Why is ENISA joining Project Glasswing significant?

ENISA (European Union Agency for Cybersecurity) is the first EU institution outside the US and UK to receive access to Claude Mythos. This was the result of intensive US-EU negotiations and marks the first step toward integrating the AI security program into the European regulatory framework.

How many vulnerabilities has Claude Mythos found?

Claude Mythos has found over 23,000 security vulnerabilities since Project Glasswing launched in April 2026, with more than 10,000 rated high or critical severity. Of 1,726 manually verified findings, 90.6 percent were confirmed as accurate.

What sectors does the new Glasswing round cover?

The 150 new partner organizations come from energy supply, water utilities, healthcare, communications infrastructure, and hardware manufacturing. These sectors had limited representation in the first Glasswing round.

What is the core challenge with AI-powered vulnerability scanning?

Fewer than 1 percent of vulnerabilities found by Claude Mythos have been patched so far. AI discovers vulnerabilities far faster than organizations can fix them. The median time from vulnerability disclosure to weaponized exploit dropped from 771 days in 2018 to just hours in 2024.

Empty EU agency briefing room after an AI security coordination meeting, laptops and documents left on the table

Project Glasswing: ENISA and NATO Join AI Security Program

Q: What is Project Glasswing?

Project Glasswing is an Anthropic initiative where the AI model Claude Mythos autonomously searches for security vulnerabilities in systemically important software. Since its launch on April 7, 2026, around 50 founding partners including Apple, Google, Microsoft, and AWS have participated. By June 2026 the program had expanded to 200 organizations across 15 countries.

Q: What does this mean for European critical infrastructure operators?

The new Glasswing sectors (energy, water, healthcare, communications) correspond exactly to NIS2 Directive 'essential entities'. ENISA will develop guidelines as a Glasswing participant that will influence NIS2 requirements. Germany's BSI is in direct contact with Anthropic.

200 partners in 15 countries, 23,000 vulnerabilities, and EU access to Claude Mythos for the first time

Anthropic expanded Project Glasswing to 200 partner organizations on June 2, 2026. The key development: ENISA is the first EU institution outside the US and UK to receive access to Claude Mythos. Germany is explicitly included. For European enterprises in NIS2-regulated sectors, this has direct strategic consequences.

Summary

Project Glasswing has found over 23,000 security vulnerabilities in systemically important software since its launch on April 7, 2026. On June 2, 2026, Anthropic expanded the program to 200 partners across 15 countries, including for the first time the EU cybersecurity agency ENISA and NATO. ENISA is the first institution outside the US and UK with access to Claude Mythos, the result of intensive US-EU negotiations. For European critical infrastructure operators, this matters because ENISA as a Glasswing participant will develop guidelines that influence NIS2 compliance.

From 50 to 200: What Changed on June 2, 2026

Project Glasswing launched on April 7, 2026, with around 50 partner organizations, predominantly US technology companies including Apple, Google, Microsoft, AWS, and CrowdStrike. These organizations used Claude Mythos to scan their own codebases for security vulnerabilities. The result: over 23,000 vulnerabilities in systemically important software, more than 10,000 rated "high" or "critical" severity. On June 2, 2026, Anthropic announced a significant expansion of the program.

The 150 new members come from more than 15 countries and cover sectors that were barely represented in the first round. Explicitly named new partners: ENISA, NATO, US identity provider Okta, and South Korean conglomerates Samsung, SK Hynix, and SK Telecom. Germany is explicitly listed as one of the 15+ countries.

23,000+

security vulnerabilities found since April 2026

200

partners across 15+ countries after June 2026 expansion

90.6%

accuracy rate on manually verified findings

<1%

of found vulnerabilities patched so far

100M+

people potentially affected per partner organization

771 days to hours

exploit timeline from disclosure to attack (2018 vs. 2024)

April 7, 2026

Glasswing Launch

Anthropic launches Project Glasswing with 12 founding partners and around 40 additional organizations. Claude Mythos autonomously finds thousands of security vulnerabilities in the first weeks.

May 28, 2026

Formal US-EU Session

The US and EU Commission hold a formal coordination session to establish the terms for ENISA's access to Claude Mythos.

June 2, 2026

Expansion to 200 Partners

Anthropic announces expansion to 200 organizations in 15+ countries. ENISA receives access to Claude Mythos as the first EU institution. NATO and Germany are included.

EU & Europe

ENISA as Glasswing Partner: First Access Outside US and UK

The admission of the European Union Agency for Cybersecurity marks a geopolitically significant moment: it is the first institution outside the US and UK to receive access to Claude Mythos. Claude Mythos is not publicly available because Anthropic considers the misuse risk too high. Every access grant is therefore a negotiated result, not a given.

Security analyst at an EU government agency reading a multi-page technical report on AI vulnerability scanning at a desk — ENISA staff reviewing Claude Mythos findings - for the first time, an EU agency has access to the AI security model.

Why ENISA access is exceptional: Claude Mythos identifies vulnerabilities autonomously, without human direction. The same model that helps defenders could also serve attackers. Anthropic has therefore withheld it from public release. The ENISA admission was the result of weeks of US-EU negotiations, with a formal session on May 28, 2026.

What ENISA Will Do With Access

ENISA will use Claude Mythos to scan critical infrastructure across the European Union for vulnerabilities. The geographic scope covers all EU member states. As a Glasswing participant, ENISA will publish findings and recommendations in the coming months. For NIS2-regulated companies, this matters: ENISA's guidance has direct influence on national supervisory authorities.

Newly included (June 2026)

ENISA (EU cybersecurity agency)

NATO

Germany

Samsung, SK Hynix, SK Telecom

Okta

Energy and water utilities

Not yet included

BSI (in contact negotiations)

European SMEs

Under-resourced open source projects

Local government

Non-critical-infrastructure SMEs

Non-KRITIS service providers

BSI: In Direct Contact with Anthropic

Germany's Federal Office for Information Security (BSI) is reportedly in direct contact with Anthropic. Whether and when the BSI will officially become a Glasswing participant remains open. Once it does, concrete requirements or recommendations for critical infrastructure operators in Germany will follow. This development should be monitored closely.

Assessment

For the EU digital sovereignty debate, the signal is ambivalent: Europe gains access to the leading AI security tool, but under US terms and US governance. For practical purposes, the benefit outweighs the concern - access is better than exclusion.

Critical Infrastructure Under Scrutiny

The new Glasswing sectors correspond exactly to the categories the NIS2 Directive classifies as "essential entities": energy, water, healthcare, communications, and digital infrastructure. For European enterprises, this creates a direct link between the Glasswing program and their regulatory obligations. NIS2 has been in force across EU member states since late 2024 and mandates active vulnerability management and incident reporting within 24 hours.

Vulnerabilities found (high or critical) 10,000+

Verification rate (manually reviewed) 90.6%

Of those, patched so far <1%

Each partner organization in Glasswing would affect over 100 million people if their infrastructure were successfully attacked, according to Anthropic. This is not an abstract risk: a single attack on an unpatched, known vulnerability compromised more than 2,500 organizations across 106 countries fully automatically in 2025.

"What each partner has in common is that a successful attack on their codebase could be catastrophic."

Anthropic on the new Glasswing partners , June 2026

Regulatory Context

The New Standard: AI Security Scanning as Regulatory Expectation

The Glasswing expansion sets a new benchmark for everyone providing security services to critical infrastructure operators: AI-powered vulnerability scanning is becoming an expectation, not an option. This has consequences for security teams, managed security providers, and regulators. OpenAI has in parallel given selected partners test access to GPT-5.5-Cyber - competition for the standard in AI-powered cybersecurity in Europe has begun.

Network technician seen from behind inserting a cable into a dense server rack cabinet in a dimly lit operations room — Network infrastructure as target: AI models like Claude Mythos scan thousands of connection points in hours that manual reviewers would take weeks to cover.

The Core Problem: Finding Is Not the Same as Fixing

Fewer than 1 percent of vulnerabilities found by Claude Mythos have been patched so far. This shows the bottleneck is no longer discovery but remediation speed. The median time from vulnerability disclosure to a weaponized exploit dropped from 771 days in 2018 to just hours in 2024. Finding vulnerabilities without fixing them creates transparency for attackers.

10x

faster detection through AI vs. manual testing

$100M

usage credits from Anthropic for partners

6-12 months

until competitors develop comparable models

Criticism: Who Benefits, Who Does Not

The Glasswing program favors large technology companies and government agencies. Smaller open-source projects and SMEs have no direct access. IBM has announced commercial extensions based on Glasswing findings - the ecosystem of commercial AI security products is building on the program's results without giving everyone the same access. The question of responsibility for disclosure also remains unresolved: who decides when a vulnerability found by Mythos is made public, when thousands are found simultaneously?

What Organizations Should Do Now

For European enterprises in NIS2-regulated sectors, June 2, 2026 carries a clear message: ENISA and national cybersecurity agencies are now actively integrated into the leading AI security program. What ENISA publishes as a result of its Glasswing work will influence regulatory requirements across Europe.

Five Steps to Prepare

Measure Patch Velocity

Determine how long it currently takes from discovering a critical vulnerability to fixing it. This baseline determines whether your operations can meet the NIS2 reporting obligation (24 hours).
Monitor BSI and ENISA Announcements

Once the BSI officially joins the Glasswing program, requirements or recommendations for critical infrastructure operators will follow. Plan resources now to implement these.
Make Vulnerability Management AI-Ready

Traditional penetration tests deliver one result per quarter. AI-powered scanning delivers thousands of findings per week. Check whether your MSSP or internal team is prepared for this volume.
Evaluate ENISA Publications

ENISA will incorporate Glasswing findings into guidelines and recommendations. For NIS2-regulated organizations, these are not optional - subscribe to the ENISA newsletter and plan an annual compliance review.
Read the Background Articles

A detailed analysis of Project Glasswing and Claude Mythos capabilities and AI agents and enterprise security is available in the linked articles.

Frequently Asked Questions

What is Project Glasswing? +

Project Glasswing is an Anthropic initiative where the AI model Claude Mythos autonomously searches for security vulnerabilities in systemically important software. Since launching on April 7, 2026, organizations from technology, critical infrastructure, and government have participated. The model operates fully autonomously without human direction and has already found over 23,000 vulnerabilities.

Why is ENISA's admission to Project Glasswing significant? +

ENISA is the first EU institution outside the US and UK with access to Claude Mythos. This is the result of intensive US-EU negotiations. It marks the first step toward integrating the AI security program into the European regulatory framework and opens the path for NIS2-relevant guidelines.

What does this mean for European critical infrastructure operators? +

The new Glasswing sectors (energy, water, healthcare, communications) correspond exactly to NIS2's "essential entities". ENISA will develop guidelines as a Glasswing participant that influence NIS2 requirements. Germany's BSI is in direct contact with Anthropic. Operators should measure their patch velocity and closely follow BSI and ENISA announcements.

How many vulnerabilities have been found and how accurate is Claude Mythos? +

Claude Mythos has found over 23,000 security vulnerabilities since April 2026, with more than 10,000 rated high or critical severity. Of 1,726 findings manually verified by Anthropic researchers, 90.6 percent were confirmed accurate, with 1,094 rated high or critical.

What is the biggest challenge with AI-powered vulnerability scanning? +

The bottleneck is no longer discovery but remediation speed. Fewer than 1 percent of vulnerabilities found by Claude Mythos have been patched. The median time from disclosure to a weaponized exploit dropped from 771 days in 2018 to just hours in 2024. Organizations need to fundamentally accelerate their patch processes.

Does Claude Mythos have competition? +

Yes. OpenAI has given selected partners test access to GPT-5.5-Cyber in parallel. Anthropic itself warns that competitors could develop comparable models within 6 to 12 months. Competition for the standard in AI-powered cybersecurity in Europe has begun.