More than 10,000 high- or critical-severity security flaws. That's what approximately 50 organizations uncovered in their own codebases after getting early access to Project Glasswing, Anthropic's program that gives critical infrastructure companies access to Claude for hunting and patching security vulnerabilities. Now Anthropic is expanding the program to roughly 150 additional organizations.
The new partners come from sectors that were underrepresented in the first wave: power, water, healthcare, communications, and hardware manufacturing. Many are vendors whose code runs inside government systems around the world. The expanded group spans more than 15 countries, and Anthropic estimates that a major cyberattack affecting most partners could reach more than 100 million people.
The original cohort got access starting in April 2026 using Claude Mythos Preview. New partners must meet Anthropic's security requirements to qualify - this is not an open API program.
Alongside the expansion, Anthropic confirmed it is building Claude Security, based on Claude Opus 4.8, as a public-facing vulnerability scanner and patch suggestion tool. That would give organizations outside the formal Glasswing partnership a way to run similar checks without a dedicated agreement. Anthropic acknowledges that competing AI labs will likely develop comparable security-focused models within 6 to 12 months, which frames this expansion as a move to establish a broad baseline before that window closes.