Mythos found more than 10,000 critical security flaws with its first 50 partners. Now Anthropic is giving 150 more organisations across 15 countries access to the most powerful cybersecurity AI ever built — while warning that a successful attack on most of them could affect more than 100 million people.
Anthropic’s Mythos Project Glasswing expansion — and the scale of what it represents has no precedent in the history of cybersecurity. Anthropic announced that approximately 150 additional organisations across more than 15 countries will receive access to Claude Mythos Preview — the AI model that its developers described as too dangerous to release publicly. Those 150 new partners join the initial 50 organisations that received access in April 2026 — including Apple, Amazon Web Services, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, Nvidia, and Palo Alto Networks. The first cohort had already uncovered more than 10,000 high or critical-severity security vulnerabilities. Now Anthropic is quadrupling its reach — and warning explicitly that if a cyberattack succeeds against most of the new partners, it could affect more than 100 million people each.
What’s Happening & Why It Matters
Who the New 150 Partners Are — and Why They Were Chosen
Anthropic’s Mythos Project Glasswing expansion specifically targets sectors in which the first cohort is underrepresented. The new partners come from power, water, healthcare, communications, and hardware — critical infrastructure categories where software vulnerabilities carry direct physical consequences. Anthropic stated the selection principle directly. “What each partner has in common is that a successful attack on their codebase could be catastrophic.” The company did not name the new partners — Rubrik — a cloud data management platform — confirmed publicly that it is among the new cohort. The European Commission confirmed to US media that Anthropic approached it to use Mythos. That confirmation is significant. The EU’s digital infrastructure — if compromised — affects hundreds of millions of citizens. The potential inclusion of the Commission in Project Glasswing would be the most consequential government-level Mythos deployment yet.
Urgency — Mythos-Class Competitors Are Coming
Anthropic‘s stated reason for accelerating the expansion is a specific and urgent competitive concern. “Within 6 to 12 months, we expect that many other AI companies will have Mythos-class models,” the company wrote. “They could release them without safeguards that prevent misuse.” That forecast is not speculation. As TF covered in its Microsoft Build 2026 article, Microsoft launched its own advanced AI security capabilities at Build this week. OpenAI‘s Codex model — deployed under the Daybreak programme — is developing capabilities equivalent to those of offensive research. Google‘s Project Zero team uses Gemini for vulnerability discovery.
The window in which Anthropic can use Mythos’s unique capabilities to harden critical infrastructure — before adversarial actors acquire equivalent tools — is narrowing. By contrast, every day that power grids, water treatment systems, healthcare networks, and communications infrastructure remain unscanned is a day in which a future attacker may find what Mythos could have found first. The expansion is a race. The 150 new partners are the next leg of it.
What Mythos Has Already Found. 10,000 Is a Warning
The first cohort’s 10,000 high or critical-severity vulnerabilities figure is the most important number in the entire expansion announcement. It means that in the approximately two months since the first 50 partners received access, Mythos identified an average of 200 serious security flaws per partner organisation. These are not minor software bugs. High-severity and critical-severity ratings — as defined by the Common Vulnerability Scoring System (CVSS) — describe vulnerabilities that can be exploited remotely, with limited user interaction, to gain significant access to the system. Many of those 10,000 flaws were likely known to no human security researcher before Mythos found them.
As TF covered in its May 2026 Mythos security article, Mythos helped Palo Alto-based researchers crack Apple‘s Memory Integrity Enforcement — its most advanced security feature — in five days. Beyond that, internal testing showed Mythos generating working exploits on its first attempt in more than 83% of cases. Those numbers define why the Financial Stability Board requested a briefing and why the White House held multiple meetings with Big Tech leaders about Mythos’s implications. At the same time, they also define why Anthropic cannot simply release the model publicly.
The Cyber Verification Programme
Beyond the 150-partner expansion, Anthropic announced plans to launch a Cyber Verification Program — a second track within Project Glasswing that will grant Mythos-class capabilities to more organisations for specific, verified use cases rather than broad access. That programme is designed to extend the reach of defensive AI scanning to organisations that need specific vulnerability categories addressed but do not require — or meet the security standards for — full Mythos model access.
The Cyber Verification Programme could eventually reach thousands of organisations. Water treatment facilities in developing countries. Municipal power grids in Eastern Europe. Healthcare networks in sub-Saharan Africa. These are the systems that Mythos-class attackers will most easily exploit — precisely because they receive the least security investment. As TF covered in its cybercrime round-up, AI-enabled cyberattacks increased 89% in 2025. The organisations least equipped to defend themselves are facing the fastest-growing threat.
The European Commission Approach — and Its Geopolitical Significance
The confirmation that Anthropic approached the European Commission about Mythos access carries specific geopolitical weight. Anthropic is simultaneously preparing its IPO — as TF covered in its article on the Anthropic IPO filing — while navigating its US government supply chain risk designation. Offering Mythos to the EU’s digital infrastructure is a direct signal. Anthropic is not limiting its defensive AI programme to US government allies. It is explicitly internationalising it — opening the cybersecurity model to European institutions that the Trump administration has not prioritised. The perspective aligns with Pope Leo XIV’s encyclical on partnership and Anthropic‘s stated mission to build AI that benefits all of humanity.
The Scale of the Risk Being Managed
Anthropic‘s estimate that an attack on most new partner organisations would affect more than 100 million people is not a marketing claim. It is a risk assessment. Power grids serve tens of millions of households. Water treatment networks cover metropolitan populations. Healthcare networks process the records of entire national populations. A successful zero-day exploit against any of those systems — using a tool equivalent to Mythos — could produce cascading failures that standard incident response cannot contain. AI-enabled attacks increased 89% in 2025. In the 6 to 12 months before Mythos-class models spread beyond Anthropic‘s controlled access, the 150-partner expansion is the primary mechanism for closing the gap between what attackers may be able to do and what defenders have already done.
TF Summary: What’s Next
The 150 new partners begin receiving Mythos access, subject to meeting Anthropic’s security requirements. Anthropic did not specify the onboarding timeline. The Cyber Verification Programme launches on a date that has not yet been confirmed. Future Glasswing expansions will prioritise additional critical infrastructure providers, open-source software maintainers, and safety testers. Anthropic confirmed the programme is not limited to US organisations — future expansions cover entities in the US and overseas.
MY FORECAST: Anthropic’s Mythos Project Glasswing expansion will reach 1,000 organisations across 50 countries within 18 months. The Cyber Verification Programme will significantly accelerate that expansion — because its targeted, verified-use model can extend to smaller organisations that cannot meet the full Project Glasswing security standards but urgently need specific vulnerability classes addressed. The European Commission will be announced as a Glasswing partner before the end of 2026 — that announcement will be one of the most geopolitically significant AI security events of the year. By contrast, the most consequential outcome of this week’s expansion will not be announced publicly. It will be the critical vulnerability found in the codebase of a water treatment network or power grid — identified by Mythos, patched before publication, and never disclosed to avoid giving attackers a roadmap. Those are the Mythos victories that matter most. They are also the ones nobody will ever know happened.