Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos

This move comes as part of Anthropic’s announcement that it would expand Project Glasswing beyond its initial cohort of participants in the US and UK to more than 15 countries, including India.

Under the programme, vetted organisations are granted access to Claude Mythos Preview, an unreleased AI model that Anthropic says is capable of identifying critical software vulnerabilities at a level that could fundamentally alter the balance between cyber attackers and defenders. The company has so far restricted access to the model, citing concerns that its capabilities could be misused if released publicly.

The official added that NCIIPC, which falls under the National Security Advisor in the Prime Minister’s Office, and CERT-In had requested access to Mythos to identify vulnerabilities within India’s critical infrastructure such as banking and power. The Indian Express had earlier reported that the Indian government was in conversations with Anthropic’s senior leadership in the US for assistance in gaining access to the model.

Anthropic did not respond to a request for comment.

“Following several weeks of close collaboration with our Project Glasswing partners, the security industry, open-source software maintainers, and the US government, we’re extending the partnership to approximately 150 new organisations. Each one will need to meet our security requirements before they gain access… The organisations in this new group are based in more than 15 countries, and most provide critical infrastructure to many more,” Anthropic said in a blog post.

The new entities with which it is planning to share Mythos Preview operate in industries such as power, water, healthcare, communications, and hardware, Anthropic said. And many of the new partners are vendors – companies or non-profits that maintain codebases that are relied upon by lots of other organisations around the world, including governments.

Concerned about the potential impact that Mythos could have on India’s critical infrastructure, Finance Minister Nirmala Sitharaman, in April, held a high-level meeting, along with IT Minister Ashwini Vaishnaw to assess risks posed by the powerful model to the country’s banking sector.

During the meeting, the banking sector was asked to take pre-emptive steps to safeguard their systems from the AI model. Sitharaman directed the Indian Banks’ Association (IBA) to develop a coordinated institutional mechanism to respond swiftly and effectively to any such threat. She also directed banks to engage the best available cybersecurity professionals and specialised agencies “to continuously strengthen the defensive and monitoring capabilities of the banks”.

On June 4, Financial Times reported that Anthropic is helping the US National Security Agency deploy Mythos for “offensive cyber operations, embedding engineers inside the agency.” FT quoted a source as saying that “Mythos would be useful for infiltrating the networks of nations such as China or Iran.” This comes despite the Silicon Valley start-up’s legal battle with the US Defence department, which includes the NSA.

Anthropic drew a red line around Claude AI models to restrict US government’s use for mass surveillance of US citizens and lethal autonomous drones. That prompted a backlash, with the Pentagon calling the AI lab a “supply-chain risk”— a first for a US business. Anthropic has sued over this designation.

Last week, Anthropic filed for an initial public offering in the US that is set to value it at more than $1 trillion.