Anthropic expands Project Glasswing access to Claude Mythos cybersecurity model

The most revealing detail in the expansion is not who got in — it is how. ENISA secured Mythos access only after senior European Commission officials flew to San Francisco to press Anthropic in person, ending a weeks-long transatlantic standoff ^[1]. The catalyst, according to reporting, was the EU's earlier success obtaining access to OpenAI's competing GPT-5.5-Cyber model in May, which reframed Mythos availability as a competitive-parity question rather than a procurement one ^[1]. Anthropic also worked directly with the U.S. government on partner-vetting criteria, and earlier expansion attempts were reportedly blocked on national-security grounds ^[2].

The pattern that emerges: frontier cyber-offense capability is now distributed through bilateral negotiation between AI labs and national governments, not through commercial terms of service. The 15+ countries on the partner list — anchored by the United States, EU member states via ENISA, and South Korea via Samsung, SK Hynix, and SK Telecom — form a US-aligned cyber bloc, and the choice of who belongs is being made by an AI lab in coordination with national governments. The geographic absences are themselves a statement about whom the safeguards are protecting against.

Mythos has surfaced more than 10,000 high- or critical-severity vulnerabilities since April, with Mozilla using it to identify 271 Firefox bugs — a roughly 10x increase over the prior model — and Cloudflare flagging 2,000 issues, 400 of them high or critical ^[3]. An open-source scan covered more than 1,000 projects and surfaced 23,019 issues, of which 6,202 were rated high or critical and only 1,752 had been reviewed by humans plus six independent firms with above-90% true-positive rates ^[4].

The operational implication is sharper than the marketing: the discovery pipeline now produces credible findings faster than maintainers, distributions, and downstream operators can integrate them. The median time from public disclosure to first observed exploitation has already collapsed from 771 days in 2018 to single-digit hours by 2024 ^[5]. That gap is the actual risk surface. Every Mythos finding is also a roadmap for whoever gets the model next, and Anthropic's coordinated-disclosure pipeline buys time without solving the structural problem that defensive remediation is a human-bottlenecked process being asked to keep pace with an automated discovery engine. Practitioners on cybersecurity forums frame this as the prospect of multiple log4j-scale events arriving every week for months — a tempo no Security Operations Center is staffed for.

Yale's Madhavi Singh flagged Glasswing months ago as an antitrust risk: a small, vetted circle of incumbents — AWS, Apple, Google, Microsoft, NVIDIA, JPMorgan Chase, Cisco, CrowdStrike, Palo Alto Networks, Broadcom, plus the Linux Foundation — sharing privileged information about frontier vulnerabilities and defensive techniques while everyone outside the circle waits for the public Mythos-class release ^[6]. Singh's framing is that this creates a 'transparency vacuum that risks aligning their market behavior in ways that suppress competition from those outside the loop,' and her recommendation is a DOJ business review letter to formalize the boundaries before they harden ^[6].

The expansion to roughly 200 partners blunts some of that critique — Samsung, SK Hynix, SK Telecom, Rubrik, and Okta are now inside ^[7]— but it also confirms the structure: there is an inside and an outside, Anthropic chooses who belongs to which, and the inside gets months of head-start on a capability that materially changes security posture. For startups and mid-market software vendors not on the list, the asymmetry is real and measurable: their competitors are quietly pre-patching against bugs they cannot yet see, and the public Mythos-class release will land in a market where the largest players have already absorbed the shock.

The single most actionable detail in the announcement is the release timeline: Anthropic now says it will bring Mythos-class models to all customers within 'coming weeks' once cyber-misuse safeguards are ready ^[8]. The same body of communications, however, includes Anthropic's own admission that no vendor — including itself — has yet developed safeguards strong enough to prevent Mythos-class capabilities from being misused ^[4]. Those two statements are in genuine tension, and how they resolve is what determines whether the public release is a defensive uplift or an offensive equalizer.

The CyberGym benchmark gap — 83.1% for Mythos Preview versus 66.6% for Claude Opus 4.6 — is real, but benchmark reproduction is not the same as novel discovery in production codebases ^[9]. For defenders not on the partner list, the working assumption should be that public-tier Mythos-class capability lands inside the next quarter, that adversaries will reach capability parity within weeks of that release, and that the months-long head-start now enjoyed by the 200 partners is the only buffer any other organization will get. Discussion on developer YouTube and in cybersecurity subreddits has split sharply along these lines — a confident defender-uplift narrative on one side, a sceptical 'expensive marketing-first launch' read on the other — but both sides agree the clock is short.