Anthropic Expands AI Tool for Finding Security Flaws Across 150 Organizations Worldwide

Anthropic has grown Project Glasswing, its program to help organizations find security vulnerabilities using AI, from roughly 50 initial partners to around 200 partners spread across more than 15 countries. The expansion comes after the original group of organizations used Claude Mythos Preview—a specialized AI tool—to scan their code and uncover more than 10,000 serious security flaws that had gone undetected.

The new partners work in critical infrastructure sectors including power grids, water systems, healthcare, communications, and hardware manufacturing. These are the kinds of industries whose software is relied on by governments and millions of people worldwide. Anthropic estimates that a major cyberattack on most of these organizations could potentially affect more than 100 million people.

Why Focus on Critical Infrastructure

Anthropic deliberately targeted organizations that manage systems others depend on, rather than standalone applications or internal corporate software. Traditional security auditing—where human experts review code or security tools scan for known problems—works differently from Project Glasswing. Here, when Claude Mythos Preview finds a vulnerability, that discovery can help strengthen the entire ecosystem of organizations using similar code or components.

Before an organization joins the program, Anthropic vets them to ensure they meet security standards. The company hasn't shared the exact criteria, but the vetting process aims to balance expanding the program with keeping the AI system itself secure.

The U.S. government was among the initial Project Glasswing partners, setting a precedent for government participation in what amounts to a coordinated vulnerability disclosure program—a formal, controlled way to find and fix security problems rather than letting them be discovered through attacks.

How the Tool Works and What It Found

Partners have been using Claude Mythos Preview since April to scan their codebases—the underlying source code that runs their systems. The 10,000 vulnerabilities found in the first two months represent a significant volume. Anthropic has documented the methodology at red.anthropic.com/2026/mythos-preview, with full details also available in the Claude Mythos Preview system card.

This discovery rate—thousands of flaws in two months—is faster than traditional security auditing can typically achieve. However, Anthropic hasn't published direct comparisons showing how this compares to human security teams or existing automated scanning tools.

The broader context here is worth noting. When automated code-scanning tools first arrived in the late 1990s, they too uncovered thousands of previously unknown flaws in mature software. This wasn't because code had suddenly become worse—it was because these new tools could examine it systematically in ways manual review couldn't match. What we're seeing with Claude Mythos Preview likely follows that same pattern: vulnerabilities that existed all along but remained hidden until a new method could find them.

The Open-Source Challenge

Anthropic is talking with other companies about how to handle vulnerabilities found in open-source software—code that is publicly available and used by many organizations simultaneously. This is more complex than finding flaws in proprietary enterprise code. When open-source components have security problems, they need to be fixed in a coordinated way across many organizations at once, and open-source maintainers often work with limited resources and different timelines than large enterprises.

Anthropic hasn't yet clarified whether Claude Mythos Preview scans open-source repositories directly or discovers open-source vulnerabilities when partner organizations' code incorporates those open-source components. Either way, coordinating fixes becomes complicated when the same software is used by dozens or hundreds of downstream organizations across different countries.

International and Industry Attention

The fact that 15 countries are now involved signals growing international interest in using AI for cybersecurity. The software industry and government officials are already discussing both the promise of AI-assisted security and the risks—namely, that the same technology that can find vulnerabilities could potentially be misused to create them.

The geographic spread could complicate vulnerability disclosure protocols, especially when flaws are discovered in software used across different regulatory jurisdictions where rules and timelines differ.

Questions Still Unanswered

Anthropic has published documentation about how Claude Mythos Preview works, but some technical details remain unclear. The exact relationship between Claude Mythos Preview and Anthropic's standard Claude models isn't spelled out. Whether Mythos Preview is a specialized version fine-tuned for security work, an entirely different model, or a toolset layered on top of existing capabilities could matter for how well it works and how it might evolve.

One especially important practical question: how many false positives does the system produce. Automated scanning tools have historically struggled with false alarms—flagging code as vulnerable when it actually isn't. When security teams are presented with thousands of potential issues to investigate, too many false leads can waste their time and weaken their confidence in the tool. Anthropic hasn't disclosed much about this yet.

What Scaling Up Will Test

Moving from 50 initial partners to 200 is a significant test of both the technical infrastructure supporting Claude Mythos Preview and the operational systems around managing and coordinating vulnerability disclosure. If the tool continues finding high-severity flaws at the same rate across this larger group, Anthropic and its partners will need to manage substantially larger volumes of security issues being reported and fixed simultaneously.

The company's interest in scaling to open-source software suggests recognition that partner-focused scanning alone won't address ecosystem-wide security. Open-source components spread across multiple organizations at once, so a single vulnerability discovered in a widely-used library could need coordinated fixes across dozens or hundreds of organizations.

This coordination problem has happened before in major open-source security incidents, but AI-powered discovery at Project Glasswing's scale could strain existing disclosure protocols. The software industry may eventually need new frameworks specifically for managing vulnerabilities that AI systems uncover at volume—particularly in critical infrastructure components used across many organizations and countries.

The expansion announced in June positions Project Glasswing as both a real-world defensive security program and a test of how AI systems can be deployed in high-stakes environments. How well the program scales and coordinates vulnerability disclosure across 200 organizations in 15 countries will likely shape both Anthropic's approach to AI safety in the future and broader industry practices around using AI for security work.