Anthropic is scaling Project Glasswing to 150 new organizations across 15 countries, including France, NATO, and Samsung. Claude Mythos can identify thousands of zero-day vulnerabilities over weeks of continuous analysis. The security offensive lands as Anthropic files for its IPO.
Key Takeaways
- 150 organizations join Project Glasswing, up from 50 in the April 2026 founding cohort
- Coverage spans energy, water, healthcare, and telecom across 15 countries including France, Germany, Japan, and NATO
- Claude Mythos identifies thousands of zero-day vulnerabilities through continuous code analysis
Project Glasswing Scales to a Different League
Launched quietly in April 2026 with 50 founding partners, Project Glasswing is tripling in size in under two months. Anthropic is now onboarding 150 new organizations into its AI cybersecurity program for critical infrastructure, spread across 15 allied nations.
The named partners confirm the ambition: Okta, Samsung, SK Hynix, SK Telecom, NATO, and the EU’s ENISA (the European cybersecurity agency) are all listed. This is no longer a pilot program. It is a distributed defense infrastructure, operated by a language model.
Claude Mythos runs continuously against partner codebases, scanning for zero-day vulnerabilities (flaws unknown to the security teams and therefore unpatched). Over several weeks of analysis, the model can surface thousands of them. For organizations whose critical code touches tens of millions of people, the stakes are fundamentally different from a standard security audit.
Anthropic frames the risk plainly: “A successful attack on their codebase could be catastrophic. For most partners, we estimate that a major attack could affect more than 100 million people.”
A Security Thesis Built Before the IPO
The timing is not accidental. Anthropic filed its confidential S-1 with the SEC hours before this announcement. For investors reading an IPO prospectus, strategic differentiation is everything. Glasswing answers that question decisively.
OpenAI sells productivity tools. Anthropic is selling national security. That positioning is hard to replicate quickly. It requires accreditations, government partnerships, and years of trust built with institutions that take reliability seriously.
The near-$1 trillion valuation, set during the $65 billion Series H round, now rests on two pillars: Claude’s commercial power and Glasswing’s institutional credibility. That funding round already established Anthropic as a central enterprise AI player. The Glasswing expansion converts that status into trust agreements with sovereign states.
France is explicitly listed among the 14 named countries. This means French infrastructure (energy, water, healthcare, telecom) is now under continuous analysis by an American AI model. That is a sovereign choice that will not go unquestioned in French political and industrial circles.
Also on Horizon:
- Codex Goes Enterprise: OpenAI Targets White-Collar Workers
- ChatGPT Lawsuit: Florida Sues OpenAI and Sam Altman
- Anthropic IPO: Claude’s Maker Files With the SEC
What This Means for the Cybersecurity Market
In the short term, security teams at major organizations will need to integrate Claude Mythos into their incident response workflows. A model detecting thousands of vulnerabilities continuously generates an alert volume that human teams cannot absorb without automated prioritization. Glasswing is not a replacement for analysts. It is a force multiplier.
For traditional cybersecurity vendors, the threat is real. CrowdStrike, Palo Alto Networks, and their peers have built empires on intrusion detection and behavioral analysis. A language model capable of deep code analysis and reasoning about potential attack vectors structurally changes what “detecting a vulnerability” means.
Over the medium term, governance questions will force their way onto the agenda. Entrusting the surveillance of national critical infrastructure to a private American AI raises legitimate concerns: who controls the data being analyzed? What attack surface does Glasswing itself represent? ENISA’s participation in the program will eventually require answers before European institutions.
If Anthropic succeeds in establishing Claude Mythos as the de facto standard for AI cybersecurity across allied governments, it will lock in a competitive advantage that neither OpenAI nor Google can replicate quickly. Government security contracts are not renegotiated every quarter.
Follow the story on Horizon.
