Anthropic is scaling Project Glasswing to roughly 150 critical infrastructure organizations in more than 15 countries, and in doing so a single AI lab is becoming the gatekeeper for defensive AI scanning on the code that runs power, water, healthcare, and telecoms.
Anthropic is scaling its Project Glasswing cyber-defense program to roughly 150 organizations in more than 15 countries, pulling power, water, healthcare, communications, and hardware vendors into a perimeter that the company itself controls — and doing so on a stated belief that cheap, offensively capable AI models are months, not years, away.
According to Anthropic's June 2, 2026 announcement, the expansion grows the program from an early-April cohort of about 50 partners to "approximately" 150 new organizations across "more than" 15 countries. Anthropic says the new cohort is dominated by vendors whose code libraries underpin critical-infrastructure stacks — libraries that, in some cases, are relied on by 100 million or more people, including governments.
That is the structural story. The partnership count, the international roll-out, and the timing — one day after a confidential S-1 filing first reported by The Associated Press via WSLS — are real, but they are context. The spine of the story is that a single AI lab is now setting the terms for who gets defensive AI scanning on the code that runs the most consequential systems in the global economy, and it is doing so because the lab believes the threat window is closing fast.
Glasswing gives selected organizations access to Claude Mythos Preview, a model Anthropic has described as purpose-built for defensive security review. In an initial program update, Anthropic said the first wave of roughly 50 partners collectively used the model to surface more than 10,000 high- or critical-severity security flaws in their codebases — a figure the company attributes to its own tracking and that has not been independently corroborated by a third-party partner in the registered sources.
Each new organization, Anthropic says, must clear the company's security requirements before receiving access. Anthropic has framed those requirements as the product of collaboration with existing Glasswing partners, the broader security industry, open-source maintainers, and the US government.
The expansion is being justified by a specific forecast. In its announcement, Anthropic argues that cheap, fast AI models with powerful cyber capabilities are "around the corner," and that institutions need to harden their code in the next six to twelve months, before that capability is widely available to adversaries.
That framing puts Glasswing in a category Cloudflare has described as "cyber frontier models" — defensive systems built for a near-term world where offensive AI tooling is commoditized. Industry trade coverage in Cybersecurity Dive has tracked the expansion as a critical-infrastructure story, and the Harvard Law School Forum on Corporate Governance published a board-level analysis in late May arguing that Anthropic's Mythos model and Project Glasswing raise fiduciary questions that directors of large enterprises should be asking now, not later.
The expansion is also an exercise in unilateral norm-formation. Anthropic is choosing who gets scanned, defining the security bar for entry, and reserving the right to expand or withhold access — all without a public standard, audit trail, or appeal process. The company has indicated it intends to push geographic reach further, but has not published the criteria partners must meet or the methodology behind the flaw counts it reports.
There are at least four structural concerns the registered sources do not resolve:
A TechCrunch wire signal has also surfaced the program in the broader funding-and-IPO context that surrounds Anthropic's confidential SEC filing, and that context will not go away as the company moves toward a public offering.
What Anthropic announced this week is not a finished public good. It is a stress test of how quickly the defensive side of the AI-cyber race is being institutionalized — and how slowly the governance conversation is moving alongside it. If the lab's own six-to-twelve-month forecast is roughly right, the perimeter decisions being made through Glasswing's access-approval process over the next year may be among the most consequential security-policy decisions of the decade, and they are being made by a private company with no public mandate to make them.
The expansion is real. The partner code runs real systems. The threat horizon Anthropic is invoking is, by the company's own description, already short. The question the Glasswing expansion forces into the open is not whether defensive AI scanning should exist — it is who, exactly, is qualified to set the floor.