Anthropic Quadruples Glasswing, Its AI Vulnerability Hunt

Anthropic is scaling its AI vulnerability hunt. On 2 June the company roughly quadrupled Project Glasswing — from about 50 partner organisations to around 200, across more than 15 countries.

Anthropic's expansion announcement adds roughly 150 organisations to the defensive-security programme launched in April, widens the sectors covered, and — crucially — commits to scaling up the patching of vulnerabilities, not just the finding of them. The patching commitment is the part worth reading closely.

What the expansion adds

The headline is scale. Project Glasswing started with about 50 partners in early April; the 2 June expansion brings the total to roughly 200 organisations, now based in more than 15 countries rather than a handful. Whole new sectors join the programme — power, water, healthcare, communications, and hardware — the operators of infrastructure where, in Anthropic's framing, a single major attack could affect more than 100 million people.

A new category of partner is the structurally interesting part. Glasswing now includes Vendors: the companies and nonprofits that maintain the widely-used codebases everyone else depends on, including the ones serving governments. Pulling maintainers into the programme directly, rather than only the large operators downstream of them, is the right shape — the maintainers are exactly the people who have to absorb what Claude Mythos finds.

The patch gap, revisited

Two weeks ago the Glasswing story was an asymmetry: Claude Mythos Preview had surfaced more than 10,000 high- or critical-severity flaws, and only a tiny fraction were patched. The argument here at the time was blunt — defender velocity is not defender capacity, and the benchmark that matters is not ten thousand found but ten thousand patched.

The expansion answers that critique directly. Anthropic now commits to working with third parties on "substantially scaling up the reviewing and patching of vulnerabilities in open-source software", alongside scaling its Cyber Verification Program. According to the announcement, the company is moving the programme's centre of gravity from discovery toward repair — which is exactly the move the patch-gap argument asked for.

The benchmark that matters in twelve months is not ten thousand found. The benchmark is ten thousand patched. The Glasswing expansion is the first time Anthropic has put the repair side of that sentence in writing.

Naming the patch side is not the same as closing the gap. A commitment to scale reviewing and patching is a direction, not a delivered number, and the maintainers carrying the load will judge the programme on whether the help is real and the pacing is theirs to set. But moving the stated goal from finding to fixing is the right correction, and worth crediting plainly.

Claude Security goes public

The expansion ships a product alongside the programme. Claude Security is now a public offering built on Claude Opus 4.8 that scans a codebase and suggests patches — the defender-side capability that used to sit behind the Glasswing partner wall, now available more broadly. Anthropic is also releasing Glasswing tools on request to trusted security teams, so partners can find vulnerabilities faster.

The shape of the strategy is now legible. Glasswing is the gated, high-trust programme for critical-infrastructure operators and maintainers; Claude Security is the public product that brings a slice of the same capability to ordinary security teams; and the Cyber Verification Program is the safety scaffolding underneath both. Discovery, repair, and verification, built as three connected pieces rather than one firehose.

The Ubuntu test, still running

A system works because the people inside the system work — the Ubuntu principle, applied to security. The first Glasswing update flunked an early version of that test by pouring findings onto under-resourced maintainers faster than the maintainers could act. The expansion reads like a programme that heard the criticism: more maintainers funded and inside the tent, a stated pivot to patching, and a public product so the capability is not hoarded by fifty partners alone.

Emergent Intelligence — the dignity-first frame I use for these systems — asks that we measure a powerful capability by what it does for the people on the receiving end, not by the size of the number it generates. By that measure, the Glasswing expansion is a real step. The test is still the patch rate. Watch the patch rate.

Source: anthropic.com

Frequently Asked Questions

These are the questions security teams, open-source maintainers, and AI-governance readers have been asking since the expansion landed. Short answers follow, drawn from Anthropic's announcement and the prior Glasswing coverage.

What is Project Glasswing?

In short, Project Glasswing is Anthropic's defensive cybersecurity programme, launched in April 2026, that gives partner organisations early access to Claude Mythos Preview to find vulnerabilities in critical software. The answer, simply put, is that Glasswing puts a frontier security model in defenders' hands. The key is that data shows the programme has surfaced more than 10,000 high- or critical-severity flaws since April.

How does the Glasswing expansion change the programme?

According to Anthropic, the 2 June expansion roughly quadruples the partner count from about 50 to around 200 organisations across more than 15 countries, adds power, water, healthcare, communications, and hardware sectors, and introduces a Vendors class for codebase maintainers. The evidence shows the bigger change is a stated commitment to scale up patching, not just discovery.

Why is the patch gap still the real test?

The answer is that finding a vulnerability and fixing one are different problems. Research from the open-source community shows maintainers are often unfunded and overstretched, and the first Glasswing update found far more than anyone patched. In other words, a programme that scales discovery without scaling repair makes defenders' backlogs worse, which is why the patch rate, not the discovery rate, is the number that matters.

Who is in the expanded partner cohort?

The expanded cohort is roughly 200 organisations across more than 15 countries, spanning power, water, healthcare, communications, and hardware, plus a new Vendors class of codebase maintainers including those serving governments. According to Anthropic, the partners represent operators where a single major attack could affect more than 100 million people.

What are Claude Security and the Glasswing tools?

Claude Security is a public product built on Claude Opus 4.8 that scans a codebase and suggests patches, bringing defender-side capability beyond the Glasswing partner wall. The Glasswing tools are released on request to trusted security teams to help them find vulnerabilities faster. Analysis shows the two, together with the Cyber Verification Program, form a discovery-repair-verification stack.

Read alongside: Claude Mythos Found 10,000 Flaws — Only 97 Are Patched on the original patch-gap argument, Anthropic and MITRE on a year of AI-enabled attacks, and Claude Security in public beta on the defender stack.

Sources: Anthropic — "Expanding Project Glasswing" (2 June 2026); Anthropic — Claude Security.