Anthropic Expands Project Glasswing to 200 Partners as Claude Mythos Finds 10,000+ Zero-Days

Crucially, this round targets sectors that were underrepresented in the April launch. The original partners—a who's-who of tech and finance including Apple, Amazon Web Services, Microsoft, Google, NVIDIA, CrowdStrike, JPMorganChase, and the Linux Foundation—are now being joined by organizations from public utilities (power, water), telecoms, healthcare providers, communications, and hardware manufacturing . Each new organization must pass Anthropic's security requirements before gaining access to Mythos Preview .

South Korea presses for access, but no companies named yet

The expansion lands against a backdrop of active diplomatic lobbying from South Korea. In May 2026, South Korea's Ministry of Science and ICT (MSIT) met with Anthropic to seek participation in Project Glasswing. The meeting drew a broad cross-section of the Korean government: the Ministry of Foreign Affairs, the National Intelligence Service, the Financial Services Commission, the AI Safety Institute (AISI), the Korea Internet & Security Agency (KISA), and the Financial Security Institute all participated .

Despite this high-level push, Tuesday's announcement did not include any specific South Korean private-sector companies—such as Samsung or LG—among the named Glasswing partners. The absence underscores a concern that had already surfaced in the Korean press in late April: that countries left out of the alliance risk being excluded from the emerging AI-cybersecurity supply chain .

What Claude Mythos Preview has actually found

The partnership structure isn't just diplomatic theater. In a separate update published in late May and referenced in Tuesday's news, Anthropic disclosed that the Claude Mythos Preview model has autonomously discovered more than 10,000 high- or critical-severity zero-day vulnerabilities across the world's most systemically important software .

These aren't theoretical findings. Anthropic has submitted 1,596 validated vulnerabilities across 281 open-source projects under a formal Coordinated Vulnerability Disclosure process. As of May 22, 2026, 97 of those had been patched, and 88 had received official CVE or GitHub Security Advisory identifiers . The company brought in external security research firms to triage and confirm the findings before reporting them to maintainers, addressing concerns about model hallucinations generating fake vulnerability reports .

Independent validation has been critical. Cloudflare, one of the Glasswing partners, reported finding 2,000 bugs using Mythos, including 400 of high or critical severity, and noted that the model's false-positive rate outperforms human security testers .

On benchmarks, the numbers are extraordinary. Mythos Preview scored 93.9% on SWE-bench Verified and 94.6% on GPQA Diamond—the highest scores ever recorded on those evaluations, though neither has been formally published to public leaderboards . On CyberGym, a vulnerability reproduction benchmark, Mythos hit 83.1% accuracy against Claude Opus 4.6's 66.6% . A separate analysis by the Cloud Security Alliance documented that Mythos Preview autonomously developed 181 working exploits on a Firefox engine benchmark, while Opus 4.6 achieved a near-zero success rate on the same task .

A 12-to-18-month window

What gives the expansion its urgency is the timeline Anthropic projects for broader availability. "Capabilities comparable to Claude Mythos Preview will be broadly available within 12 to 18 months," the company stated, framing Project Glasswing as a head-start for defenders before attackers gain equivalent tools .

The model is powerful enough that Anthropic declined to release it publicly in April, restricting it to a vetted coalition of partners precisely because its autonomous vulnerability-discovery and exploit-generation capabilities crossed a qualitative threshold . Now, with the expanded coalition, the company is effectively racing to harden the world's most critical code before Mythos-level AI becomes a commodity—and before the window closes.