Anthropic has built a controlled distribution channel for a model it will not release publicly, and that channel just grew by 150 organizations spanning more than 15 countries.
The expansion of Project Glasswing, reported by CNBC on June 2, triples the programme’s partner count from the roughly 50 organizations that received access in April. New partners must clear unspecified security requirements before they receive access to Claude Mythos, Anthropic’s cybersecurity model that the company has explicitly withheld from general release because its offensive capabilities were judged too dangerous for open deployment.
The 10,000-flaw figure anchors the value case. Since launch, Glasswing partners have collectively surfaced more than 10,000 high- or critical-severity vulnerabilities using Mythos. Anthropic has not disclosed how that figure breaks down by partner, sector, or software category, but the aggregate number is the kind of proof-of-value that makes it easier to justify the programme’s existence to regulators, the White House, and future partners alike.
The new cohort fills gaps in the original partner set. The April launch skewed toward established security vendors and large technology companies: Apple, Nvidia, Microsoft, CrowdStrike, and Palo Alto Networks. The June expansion targets critical infrastructure sectors that were underrepresented, specifically power, water, healthcare, communications, and hardware. Cloud data management firm Rubrik confirmed it was among the newly admitted organizations; Anthropic did not disclose the full list of new entrants.
The governance question is now the most consequential open issue in the programme. Anthropic has created what amounts to a tiered capability regime: a set of organizations that can access a model’s offensive cybersecurity capabilities and a much larger set that cannot. The criteria for admission remain opaque. Anthropic says new partners must meet security requirements, but has not published what those requirements are, who evaluates compliance, or what recourse exists if a Glasswing partner is breached and Mythos access is compromised.
That gap matters because the threat surface of the programme scales with its membership. Fifty organizations in April was a contained experiment. One hundred and fifty organizations across fifteen countries in June is an operational system. A breach at any single partner with inadequate access controls could expose the same offensive capability that Anthropic concluded was too risky to release publicly.
Anthropic’s statement frames the expansion in terms of long-term goals: making all software more secure and helping the industry adjust to how AI changes the core assumptions of cybersecurity. The White House has been engaged, holding meetings with technology companies and financial institutions on safe deployment. Whether those conversations have produced any enforceable standard for Glasswing admission criteria has not been reported.
The timing compounds the stakes. Anthropic filed its IPO prospectus confidentially with the Securities and Exchange Commission the day before this announcement. A programme generating 10,000 critical vulnerability disclosures is a credible story for institutional investors. It is also a story that draws attention to the governance architecture sitting underneath it.
Any organization in a critical infrastructure sector that is not currently a Glasswing partner should treat the expansion as a procurement signal: Anthropic is actively recruiting in power, water, and healthcare, and the security bar for admission is the variable to understand now, before a competitor gains access and you do not.
Source: CNBC (cnbc.com), reporting by Samantha Subin, published June 2, 2026.
