Full Report
150 new organizations inducted to cyber’s Soho House, including the first outside the US
Analysis Summary
# Industry News: Anthropic Expands Exclusive "Glasswing" Program Amid Geopolitical Tension
## Summary
Anthropic has announced a fourfold expansion of its "Project Glasswing" initiative, granting 150 new organizations—including international entities for the first time—access to its high-powered Mythos Preview AI model. However, the selective nature of the expansion has sparked a competitive and political firestorm, as UK financial institutions were largely excluded, prompting them to turn to OpenAI’s rival GPT-5.5 Cyber model.
## Key Details
- **Date:** June 3, 2026
- **Companies Involved:** Anthropic (primary), OpenAI, JPMorganChase, HSBC, Lloyds Banking Group, Samsung, SK Hynix, ENISA.
- **Category:** Partnership / Product Beta Expansion
## The Story
Project Glasswing is Anthropic’s "private members’ club" for elite cybersecurity entities and critical infrastructure providers. It offers early access to the **Mythos Preview** model, an AI engine Anthropic claims is so powerful at discovering zero-day vulnerabilities that it is currently too "dangerous" for general public release.
The latest expansion increases the cohort from 50 to 200 members across 15 countries. Notable new inductees include South Korean tech giants Samsung and SK Hynix, as well as the EU’s cybersecurity agency, ENISA. However, the exclusion of major UK banks (and the Bank of England) has caused significant friction. While JPMorganChase secured access, UK giants like HSBC and Lloyds were snubbed, leading to concerns that US-centric gatekeeping is leaving global financial systems vulnerable. In response, OpenAI has moved to fill the void, offering nine UK banks access to its GPT-5.5 Cyber model as a direct alternative.
## Business Impact
### For the Companies Involved
- **Anthropic:** Solidifies its reputation as a "safety-first" elite provider but risks alienating major global sectors due to perceived US-centric bias and political gatekeeping.
- **OpenAI:** Gains a significant strategic foothold in the UK financial sector by acting as the "responsive" alternative to Anthropic’s exclusivity.
### For Competitors
- The "scarcity marketing" employed by Anthropic has created a vacuum that competitors like OpenAI and Google are eager to fill. The 6–12 month window before general Mythos-level capabilities become commoditized is the primary battleground for market share.
### For Customers
- **The "Ins":** Selected organizations gain a massive defensive (and potentially offensive) head start in vulnerability research.
- **The "Outs":** Excluded critical infrastructure entities face a disadvantage, potentially creating uneven security postures across the global financial landscape.
### For the Market
- This signals the rise of "Cyber-Class" AI models—specialized, restricted versions of LLMs specifically tuned for security operations, distinguished from general-purpose consumer models.
## Technical Implications
The Mythos model is characterized as an "expert bug hunter" capable of chaining low-severity vulnerabilities into complex exploits. While some testers (like Cloudflare's CISO) report success in finding novel bugs, others dismiss it as "marketing hype," noting high false-positive rates in tools like cURL. The core technical challenge remains "alignment": creating a model that can fix code without providing a blueprint for attackers to exploit it.
## Strategic Analysis
- **Market Positioning:** Anthropic is positioning itself as the "Soho House" of cyber AI—exclusive, high-status, and security-vetted.
- **Competitive Advantage:** Early access to zero-day discovery capabilities provides a massive first-mover advantage for defensive patching.
- **Challenges:** Political intervention and export controls are becoming major hurdles. The "single point of failure" risk arises if an entire sector relies on one model that could be "turned off" or biased by its host nation.
## Industry Reactions
- **Critical:** Industry veterans like Kevin Beaumont and Daniel Stenberg (cURL) have labeled the exclusivity and "danger" claims as a marketing stunt.
- **Political:** Bank of England Governor Andrew Bailey has publicly expressed frustration over the exclusion, hinting at US government interference in the distribution of these tools.
## Future Outlook
- **Predictable Convergence:** Anthropic expects "Mythos-level" capabilities to be standard across the industry within 6–12 months.
- **Watch For:** The release of "Cyber Verification Programs" which may act as a middle ground—granting limited access for specific defensive tasks without handing over the full "keys" to the model.
## For Security Professionals
Practitioners should note that the era of AI-driven zero-day discovery is moving from theory to production. While currently restricted to an elite 200 organizations, the rapid development cycles of OpenAI and Anthropic suggest that high-speed, automated vulnerability research tools will be available to both defenders and attackers globally within the next year. Prepare for a significantly compressed "time-to-exploit" window for new vulnerabilities.