Anthropic expands Mythos to 15 countries

Anthropic said on June 2 that it was expanding access to Claude Mythos Preview, its cybersecurity-focused AI model, to 150 additional organizations in more than 15 countries. The move broadens Project Glasswing, the company’s controlled testing program for a model Anthropic has said is powerful enough to identify and exploit software vulnerabilities at a pace that raised concerns about wider release. Anthropic said the new group includes organizations in sectors such as power, water, healthcare, communications and hardware. CNBC reported Italy was among the countries included in the broader rollout, and other reporting said several European countries were part of the expansion. ### What exactly is Mythos? Anthropic introduced Project Glasswing on April 7 as an effort to secure critical software with early access to Claude Mythos Preview. The company said launch partners included Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA and Palo Alto Networks, along with the Linux Foundation. Claude Mythos Preview is Anthropic’s frontier model for defensive cyber work, according to the company’s public materials. (cnbc.com) Anthropic said the model can identify and help fix vulnerabilities across hardware and software, and described the program as aimed at organizations responsible for infrastructure used by billions of people. ### Why was access limited in the first place? Anthropic said in May that Project Glasswing had been launched because increasingly capable AI systems could be turned against critical software if deployed without safeguards. (anthropic.com) The company said the bottleneck had shifted from finding flaws to verifying, disclosing and patching them safely. Bloomberg and CNBC reported that Anthropic had kept Mythos out of general release because of concern that the model could be used to find cybersecurity vulnerabilities too easily. (anthropic.com) Anthropic said new partners in the expansion will have to meet security requirements before getting access. ### What did the first round of testing show? Anthropic said on May 22 that its roughly 50 initial partners had used Mythos Preview to find more than 10,000 high- or critical-severity vulnerabilities in one month. (anthropic.com) The company said several partners reported bug-finding rates that were more than ten times higher than before. Cloudflare, cited by Anthropic in that update, found 2,000 bugs across critical-path systems, including 400 classified as high or critical severity. (bloomberg.com) Anthropic said it would provide more detailed disclosures once patches were widely deployed, following coordinated vulnerability disclosure timelines. ### Which countries and organizations are being added now? Anthropic said the new access covers organizations in more than 15 countries, but it did not publish a full list of the new participants. (anthropic.com) CNBC said the company did not disclose the names of the new companies joining the coalition, though Rubrik said separately that it was among the new batch. Reporting from GovInfoSecurity, citing the Financial Times, said the countries gaining access include France, Germany, Italy, Switzerland, the Netherlands, Spain, Belgium, Sweden, India, Japan and South Korea. (anthropic.com) That report also said NATO and the European Union cybersecurity agency ENISA were among the institutions expected to receive access. Anthropic had separately moved to offer Mythos access to the European Union after talks over cybersecurity concerns. (cnbc.com) ### What happens next for the rollout? Anthropic said the expansion is part of a longer-term plan to use AI to make software more secure and to help the industry adapt to changing assumptions in cybersecurity. The company also said it expects to share more about Mythos findings only after patches are broadly deployed, to avoid increasing risk to users. Anthropic’s next steps are likely to center on onboarding the additional 150 organizations under Project Glasswing security requirements and continuing controlled testing with government, infrastructure and enterprise participants. (govinfosecurity.com) The company’s public Project Glasswing page and future research updates are where Anthropic has been posting milestones and partner results. That last sentence is an inference based on Anthropic’s stated process and publication pattern. (anthropic.com) (cnbc.com)