Analysis·June 2026

Anthropic expands Project Glasswing and brings Claude Security to real codebases

A frontier model that was kept off the market is now scanning critical software at roughly 200 organizations — and a public-model product has landed for everyone else.

Published June 9, 2026 · Facts checked against Anthropic's announcement, June 9, 2026

For most of the past year, Anthropic's most aggressive security work was something you could read about but not touch. Claude Mythos Preview — a frontier model the company decided not to sell — sat at the center of Project Glasswing, a closed program where a small set of partners pointed the model at their own source code to hunt for vulnerabilities. The news this month is that the gate has widened, and a version of the capability is now available without a special invitation.

What changed

Anthropic's June 2 update describes two distinct moves.

Glasswing got bigger. The program went from approximately 50 initial partner organizations to roughly 150 additional ones, now spanning more than 15 countries. The expansion deliberately pulled in operators of critical infrastructure — power, water, healthcare, communications, and hardware — sectors where, in Anthropic's framing, "a major attack could affect more than 100 million people."
Claude Security launched. This is the part that matters to ordinary engineering teams. Rather than gating the work behind the unreleased Mythos model, Claude Security uses the publicly available Claude Opus 4.8 to scan codebases and suggest patches. It is the same shape of task Glasswing partners do, run on a model anyone can call.

Inside Glasswing, partners deploy Mythos Preview for more than just scanning: Anthropic lists patch writing, pre-release checks, penetration testing, threat detection, and rebuilding legacy codebases among the uses. Across all partners, the program has surfaced more than 10,000 high- or critical-severity security flaws.

Why it matters

The interesting tension here is between capability and availability. Mythos-class models are good enough at reading code that Anthropic treated open access as a risk worth managing slowly — the same capability that finds a vulnerability can be used to exploit one. Glasswing is the controlled-rollout answer to that: give the strongest model to defenders of high-stakes systems first, under close collaboration.

Claude Security is the pragmatic counterpart. It accepts that the public Opus 4.8 is already a capable code auditor, and packages that into a workflow teams can actually adopt. If you have wondered whether a frontier model is good enough to be useful in a real security review rather than a demo, this is Anthropic betting that the answer is yes — and that the gap between its locked model and its shipping one is now small enough to productize.

Analysis, not announcement: Anthropic also said it expects that "within 6 to 12 months, many other AI companies will have Mythos-class models." Read alongside the Claude Security launch, that reads less like a warning and more like a clock. The window in which a security-grade frontier model is a differentiator is, by the company's own estimate, measured in months — so the value moves to who operationalizes it, not who has it.

What it means for developers

Three practical takeaways, with the caution that the strongest tool here is still gated:

Triage gets cheaper, verification does not. A model that flags 10,000 high-severity issues is only useful if your team can confirm and fix them. The bottleneck shifts from finding candidate bugs to triaging and patching them — plan headcount and process around the back half, not the scan.
Patch suggestions are a starting point. Claude Security suggests patches; it does not absolve you of review. Treat generated fixes the way you would treat a junior engineer's first PR against security-sensitive code.
The same code-reading skill is now table stakes. If you are choosing a model for code work generally, the auditing capability on display here overlaps heavily with day-to-day reasoning about large codebases. Our coding assistants shootout is the closest practical comparison of how these tools behave on real repositories.

The honest caveats

A few things Anthropic's posts do not establish, which are worth holding onto:

The 10,000-plus figure is a count of flagged high- or critical-severity flaws across partners, not a count of confirmed-and-fixed vulnerabilities. Raw finding counts and remediated counts are different numbers.
Glasswing partners are not named individually in the expansion post, and the sector breakdown is descriptive, not a published list.
Claude Security runs on Opus 4.8, not on Mythos. The marketing proximity of the two should not be read as equivalent capability.

None of that diminishes the move. It just means the right mental model is "a strong public model, productized for security review, alongside a stronger gated one expanding carefully" — which is a more useful frame than "AI now fixes security."

Sources

Anthropic — "Expanding Project Glasswing" (June 2, 2026). Source for org counts, country and sector scope, the 10,000+ figure, Claude Security, and the 6–12 month estimate.
Anthropic — Project Glasswing overview. Background on the program and Claude Mythos Preview.
Help Net Security — Anthropic: Claude Mythos identified 10,000+ software flaws. Corroborating coverage.
CyberScoop — Anthropic expanding access to Project Glasswing. Corroborating coverage.