Anthropic is significantly expanding the reach of its most controversial and powerful artificial intelligence model, Claude Mythos Preview. After a limited initial rollout that saw the AI uncover thousands of critical vulnerabilities in major software projects, the company is now opening access to a broader group of corporate and government partners. This move marks a major escalation in the industry’s race to automate cybersecurity. By putting this high-powered digital auditor into the hands of more organizations, Anthropic hopes to set a new standard for how we identify and patch the software flaws that leave the global internet exposed to attacks.
The Mythos Preview model operates differently than standard chatbots. While most AI systems excel at writing marketing copy or summarizing emails, Mythos specializes in deep code analysis. It treats software repositories like a giant puzzle, scanning millions of lines of code to find hidden backdoors, logic errors, and memory corruption bugs that human auditors often miss. Anthropic claims the model has already proven its worth by successfully identifying over 10,000 high-severity security flaws in just the last few weeks of testing with its first wave of partners.
This expansion comes at a time when the stakes for digital infrastructure could not be higher. Modern businesses are currently spending well over $1 billion every few months to shore up their cyber defenses against ransomware groups and state-sponsored hackers. These malicious actors have started using their own AI tools to identify and exploit vulnerabilities faster than human teams can patch them. Anthropic argues that the only way to defend against an AI-powered adversary is to deploy an even more powerful AI defender. By giving partners access to Mythos, they are essentially providing a “super-powered” security auditor that never sleeps.
The list of partners gaining access to the model includes some of the world’s most critical technology and financial institutions. These firms face constant threats, and they view Mythos as a way to perform “offensive” security audits on their own products. By proactively finding bugs, they can fix critical issues before a public exploit is ever released. This “proactive” approach to defense is a major departure from the traditional cybersecurity model, where companies usually waited for a bug to be reported by a third party before they assigned engineers to fix it.
Anthropic is taking steps to manage the risks associated with such a powerful tool. Because Mythos is essentially a master key that can find weaknesses in any software, the company keeps the model under very strict control. Access is granted only to organizations that pass a rigorous security vetting process. Furthermore, Anthropic requires these partners to sign strict usage agreements that prevent the AI from being used for anything other than defensive security research. The company knows that if this model were to leak to the public, it could trigger a global wave of digital chaos.
Despite the warnings, the demand for the tool is overwhelming. Cybersecurity firms are struggling to hire enough human talent to keep up with the complexity of modern code. A single, small bug in a piece of middleware can lead to a 1.5% or 2% failure rate in critical cloud services, causing massive financial disruption. Automating the discovery of these bugs is a necessity, not just a luxury. Anthropic’s ability to turn “security audits” into a fast, automated task is revolutionizing how companies maintain their software lifecycles.
The program, dubbed Project Glasswing, serves as the operational hub for this new AI defense strategy. Through Glasswing, partners gain access to a secure environment where they can run Mythos without their private code ever touching the open internet. This privacy is essential for military contractors, banks, and government agencies. They need to know that their most sensitive data remains safe while the AI works its magic. By maintaining this “walled garden,” Anthropic creates a trusted space where the benefits of AI are realized without the inherent risks of open-world development.
This expansion also puts pressure on other AI giants. OpenAI and Google are now rushing to build their own “defensive AI” agents to match what Anthropic has achieved. The race to dominate the cybersecurity market is essentially a contest to see who can build the smartest “red team” agent. The winner will effectively become the gatekeeper of global software safety. For now, Anthropic holds a clear lead, as its model is the only one currently proven to handle large-scale auditing across diverse software environments.
Looking ahead, Anthropic plans to scale the program further by mid-2027. The company is actively working to integrate Mythos into the CI/CD pipelines—the automated systems that developers use to ship new software—meaning that every time a line of code is written, a security audit will happen in the background. This would effectively make “zero-day” vulnerabilities a relic of the past, as the AI would catch the flaw before the software is even published.
While the future of automated defense looks bright, it brings new challenges regarding the accountability of software. If an AI misses a bug, and that bug leads to a massive hack, who is responsible? The software developer, the AI model maker, or the company that integrated the agent? These are the types of legal and ethical questions that will define the next few years of internet regulation. For now, Anthropic is focused on one simple mission: making sure the machines we build are at least as good at protecting us as they are at being creative.
