Anthropic Expands Claude Mythos to 150 Companies as Project Glasswing Surfaces 10,000 Critical Vulnerabilities
Anthropic has expanded access to its Claude Mythos AI model to 150 additional companies across 15 countries under Project Glasswing, with early partners already surfacing more than 10,000 high or critical severity security vulnerabilities.

Cybersecurity operations centre displaying vulnerability data across multiple screens.
Anthropic has significantly broadened access to its most advanced AI model, Claude Mythos, extending the programme to 150 new companies across 15 countries as part of its ongoing Project Glasswing initiative. The expansion marks a notable escalation in the company's approach to deploying frontier AI for critical cybersecurity applications, with results from the first cohort already demonstrating the model's capacity to surface vulnerabilities at a scale that traditional security tooling cannot match.
The new cohort has been deliberately structured to include industries that were underrepresented in the initial rollout. Power grids, water systems, healthcare networks, communications providers, and hardware manufacturers now form part of the expanded partner base. Anthropic has stated that for most of these organisations, a successful cyberattack on their codebases could directly affect more than 100 million people, underscoring the critical nature of the infrastructure involved. The threat is already operational across the region: Iran-linked actors are actively targeting UAE energy and government networks with custom malware in 2026, making the case for AI-assisted defence increasingly urgent.
Results emerging from the first cohort of Project Glasswing partners are striking. In the first few weeks alone, participating organisations collectively surfaced more than 10,000 high or critical severity security vulnerabilities. Anthropic has acknowledged that the bottleneck in cybersecurity is now no longer the detection of vulnerabilities, but the verification, disclosure, and patching of the large volumes that Mythos-class models are capable of identifying. As the GCC ransomware landscape has demonstrated, the consequences of delayed patching are severe and the attack surface continues to grow. Many partners are already using the model to write patches directly, as well as conducting pre-release checks to prevent vulnerabilities from appearing in codebases before deployment. This mirrors findings from the BeyondTrust Microsoft Vulnerabilities Report 2026, which found that critical vulnerability volumes have doubled year on year, placing unprecedented pressure on enterprise security teams across the GCC.
The initial cohort included some of the world's largest technology companies, including Amazon Web Services, Apple, T-Mobile US, AT&T, Nvidia, and Google. Access was restricted rather than made publicly available, with each prospective partner required to meet Anthropic's security requirements before gaining entry to the programme.
The expansion follows Anthropic's decision to offer Mythos access to the European Union's cybersecurity division, a move that signals growing regulatory confidence in the model's capabilities and governance framework. Anthropic has also confidentially filed its initial public offering prospectus with the US Securities and Exchange Commission, a development that positions the company alongside rival OpenAI as it prepares for a broader public market presence.
Anthropic has noted that within six to twelve months, it expects other AI developers to have models comparable to Mythos Preview. The company has expressed concern that such models could be released without the safeguards that prevent misuse, a consideration that has shaped the controlled rollout approach of Project Glasswing from the outset.
For enterprise security teams and critical infrastructure operators across the MENA region, the expansion of Project Glasswing carries direct implications. The categories of organisations now included, from power grids to healthcare networks, mirror the profile of entities under increasing threat across the Gulf. Qatar's deployment of its first quantum-safe communications link signals that GCC states are already moving to harden national infrastructure at the network layer. As Saudi Arabia and the wider GCC accelerate digital transformation programmes, the question of how frontier AI models can be applied to national infrastructure security is moving from theoretical to operational.
Omar Al-Hakeem
Senior Cyber Threat Analyst | MENA RegionOmar Al-Hakeem is a cybersecurity researcher specializing in threat intelligence, ransomware trends, and nation-state activity across the Middle East and North Africa. With over 12 years of experience in SOC operations and incident response, he provides deep technical breakdowns of emerging attacks and regional cyber risks. At MENA Cyber Wire, Omar focuses on real-world threat analysis and actionable defense strategies for enterprises and startups.