythos to scan codebases and identified thousands of vulnerabilities.
The expansion adds roughly 150 new organizations, each required to meet Anthropic’s standards before gaining access. These partners are based in more than 15 countries and include providers of critical infrastructure in sectors such as power, water, healthcare, communications, and hardware.
Many are vendors and maintainers of widely used codebases relied upon by governments and other organizations worldwide.
A common factor among the new partners is the potential impact of a successful cyberattack targeting their products, which could affect more than 100 million people for most participants and carry significant national and global security implications.
The expansion of Project Glasswing follows collaboration with existing partners, the security industry, open source software maintainers, and the US government.
Anthropic has not shared the expanded list of partners, but the Financial Times reported that the newly added organizations include Okta, Samsung, the EU cybersecurity agency ENISA, and NATO.
The AI giant reported recently that Mythos identified more than 23,000 potential vulnerabilities, with the company estimating that more than 6,000 will be confirmed as severe flaws.
Organizations such as Mozilla, Palo Alto Networks, and Cloudflare saw good results when turning Mythos against their own products.
[ Read: Anthropic Releases New Claude Sandbox, Security Guidance Plugin ]
With Mythos and other AI tools rapidly discovering vulnerabilities, the problem now shifts to verifying and patching them. For instance, of the thousands of security bugs found by Mythos, only 75 critical and high-severity issues have been patched.
Anthropic says Mythos can also help with verification and patching, and the company is working with others to “substantially scale up the reviewing and patching of vulnerabilities in open-source software”.
“We’re also working on sharing ideas and best practices for disclosing vulnerabilities to open-source maintainers, with the intent of making these reports easier to triage and to act upon,” Anthropic said.
Related: Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere
Related: The Mythos Moment: Enterprises Must Fight Agents with Agents
Related: OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal
Related: Sweet Security Launches Agentic AI Red Teaming to Counter ‘Mythos Moment’
