Anthropic opens security harnesses

Anthropic has started opening some of the security tooling it built around Claude Mythos Preview to a wider set of enterprise customers, a move that shows where large AI buyers are now pressing vendors hardest: control, testing and visibility. The company said on May 22 that qualifying customers can now use parts of the internal setup it has been using in Project Glasswing, its cybersecurity initiative built around Mythos Preview. (anthropic.com) Those tools include a “skills” system, a Claude harness, a threat-model builder and a public evaluation dashboard tied to Project Glasswing. The release lands as Anthropic is also being discussed in two other enterprise frames. TechRepublic reported the company expects its first profitable quarter as business demand for Claude rises, while Anthropic’s own status history shows a cluster of recent service incidents, including an elevated error-rate incident affecting multiple models on May 22. 1/ Anthropic is not just shipping a model here. It is starting to expose some of the surrounding security machinery it used with Claude Mythos Preview to qualifying enterprise customers. (theverge.com) That matters because the release is about how a model gets constrained, tested and observed in production, not just how strong it scores in a demo. 2/ The concrete pieces are unusually specific. Anthropic said customers can use “skills,” a Claude harness and a threat-model builder, and it has published a Project Glasswing dashboard showing disclosed open-source vulnerabilities found with Mythos Preview. (techrepublic.com) The company framed the package as part of a broader Glasswing update. 3/ The best way to read “skills” is as a reusable control surface around what the model is allowed to do and how it is directed to work. The harness is the execution and evaluation wrapper. (theverge.com) The threat-model builder maps a codebase so defenders can prioritize likely attack targets before scanning. Anthropic described that builder in its May 22 Glasswing update. 4/ Project Glasswing is the larger frame. Anthropic launched it on April 7 with partners including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA and Palo Alto Networks, and said it had also extended access to more than 40 additional organizations that build or maintain critical software infrastructure. (theverge.com) Anthropic committed up to $100 million in usage credits and $4 million in donations to open-source security groups. 5/ The numbers Anthropic is now putting behind the effort are large. In its initial update, the company said its approximately 50 partners had found more than 10,000 high- or critical-severity vulnerabilities in one month, and that several partners said their bug-finding rate had increased by more than 10 times. (anthropic.com) Anthropic also said Cloudflare had found 2,000 bugs, including 400 high- or critical-severity issues, across critical-path systems. 6/ This is also arriving at a moment when enterprise customers are likely to care more about operational discipline than model theater. (anthropic.com) TechRepublic reported Anthropic expects its first profitable quarter, driven by enterprise revenue, but said rising compute costs remain a risk to that momentum. Separately, Anthropic’s status page lists multiple May incidents, including elevated errors on Claude.ai on May 21 and elevated error rates on multiple models on May 22. 7/ Put together, the release suggests where the enterprise AI market is moving. (anthropic.com) Anthropic is making available not only access to a powerful security model but also some of the scaffolding around testing and control. For customers, that is the more durable question: whether the vendor can provide usable safety workflows and enough observability to compare performance, reliability and risk across deployments. That last point is an inference from the product package and the recent incident history, not a direct Anthropic statement. (techrepublic.com) 8/ Anthropic has already said what comes next. The company said it plans to expand Project Glasswing to additional partners and publish more detail once patches for vulnerabilities found by Mythos Preview are widely deployed. That means the public dashboard is likely an early slice of a larger disclosure pipeline rather than the final form of the program. (anthropic.com) (theverge.com)