- Anthropic is expanding Mythos access to 150 additional organizations, bringing the total to ~200; new participants span 15 countries across power, healthcare, and communications sectors, and include the EU’s cybersecurity body ENISA
- Mythos can identify and exploit vulnerabilities “in every major operating system and every major web browser” — Anthropic initially limited it to a handful of large tech and Wall Street firms through Project Glasswing in April due to its offensive capability
- Since launch, Mythos has been used to find over 10,000 serious vulnerabilities across participating organizations, validating its utility as a defensive security tool at scale
- The expansion coincides with Anthropic’s confidential IPO filing this week and its $965 billion funding round — Mythos’ cybersecurity capabilities have been a key driver of new enterprise customers and are central to the company’s differentiation from OpenAI
What Happened?
Anthropic is opening access to Mythos — its most powerful and most restricted AI model — to 150 additional organizations, expanding from a tightly controlled initial cohort to roughly 200 total groups. The new participants are based in 15 countries and span critical infrastructure sectors including power, healthcare, and communications, as well as organizations that produce widely-used open-source code. The EU’s cybersecurity agency ENISA is among those gaining access. Mythos was initially released only to a handful of large tech companies and Wall Street firms through Project Glasswing in April, after Anthropic determined the model was too dangerous for general release due to its ability to autonomously identify and exploit vulnerabilities in every major operating system and web browser. Since its limited launch, it has helped uncover more than 10,000 serious vulnerabilities.
Why It Matters?
Mythos is Anthropic’s most commercially and strategically differentiating product. Its defensive cybersecurity utility — 10,000+ vulnerabilities found in weeks — has proven the model’s value in enterprise settings and has been a meaningful driver of the corporate client revenue growth that powered Anthropic’s first operating profit in Q2. The controlled expansion to critical infrastructure operators and open-source code maintainers is tactically brilliant: it embeds Mythos in the organizations whose software security failures have the highest global consequence, building a network of dependency and goodwill that no competitor can easily replicate. The ENISA access is geopolitically significant — it signals Anthropic is positioning itself as a trusted partner to Western governments, not just a commercial AI vendor, at a moment when AI governance is becoming a major transatlantic policy priority.
What’s Next?
Anthropic said it has made “swift progress” on safety safeguards and plans to widely release new AI models in coming weeks with cybersecurity capabilities comparable to Mythos — effectively commoditizing what was formerly its most exclusive product. That broad release will bring both revenue scale and scrutiny: when Mythos-level offensive capabilities are available to any paying customer, the regulatory and liability questions multiply. The IPO filing timing is deliberate: Anthropic wants the Mythos expansion narrative — 150 new orgs, 15 countries, critical infrastructure partnerships — as part of its S-1 story. Investors will be evaluating whether Anthropic can turn its cybersecurity moat into a durable, recurring revenue stream, or whether the rapid commoditization of these capabilities undermines the premium the company commands in the enterprise market.
Source: Bloomberg
