Anthropic to expand Mythos access to more than 15 countries

Anthropic will distribute its Mythos artificial intelligence model to 150 organisations across the world, vastly expanding access to its powerful cyber security software beyond the US and UK.

The AI lab said on Tuesday that it would extend “Project Glasswing” — an industry initiative to use Mythos to find and patch security vulnerabilities — to companies and institutions in more than 15 countries.

The move comes a day after Anthropic filed for an initial public offering that could value the company at more than $1tn, underlining the growing commercial and geopolitical significance of AI to critical national security.

New countries to be granted access to Mythos include countries in the “Five Eyes” intelligence alliance, such as Canada, Australia and New Zealand. Other nations include France, Germany, Italy, Switzerland, the Netherlands, Spain, Belgium, Sweden, India, Japan and South Korea, according to a person familiar with the matter.

Companies that can access Mythos as part of the expansion include US tech group Okta and South Korean companies Samsung, SK Hynix and SK Telecom.

Nato, the US-led military alliance headquartered in Brussels, has also been given access, along with the EU’s cyber security agency, Enisa, according to people familiar with the matter.

Anthropic launched Claude Mythos Preview in April but initially limited access to a group of about 50 largely US companies, citing the AI model’s advanced coding capabilities and the potential for it to be used for hacking.

The company has also worked closely with the US government on the rollout, with Trump administration officials examining its apparent ability to identify cyber security flaws and exploits in IT systems.

The model’s release sparked anxiety among non-US groups, such as banks, regulators and governments across the world, which lobbied for access to Mythos or briefings on what Anthropic had found.

Since the initial launch of Mythos, rival OpenAI has launched its GPT-5.5 model, which has similar capabilities and has been rolled out to a larger group of trusted partners. Cyber security experts have suggested that other frontier models will also soon catch up.

Anthropic said new organisations to be given Mythos provide critical infrastructure covering financial services, cyber security and technology. But the company added that the new members of Project Glasswing covered “several industries that weren’t as well represented in our initial cohort, such as power, water, healthcare, communications, and hardware”.

Without providing names, Anthropic said its new partners included “companies or nonprofits that maintain codebases that are relied upon by lots of other organizations around the world, including governments”.

“What each partner has in common is that a successful attack on their codebase could be catastrophic,” it said, estimating that “for most partners . . . a major attack could affect more than 100 million people, with important ramifications for both global and national security”.

The UK’s AI Security Institute (AISI), a government research body that tests frontier AI models, was, until recently, the only known non-US group with access to the model.

AISI assessed Mythos in April and said the model could execute sophisticated cyber attacks “that would take human professionals days of works”.

However, in a blog post last month, the research agency said it was “unclear” whether Mythos was “an isolated break from existing rates of progress” or “part of a new, faster trend”.

Tech groups such as Microsoft, Apple and Oracle had previously been given access to Mythos, as well as US banks such as JPMorgan Chase and cyber security groups, including CrowdStrike.

EU officials visited San Francisco last week to discuss joining Project Glasswing, and Anthropic wrote in a blog post last week that it expected “to be able to bring Mythos-class models to all our customers in the coming weeks”.

The AI lab on Tuesday said it planned “to expand Project Glasswing even further, prioritising additional essential infrastructure providers, maintainers of critical open-source software, and safety testers” across the world.

Anthropic estimated that “many other AI companies will have Mythos-class models” within six to 12 months, warning that “they could release them without safeguards that prevent misuse. In that world, cyber attacks could occur much more often, and in much more unpredictable forms.”

Additional reporting by Henry Foy in Brussels, Daniel Tudor in Seoul and Isabel Berwick in London