AI Security
Anthropic is moving Claude from productivity AI into critical-infrastructure defense
Anthropic is expanding Project Glasswing and access to Claude Mythos to about 150 organizations across more than 15 countries, according to a TechCrunch report published June 2, 2026. The expansion targets codebases used in power, water, healthcare, communications, hardware, and other sectors where a major cyberattack could have consequences far beyond a single company.
The announcement matters because it places frontier AI models closer to the software foundations of public life. Claude is no longer being positioned only as a writing assistant, coding helper, or enterprise productivity tool. In this case, Anthropic is presenting Claude Mythos as part of a security program designed to help identify and fix serious software vulnerabilities before attackers can exploit them.
What Project Glasswing is trying to do
Project Glasswing is Anthropic’s joint industry initiative for finding and repairing critical software vulnerabilities with AI assistance. TechCrunch reports that Claude Mythos sits at the center of the program, with Anthropic describing it as a highly capable model for vulnerability discovery. Earlier access reportedly went to an initial group of 50 partners, including the U.S. government, to scan codebases for security flaws.
The new phase broadens that access to organizations that maintain software other governments, companies, and public systems depend on. TechCrunch says the expanded group includes organizations tied to power, water, healthcare, communications, and hardware — sectors that were not well represented in the first cohort.
Anthropic reportedly said that a successful attack on many of these partners’ codebases could be catastrophic, with some major incidents potentially affecting more than 100 million people.
Why critical infrastructure changes the stakes
Critical infrastructure security is different from ordinary enterprise security. A vulnerability in a consumer app may expose private data or disrupt a service. A vulnerability in systems used by utilities, hospitals, telecom networks, identity platforms, or government suppliers can affect safety, public trust, emergency response, and national security.
That is why Anthropic’s move is significant even if the technical details of Claude Mythos remain limited in public reporting. The story is not simply that an AI model can scan code. The bigger shift is that AI labs may increasingly become vendors and partners in high-stakes defensive security programs.
International reach and strategic implications
TechCrunch, citing reporting from the Financial Times, says the expanded list of countries includes U.S.-aligned nations such as Australia, Canada, France, Germany, Italy, Switzerland, the Netherlands, Spain, Belgium, Sweden, India, Japan, New Zealand, and South Korea. Reported organizations include Okta, Samsung, SK Hynix, SK Telecom, NATO, and the European Union’s cybersecurity agency ENISA, though TechCrunch noted it had reached out to Anthropic for confirmation.
If confirmed, the list would show how quickly AI security tools are becoming part of international technology strategy. Governments and major infrastructure operators are looking for ways to defend aging, complex, and widely reused software systems. AI-assisted vulnerability discovery could help security teams find flaws faster, but it also introduces new questions about access, accountability, model reliability, and how sensitive code is handled.
The race with offensive capability
Anthropic’s argument appears to be partly defensive urgency. The company has reportedly said it expects other AI companies to develop models with similar security capabilities, which is why it wants safeguards around Project Glasswing. That logic reflects a broader cyber reality: the same AI advances that help defenders find vulnerabilities may also help attackers search for weaknesses, automate reconnaissance, or scale exploit development.
For infrastructure operators, the practical question is not whether AI will enter cybersecurity workflows. It already has. The question is how these tools are validated, monitored, and governed when they are used on systems that millions of people indirectly rely on.
What to watch next
Several details will determine whether Project Glasswing becomes a trusted model for AI-assisted infrastructure defense:
- Verification: How vulnerabilities found by Claude Mythos are confirmed by human security experts.
- Data handling: How sensitive partner codebases are protected during scanning and analysis.
- Disclosure process: How vulnerabilities are reported, prioritized, patched, and coordinated across governments and vendors.
- Model governance: Whether outside auditors, public agencies, or partner organizations can evaluate the model’s performance and failure modes.
- Dual-use controls: How Anthropic limits misuse of advanced vulnerability-discovery capabilities.
For businesses, this is a preview of where AI security may be heading. The next generation of cyber defense tools may combine human experts, automated code analysis, AI agents, and frontier models specialized for software reasoning. For governments, it raises a strategic question: which AI providers should be trusted near national infrastructure, and under what rules?
Bottom line
Anthropic’s Project Glasswing expansion shows that AI safety is no longer only about model behavior in chat windows. It is also about how frontier models are deployed inside the systems that keep economies running. If Claude Mythos can help defenders find serious vulnerabilities before attackers do, it could become an important layer of infrastructure security. But the more critical the environment, the more transparency, oversight, and human accountability will matter.
Comments (0)