Key Takeaways
- Anthropic has granted the EU’s cybersecurity agency ENISA early access to the Mythos AI preview through the expanded Project Glasswing program.
- Project Glasswing, initially limited to 40 US/UK participants, now adds 150 organizations from ~15 countries, giving defenders hands‑on testing of a frontier model that can uncover tens‑to‑hundreds of vulnerabilities in minutes.
- Industry experts view the move as essential for building informed policy and accelerating defender capabilities, warning that traditional manual patching is becoming obsolete.
- Access includes a pool of $100 million in credits for testing, likely to increase as more participants join.
- Anthropic’s public filing hints at a $1 trillion valuation, yet the company remains unprofitable and has sent mixed signals about Mythos AI’s release timeline—ranging from “coming weeks” to enterprise availability in 2026‑2027.
- ENISA plans to use Mythos AI to evaluate EU‑RED and EU‑CRA certified products, assess exploit severity, and potentially reshape certification processes.
- New Glasswing members include Samsung, Okta, NATO, South Korea’s KISA, and SK Telecom, alongside existing US government, Microsoft, major cybersecurity firms, and financial‑sector participants.
- Competing frontier models such as OpenAI’s GPT‑5.5‑Cyber and Google’s Big Sleep are also offering limited EU access, underscoring a rapid escalation in AI‑driven cybersecurity capabilities.
- Security leaders argue that AI‑generated vulnerability discovery will shift the bottleneck from finding flaws to human remediation capacity, necessitating automated code review, machine‑speed patching, and agentic AI safeguards.
- The expansion aligns with Anthropic’s strategic goal to appease regulators, showcase enterprise demand for its Claude Code products, and position itself for lucrative government and critical‑infrastructure contracts despite current financial losses.
Expansion of Project Glasswing and ENISA Access
Anthropic has confirmed that the European Union Agency for Cybersecurity (ENISA) will receive early access to the Mythos AI preview under the Project Glasswing program. This decision follows weeks of concern that Europe lagged behind the United States and United Kingdom in preparing for advanced AI‑driven threat detection. ENISA’s inclusion marks a limited but significant widening of the initiative, which originally served only 40 high‑value US and UK organizations. The spokesperson for the European Commission noted that several productive meetings with Anthropic paved the way for this arrangement, underscoring the bloc’s push to bring regulators closer to cutting‑edge AI capabilities.
Background and Purpose of Project Glasswing
Launched in early April, Project Glasswing provides government agencies and prominent private organizations—identified as high‑value targets for hackers—with a sandbox to test their defenses against a preview of the forthcoming Mythos AI. Early results indicate that frontier models of this caliber can surface tens to hundreds of previously unknown vulnerabilities in a very short timeframe, including flaws that may have lain dormant for decades. While there is limited evidence that the model can autonomously assemble exploit chains, its primary value lies in rapid, large‑scale vulnerability discovery that accelerates defender insight.
Expert Perspectives on the Strategic Importance
Uzair Gadit, CEO of Secure.com, praised the ENISA partnership as a “smart move,” arguing that defenders learn fastest when they can interact directly with frontier models rather than rely on second‑hand reports. He emphasized that placing EU experts near the technology enables informed policy‑making instead of speculative guesswork. Gadit warned that the threat landscape has accelerated: tasks that once required a skilled hacker and days of preparation can now be completed by an AI tool in roughly 20 minutes, heightening the urgency for proactive defenses.
Details of Access Credits and Participant Scope
Current Project Glasswing participants have been allocated a pool of $100 million in access credits for testing Mythos AI. Anthropic indicated that this amount will almost certainly rise as the program expands to accommodate the new cohort of 150 organizations across roughly 15 countries. The credits fund computational runs, allowing testers to push the model against diverse systems and gauge its vulnerability‑finding potency under realistic conditions.
Conflicting Signals on Mythos AI Release Timeline
Anthropic has not announced a firm release date for Mythos AI, and recent communications have been contradictory. A brief mention in the Opus 4.8 launch suggested Mythos would reach “all customers” in the “coming weeks,” while another statement indicated that broad enterprise API availability might not arrive until 2026‑2027, with comparable competitors launching sooner. This ambiguity has fueled prediction markets favoring a July launch, yet most analysts expect enterprise access later in the decade and general consumer availability around 2027.
Anticipated Applications and Questions for ENISA
Joshua Marpet, senior product security consultant at Finite State, speculated on how ENISA might employ Mythos AI. Potential uses include evaluating EU‑RED and EU‑CRA certified products, assessing items awaiting certification, and determining appropriate exploit severity ratings. Marpet raised the pivotal question of whether the insights gained will alter the initial certification or ongoing maintenance processes—a matter that will become clearer as testing progresses.
New Participants Joining Project Glasswing
Beyond ENISA, the upcoming wave of Glasswing members includes major technology and infrastructure players such as Samsung, authentication leader Okta, NATO, South Korea’s Korea Internet & Security Agency (KISA), and telecommunications giant SK Telecom. These join the existing roster, which already comprises US government entities, Microsoft, leading cybersecurity firms, and significant financial‑sector institutions. Anthropic has not yet published a full list, but the named additions have been confirmed by the organizations themselves.
Comparative Landscape of Frontier AI Cybersecurity Models
Mythos AI is positioned alongside other leading frontier models that present both novel cybersecurity threats and near‑term availability to threat actors. OpenAI’s recently promised EU access to an advanced version of GPT‑5.5‑Cyber mirrors Anthropic’s approach, while Google’s Big Sleep—though not operating a formal program like Project Glasswing—has demonstrated autonomous detection and reproduction of security flaws in open‑source projects, including at least one previously known only to adversaries. This competitive environment underscores a rapid acceleration in AI‑driven offensive and defensive capabilities.
Implications for Vulnerability Management and Patching Practices
John Carberry, solution sleuth at Xcape, contended that the security community must already treat traditional manual patching as obsolete. Project Glasswing’s integration of ENISA exemplifies a geopolitical rebalancing that enables international defenders to scan critical infrastructure before adversaries weaponize discovered flaws. Consequently, the enterprise bottleneck shifts from vulnerability discovery to human remediation capacity, urging organizations to adopt automated code review, machine‑speed patching workflows, and agentic AI safeguards embedded within development pipelines to keep pace with an attack surface that now evolves at computational speed.
Broader Context: Anthropic’s IPO Filing and Market Position
The expansion of Mythos AI’s access was somewhat eclipsed in headlines by Anthropic’s announcement of a public filing with an anticipated potential valuation of $1 trillion USD. Despite the lofty figure, the company remains unprofitable, reportedly operating at a loss of tens of billions of dollars monthly. Strong enterprise demand for its existing Claude Code products and a strategic push into the cybersecurity market likely motivate the Glasswing expansion, serving both to placate regulators eager for oversight and to court lucrative government and critical‑infrastructure contracts.
This synthesis captures the essential developments, expert commentary, and broader implications surrounding Anthropic’s Project Glasswing expansion and ENISA’s newly granted access to the Mythos AI preview.