In a major victory for the nation’s digital infrastructure security, select organizations in India have officially been granted access to Anthropic’s highly restricted, frontier cybersecurity AI model, Claude Mythos.

The rollout arrives as part of a significant international expansion of Anthropic’s Project Glasswing, widening the deployment of the defensive AI model from its initial pool of 50 mostly US-based partners to approximately 150 organizations across more than 15 countries.

The inclusion of Indian institutions is a standout strategic pivot. While the rest of the expansion focuses heavily on formal Western intelligence alliances—such as NATO, the EU’s cybersecurity agency ENISA, and members of the Five Eyes network (Canada, Australia, and New Zealand)—India’s entry highlights its critical importance as a key partner in safeguarding global technology supply chains and digital public infrastructure.

1. What is Claude Mythos? The Forbidden Framework

Introduced as a closed research preview in April 2026, Claude Mythos is a specialized large language model engineered specifically to automate deep-tier cybersecurity auditing.

Unlike general-purpose public models like Claude Sonnet or Opus, Mythos possesses architectural coding and visual reasoning capabilities that make it a hyper-effective tool for vulnerability discovery. It operates with an expansive 1-million-token context window and a massive 128,000-token output capacity—enabling it to ingest whole software repositories and analyze complex, sprawling codebases all at once.

Because the model’s capabilities are so advanced, Anthropic has explicitly classified it as a severe systemic risk if released to the general public. The primary concern is a dangerous defensive paradox: the same software intelligence required to detect a highly hidden software flaw can be easily flipped by bad actors to build complex, multi-stage zero-day cyberattacks.

2. Elite Exploitation: Breaking Open Old Zero-Days

Anthropic’s extensive 245-page system card for Mythos details staggering benchmarks that explain why global governments and enterprise giants have spent months lobbying for access:

• The OSS-Fuzz Decimation: When run against roughly 1,000 open-source repositories from the OSS-Fuzz corpus, Mythos independently mapped entry points, bypassed traditional guardrails, and triggered 595 severe crashes—achieving full control flow hijack on ten separate, fully patched targets.
• The Browser Breakthrough: Testing verified that Mythos successfully reversed-engineered security architectures inside Mozilla’s Firefox JS engine, turning uncovered vulnerabilities into working register-control exploits 181 times.
• Exposing 27-Year-Old Bugs: Highlighting its capability to dig up legacy code vulnerabilities, the model successfully unearthed and flagged a hidden, unpatched bug buried inside OpenBSD that had gone entirely unnoticed for 27 years.

3. Project Glasswing: Shifting the Balance to Absolute Defense

To offset the weaponization risks, Anthropic runs Project Glasswing as a highly gated, defensive-only sandbox. Under the strict legally binding frameworks of the initiative, participating organizations are barred from exploring offensive exploitations. Instead, the AI serves as a tireless automated auditor tasked with patching critical software before criminal syndicates find a vulnerability window.

                [ PROJECT GLASSWING EXTENDED COHORT ]
                                  │
      ┌───────────────────────────┼───────────────────────────┐
      ▼                           ▼                           ▼
[ INFRASTRUCTURE SECTORS ]  [ REGIONAL ADDITIONS ]     [ NEW TECH/FIN CORE ]
• Power & Water Utilities   • India & South Korea      • Samsung & SK Hynix
• Healthcare Systems        • G7 & Five Eyes Nations   • Okta & SWIFT Network
• Communications Core       • NATO & EU ENISA Labs     • Euroclear & ICE (NYSE)

By late May 2026, early tech partners—including Apple, Microsoft, Google, CrowdStrike, and JPMorgan Chase—had already utilized the model to successfully uncover and remediate over 10,000 high- or critical-severity software flaws.

The newly expanded global cohort broadens this shield to critical consumer ecosystems. Alongside unreleased Indian institutions, fresh corporate additions include identity provider Okta, hardware titans Samsung and SK Hynix, and global transaction backbones like Euroclear and the SWIFT payment network.

4. Why India’s Access is Critical

While the list of the exact Indian defense agencies, critical infrastructure operators, or enterprise software firms receiving access remains strictly classified, the geopolitical timing is intentional.

Indian financial backbones, public utility grids, and government communication networks have increasingly become high-priority targets for complex, state-sponsored cyber espionage. Gaining native, local access to the Mythos engine allows domestic engineering teams to perform real-time, deep-level security audits of their codebases locally.

This ensures that the digital public infrastructure supporting millions of daily Indian digital transactions is hardened against sophisticated external threats, cementing the nation’s status as a secure, self-reliant global technological hub.