Project Glasswing

Reference note | intelligencenotes.com

BLUF

Project Glasswing is the government-facing collaboration through which Anthropic distributes its most capable, safeguard-lifted frontier models — the Mythos-class tier — to vetted cyberdefenders and critical-infrastructure providers for defensive vulnerability research. It is the access-governance channel that gates who operates the unsafeguarded configuration of a frontier capability the developer itself describes as posing a “substantial risk of uplift to malicious actors.” (Assessment / High.) As of June 2026 the program is the distribution route for Mythos 5, and its admission criteria — not model capability — are the operative proliferation-control surface. The structure is examined at length in Fable 5 and the Two-Tier Frontier.

Profile

• Fact: Announced 2026-04-07 alongside the Mythos Preview model. [primary/secondary, High]
• Fact: A private-sector cybersecurity consortium of approximately 50 companies at launch, with Apple, Amazon Web Services, Microsoft, Google, and CrowdStrike named in primary reporting. [primary/secondary, High]
• Fact: Anthropic committed approximately $100M in model usage credits to participants. [primary, High]
• Fact: Stated purpose is defensive — using frontier reasoning capability to identify software vulnerabilities before adversary exploitation. [primary, High]
• Fact: In June 2026 the program expanded to critical-infrastructure organizations across 15 countries and became the distribution channel for the productized Mythos 5 release; Anthropic announced a planned “trusted access program” allowing cybersecurity organizations to apply systematically, plus a separate biology program providing access to Fable 5 with biology and chemistry safeguards removed. [primary + TechCrunch, High]
• Gap: The specific 15 countries, the full member roster beyond the named firms, and the qualification criteria for an approved “cyberdefender” are not public.

Governance Significance

• Assessment: Glasswing functions as a privately governed, lightly regulated bug-bounty multiplier operating at frontier-capability scale. The consortium boundary is the de facto proliferation control for the safeguard-lifted tier — and because its admission criteria are unpublished, the regime cannot be audited against Anthropic’s own Responsible Scaling Policy or any external standard. Confidence: High.
• Fact: Anthropic proposed expanding the consortium from approximately 50 to approximately 120 organizations; the White House informed Anthropic it does not agree (WSJ, 2026-04-30). [primary, paywalled, Medium-High via relay]
• Assessment: White House opposition to expansion, examined in Claude Mythos, most plausibly reflects a US proliferation-control posture — constraining which firms (potentially including foreign affiliates) receive frontier-cyber capability — rather than a safety-ethics objection alone. Confidence: Medium.

Key Connections

• Anthropic — operator
• Mythos 5 — the distributed capability
• Fable 5 and the Two-Tier Frontier — the thematic assessment
• National Security Agency · Dual-Use Technology · Responsible Scaling Policy
• Vulnerabilities Equities Process

Sources

• Anthropic — anthropic.com/news/claude-fable-5-mythos-5 and the April-2026 Mythos Preview materials (program purpose, $100M credit commitment, June expansion, trusted-access and biology programs). [primary, vendor, High confidence]
• TechCrunch — 2026-06-09 (June expansion to critical-infrastructure organizations across 15 countries; approved-organizations framing). [secondary, independent, High confidence]
• Bloomberg / Wall Street Journal — 2026-04-30 (consortium composition; White House opposition to ~120-organization expansion). [primary, paywalled, Medium-High via relay]
• Derived from Claude Mythos — prior assessment. [archive, High on its own cited facts]