What happened
On June 2, 2026, Anthropic announced the expansion of Project Glasswing to approximately 150 new organizations in more than 15 countries, covering power, water, healthcare, communications, and hardware sectors — areas underrepresented in the initial April cohort of ~50 partners. The initial group has already used Claude Mythos Preview to identify more than 10,000 high- or critical-severity vulnerabilities. Anthropic simultaneously released to vetted security teams the internal tooling used to support Glasswing partners, and launched 'Claude Security,' a product using frontier public models (Claude Opus 4.8) to scan codebases and suggest patches.
Why it matters
The expansion to critical infrastructure sectors means AI-assisted vulnerability discovery is now operating at industrial scale across systems where a successful attack could affect more than 100 million people. Anthropic has explicitly warned that within 6–12 months rival developers will field Mythos-class models that may be released without equivalent safeguards, increasing pressure on organizations to close vulnerabilities before that window closes. Industry experts note the patch bottleneck — validating and remediating findings at AI-discovery speed — as the most urgent operational problem.
Applicability
Critical-infrastructure operators across power, water, and healthcare should proactively request inclusion in Glasswing or equivalent programmes before competitors or adversaries gain equivalent model access. Security architecture teams should begin planning for a patch-velocity step-change by investing in automated validation and AI-assisted remediation tooling now.