Anthropic Opens Mythos to Samsung, Okta, NATO, and ENISA, Extending Project Glasswing to 150 Organisations in 15 Countries
Anthropic's unreleased frontier model has already identified over 10,000 critical vulnerabilities. The company allocates $100 million in usage credits and $4 million in donations for open-source security.
On June 2, Anthropic announced the expansion of Project Glasswing to an additional 150 organisations across 15 countries, granting access to Claude Mythos, the company's unreleased frontier model, and directing $100 million in usage credits to partners, alongside $4 million in direct donations to open-source security organisations. The named beneficiaries include Okta in the United States, Samsung, SK Hynix, and SK Telecom from South Korea, NATO in Brussels, and ENISA, the European cybersecurity agency.
Glasswing began in April with approximately 50 partners, including agencies of the US government. Within two months, Anthropic claims these partners have identified over 10,000 vulnerabilities classified as high or critical severity, a number the company uses to support the thesis that Mythos operates at a level surpassing most human researchers in discovering and exploiting flaws in code. According to Anthropic, the model has already identified bugs in all major operating systems and web browsers.
Why NATO, Samsung, and Okta Joined the Same Round
The composition of this second tranche is not random. Sectors that were excluded from the initial phase have now been included: electric power, sanitation, healthcare, telecommunications, and hardware manufacturing. Samsung, SK Hynix, and SK Telecom cover the Korean chip and telecom supply chain—a vertical where Anthropic needs to demonstrate offensive capabilities in firmware and baseband. NATO covers the allied military pillar, while ENISA provides institutional legitimacy for deployments in European member states, at a time when the European AI Act has just come into force for high-risk applications in critical infrastructure.
Okta serves as the vector for identity and access management for thousands of Fortune 500 companies, and inclusion in the programme means Anthropic now runs Mythos against the stack that protects corporate logins for a significant part of the US market. There is an implicit queue effect: Okta customers who depend on the same control plane effectively gain an extra layer of scanning without incurring additional costs.
The Geography of the Programme: 15 Countries, Three Blocs
The geographic expansion includes Canada, Australia, New Zealand, France, Germany, Italy, Switzerland, the Netherlands, Spain, Belgium, Sweden, India, and Japan. This list mirrors, without coincidence, the perimeter of the Five Eyes, expanded by NATO partners and two Asian heavyweights. China and Russia are excluded, a decision consistent with the tightening of export controls that the US Department of Commerce has been implementing since 2024.
For CISOs of companies operating across multiple geographies, the announcement reopens a debate the sector had been avoiding: the same AI model that finds vulnerabilities for the defender also finds them, in principle, for the attacker. Anthropic argues that Mythos operates under controlled access, but the technical literature on frontier models shows that prompt injection and jailbreak attacks function at a non-negligible frequency even in top-tier models. The risk of diffusion, should the API access barrier weaken, is now openly discussed among AI security researchers.
Timing Speaks Louder than the Release
The announcement coincided with the US executive order on AI signed on the same day, which establishes an AI Cybersecurity Clearinghouse overseen by the White House to centralise intelligence on vulnerabilities in AI models. Anthropic, which filed a confidential IPO registration with the SEC on June 1 with a valuation of $965 billion, positions Glasswing as a demonstration of national strategic value in a cycle where the US government formalises dialogues with frontier laboratories.
For the cybersecurity market, the impact is cumulative. CrowdStrike, Palo Alto Networks, SentinelOne, and the bug bounty sector built around HackerOne and Bugcrowd are now contending with an AI model that discovers flaws at industrial scale within a closed programme, excluding entry into the reward economy. The question for CIOs shifts from whether frontier AI alters the economics of vulnerability discovery to how long internal scanning will take to become comparable to the captive offering.
For South Korea, India, and Japan—markets included in the expansion—the immediate effect is selective. The three geographies have asymmetric participation in the programme: South Korea receives three suppliers from the chip supply chain at once, India entered with an initial partner, and Japan gains access as an entry point for the defence of automotive supply chain manufacturers. Anthropic signals who it considers a priority in cybersecurity sovereignty, and this signal is not uniformly distributed.