Anthropic Brings Claude Mythos Into Power, Water, and Healthcare as Project Glasswing Reaches 150 New Organizations

When Anthropic launched Project Glasswing in April, the initial cohort was concentrated around a familiar set of targets: operating-system vendors, browser makers, major cloud providers, and dedicated security firms. The logic was to patch the software that most people use most of the time. On June 2, the company announced the program's first major expansion, adding roughly 150 new organizations across more than 15 countries. The new cohort shifts focus toward the infrastructure layer beneath that software: the utilities, hospitals, communications networks, and hardware supply chains whose failures carry consequences that extend well beyond individual users.

The expansion gives these organizations access to Claude Mythos Preview, Anthropic's most capable security research model, alongside a new companion product called Claude Security designed for ongoing codebase scanning. Together, the two tools represent the most comprehensive deployment of AI-driven vulnerability research in any single coordinated program to date.

Who Is Joining and From Where

The new participant list spans Japan, South Korea, the United Kingdom, France, Germany, Canada, and India, along with additional U.S.-based organizations. Among the named participants are Okta, the U.S.-based identity and access management company whose platform authenticates access for tens of thousands of enterprises; Samsung, SK Hynix, and SK Telecom from South Korea; NATO; and ENISA, the European Union's cybersecurity agency. Netskope, a network security provider, also confirmed its inclusion.

The presence of NATO and ENISA gives Glasswing a geopolitical dimension it did not have in April. Both organizations operate with mandates that span dozens of member states, meaning their participation extends Mythos's reach into government-adjacent infrastructure across the transatlantic alliance. The practical effect is that Claude Mythos will be scanning codebases that underpin defense communications, cross-border emergency systems, and the digital infrastructure of some of the world's largest economies.

Why Critical Infrastructure Comes Next

The choice to focus this expansion on power, water, healthcare, and communications is deliberate. These sectors share a property that makes them attractive targets for both attackers and defenders: failures propagate outward. A compromised hospital network does not just affect that hospital; it can disrupt care across a region. A vulnerability in the firmware of industrial control systems used in water treatment can affect entire municipalities. Anthropic's bet is that applying Mythos to these codebases while they are still in the hands of defenders, rather than waiting for attackers to find the same flaws independently, reduces systemic risk at a scale that no point-by-point patch cycle could match.

Many of the new participants are also software vendors rather than direct operators, meaning their codebases are relied upon by large numbers of other organizations. Okta, for example, handles authentication for clients ranging from small businesses to major government departments. A critical vulnerability found in Okta's platform and patched before public disclosure closes a risk for every organization using that platform, not just Okta itself. Anthropic described this multiplier dynamic directly in its announcement: "Many of the new partners are vendors, companies or nonprofits that maintain codebases that are relied upon by lots of other organizations around the world, including governments."

"This expansion is the next step toward our long-term goals: for AI to make all software more secure, and for us to help the industry adjust to how AI could change many of the core assumptions of cybersecurity." Anthropic, "Expanding Project Glasswing," June 2026

Claude Security: A New Tool in the Mix

Alongside the expanded Mythos access, Anthropic introduced Claude Security, a product aimed at routine code scanning and patch suggestion rather than zero-day discovery. Where Mythos operates as a deep research tool, hunting for novel vulnerabilities in production code, Claude Security is positioned for integration into development workflows, flagging issues as new code is written or reviewed rather than only surfacing legacy bugs.

The pairing reflects a practical reality of the vulnerability lifecycle. Mythos can find the bugs that survived years of human review, but organizations also need tools that prevent those bugs from being written in the first place. Claude Security fills that role, functioning less like a security researcher and more like a continuous code auditor. Taken together with the findings already on record from earlier Glasswing phases, which surfaced more than 10,000 high-and critical-severity vulnerabilities across open-source projects, the two-tool approach represents a substantial upgrade to the program's overall architecture.

Each new participant must satisfy security requirements before gaining access, which Anthropic has not detailed publicly but which likely involve data-handling agreements, access controls, and human-review commitments. The cadence for disclosures follows the same responsible-disclosure framework as Phase 1: a 90-day window for fixes before any public disclosure, with a 45-day extension available for complex patches. For critical infrastructure operators whose patch cycles are often slower than those of software companies, that timeline may be tighter than they are accustomed to, but it is the same standard that major OS and browser vendors have been working under since April.

Anthropic has indicated further expansions are planned, with priority going to critical open-source software maintainers and additional safety testing organizations. At its current trajectory, Project Glasswing is moving from a closed experiment into something closer to a standing institution in the global security ecosystem, one whose scope is determined less by Anthropic's capacity than by the breadth of software that carries serious systemic risk if compromised.