AI model developer Anthropic is expanding Project Glasswing, its cybersecurity initiative aimed at protecting critical software infrastructure from frontier model capabilities, adding another 150 organizations across more than 15 countries to the program.
The expansion follows the company’s April launch of the initiative, which initially gave 50 organizations access to Claude Mythos Preview, Anthropic’s cybersecurity-focused frontier model. According to Anthropic, participants have already identified more than 10,000 high- and critical-severity software vulnerabilities using the system.
The new group includes organizations operating in critical sectors that were not included in the first group, such as power, water, healthcare, communications and hardware infrastructure, which are all industries where software failures can quickly escalate with implications for national security and customer trust.
As Anthropic said in its announcement:
“What each partner has in common is that a successful attack on their codebase could be catastrophic. For most partners, we estimate that a major attack could affect more than 100 million people, with important ramifications for both global and national security.”
“This expansion is the next step toward our long-term goals: for AI to make all software more secure, and for us to help the industry adjust to how AI could change many of the core assumptions of cybersecurity,” the company added.
UK Banks Push for Access as Cyber AI Race Accelerates
The Glasswing expansion comes as competition among the major AI developers to dominate frontier cybersecurity capabilities intensifies.
Microsoft has launched its new MAI family of in-house models spanning reasoning, coding, image, voice and speech generation, positioning the company to compete more directly with OpenAI and Anthropic in enterprise AI infrastructure. The launch also reflects Microsoft’s effort to demonstrate greater independence after ending the exclusive elements of its OpenAI partnership earlier this year.
Under the revised agreement announced in April, Microsoft’s license to OpenAI technology became non-exclusive, allowing OpenAI to expand across rival cloud providers while Microsoft accelerated development of its own frontier AI systems.
At the same time, competitive tensions are emerging around how advanced cyber models are distributed.
Anthropic has restricted access to Mythos through tightly controlled partnerships such as Project Glasswing and its Cyber Verification Program, arguing that frontier cyber capabilities require stronger safeguards before broad deployment.
That approach has reportedly frustrated some financial institutions in the U.K. and elsewhere seeking access to advanced defensive AI systems. Japanese banks are reportedly among the new group given access, after the Finance Minister established a dedicated financial sector task force to tackle the AI-driven cybersecurity risks that Mythos has raised.
Speaking to Bloomberg TV, Bank of England Governor Andrew Bailey last week acknowledged the concerns directly.
U.K. banks “don’t have access to Mythos at the moment and that’s an issue that is very important. But… Mythos isn’t the only model out there,” Bailey said. adding that the banking sector is actively seeking alternative frontier AI capabilities.
“There’s obviously something of a race going along to move the technology on,” Bailey said. “I’m very optimistic that they either just have or are about to get—the major UK banks—access to other models which will get them substantially forward.”
By contrast with Anthropic’s limited-access approach, OpenAI has moved more aggressively to provide institutions with access to its own frontier cyber models, creating a growing divergence in how leading AI firms are balancing safety controls with enterprise demand.
OpenAI has reportedly granted nine major U.K. banks access to its cybersecurity AI tool GPT-5.5 Cyber.
U.K. AI Security Institute Finds OpenAI and Mythos at Similar Capability Levels
Financial institutions in the U.K. and other countries that do not yet have access to Mythos but can access OpenAI’s GPT-5.5 Cyber may be reassured by analysis from the U.K.’s AI Security Institute (AISI) concluding that OpenAI’s model is reaching comparable levels of advanced cyber capability.
In its evaluation of Mythos Preview, AISI found that the model could autonomously execute complex multi-stage cyberattack simulations that would typically require expert human operators days to complete.
“Claude Mythos Preview is the first model to solve TLO from start to finish,” AISI reported, referring to a simulated enterprise attack chain involving 32 steps and roughly 20 hours of expert-level human work.
AISI later reported that OpenAI 5.5 achieved similar performance levels.
“A key question was whether this reflected a breakthrough specific to one model, or part of a broader trend. Results from an early checkpoint of GPT-5.5 suggest the latter.”
The institute’s testing found OpenAI 5.5 achieved a 71.4% pass rate on expert-level cybersecurity tasks, compared with Mythos Preview’s 68.6%.
The findings indicate that frontier cyber capabilities are developing quickly across multiple AI developers, increasing pressure on enterprises and governments to modernize their cybersecurity defenses before hackers leverage these capabilities.
Open Source Debate Intensifies
Bailey also addressed growing industry concerns around open-source AI models and the possibility that advanced cyber capabilities could become harder to control once broadly released.
“If you discover that the so-called bad guys are using that technology to rob banks or whatever it is, you’re then not able to turn it off in the way you can with the others,” Bailey said.
At the same time, Bailey acknowledged the complexity of the issue. “There’s a lot of open source out there. There’s a lot of almost theological doctrine about open source and not open source which this is somewhat pushing against.”
The comments reflect the increasing debate among policymakers around whether advanced cyber-capable AI models should remain closed, selectively distributed or eventually released more broadly.
AI Cybersecurity Becomes a Core CX and Trust Challenge
Recent attacks on software vendors and critical infrastructure providers have demonstrated how vulnerabilities in widely used systems can cascade across industries, disrupting customer services, healthcare access, communications, transportation and financial systems.
Anthropic is explicitly framing Project Glasswing around that risk, warning:
“Cheap, fast AI models with powerful cyber capabilities are around the corner. We want Project Glasswing to spur institutions toward operating norms that reflect this reality.”
The company added that many organizations joining the expanded initiative maintain software relied upon globally by enterprises and governments. A successful compromise of one of those vendors could create downstream disruption affecting hundreds of millions of users.
AISI acknowledged the reality of that threat, explaining:
“Our testing shows that Mythos Preview can exploit systems with weak security posture, and it is likely that more models with these capabilities will be developed. This highlights the importance of cybersecurity basics, such as regular application of security updates, robust access controls, security configuration, and comprehensive logging.”
Regulators Focus on Fast Patching and Global Coordination
Bailey indicated that regulators are becoming increasingly focused on how quickly organizations can remediate vulnerabilities.
“What I really want to see us do is evolve a process very quickly where we can have a controlled but fast process to assess these models,” Bailey said, adding that the operational challenge becomes immediate once vulnerabilities are identified.
“What my head of IT at the Bank of England told me is a ton of patching that then has to follow very quickly to fix the things that these models are finding.”
Anthropic has made a similar argument in its Glasswing announcement, stating that vulnerability discovery is rapidly becoming easier than verification, disclosure, and remediation. The company stated:
“As we’ve previously discussed, the bottleneck in cybersecurity is now verifying, disclosing and patching the large numbers of vulnerabilities that Mythos-class models can surface.”
Many Glasswing participants are already using Mythos Preview to generate patches, conduct pre-release security testing, automate penetration testing workflows and modernize legacy systems in response to the flaws that it identifies.
Bailey indicated that regulators increasingly view AI cybersecurity risk as an international coordination challenge rather than a purely national one.
“The spillovers from this sort of cyber risk are so big that we can’t just have a single national approach towards dealing with the consequences and mitigating it. Anybody who thought, ‘I’ve dealt with my banks, that’s okay,’ I’m afraid that won’t work because they’re all so heavily interconnected.”
Anthropic similarly warned that future frontier model releases will become “increasingly high stakes” as capabilities improve across both defensive and offensive cyber domains. The challenge for enterprises is adapting their cybersecurity systems before advanced AI-powered offensive capabilities become widely accessible.
