For months, India's technology industry watched from the outside as a restricted circle of American companies quietly used the world's most powerful AI to hunt vulnerabilities in critical software. That changed on June 2, 2026.

Anthropic announced a major expansion of Project Glasswing — its invite-only AI cybersecurity program — bringing in roughly 150 new organizations spanning more than 15 countries. India is now among them. For a country that hosts over 2,100 Global Capability Centres and whose tech firms maintain code used by hundreds of millions of people globally, the inclusion was overdue. For Indian policymakers who spent weeks lobbying Washington and San Francisco for access, it was a relief.

The model at the center of all this is Claude Mythos Preview. Anthropic hasn't released it to the public and has no immediate plans to. The reason is straightforward: it can find and chain software vulnerabilities — including zero-days buried in production code for decades — with a speed and precision that outpaces all but the most elite human security researchers. Put in the wrong hands, it becomes an offensive weapon. Inside Project Glasswing, it's a shield.

What Is Project Glasswing — And Why Does It Matter?

Anthropic launched Project Glasswing on April 7, 2026, alongside the public reveal of Claude Mythos Preview. The premise was simple but the stakes were enormous: Mythos could autonomously scan codebases and surface critical security flaws faster than any team of human researchers. That same capability, Anthropic acknowledged, could eventually be misused to attack the very systems it was designed to protect.

Rather than lock the model away entirely — or release it with insufficient safeguards — Anthropic took a middle path. It selected roughly 50 initial partners, all of them vetted, all focused on defense, and gave them controlled access. The initial cohort included technology giants like Apple, Microsoft, AWS, Google, and Nvidia, alongside financial institutions like JPMorgan Chase and cybersecurity firms including CrowdStrike and Palo Alto Networks. The US government was also among the first in.

The June 2 expansion is a different animal. Where the first wave was dominated by large American tech and finance companies, the new cohort deliberately targets sectors that were underrepresented: power grids, water utilities, healthcare networks, communications providers, and hardware manufacturers. These are the industries where a successful cyberattack doesn't just disrupt a business — it can affect the daily lives of hundreds of millions of people.

How Anthropic Thinks About the Risk

Anthropic has been remarkably candid about why Mythos isn't available to the general public. The company's core concern is the asymmetry between offense and defense in cybersecurity: a single attacker who finds a zero-day in widely-used software can cause catastrophic damage before defenders can respond. Mythos tips that asymmetry in favor of defenders — but only if defenders get to it first.

The company estimates that within six to twelve months, other AI labs will develop models with comparable capabilities. Some of those labs may release their models without the kinds of safeguards Anthropic is trying to build. OpenAI has already moved in this direction: following Mythos' launch, it released GPT-5.5-Cyber, its own cybersecurity-focused model, to a large group of testing partners.

This is the logic driving the Glasswing expansion: if powerful vulnerability-hunting AI is coming regardless, the best strategy is to use it to harden the most critical systems before adversaries get comparable tools. Each new partner in Glasswing must meet strict security requirements before receiving access. The model is used exclusively for defensive work — patch writing, pre-release security checks, penetration testing simulations, threat detection, and rebuilding legacy codebases in memory-safe languages.

India's Road to Glasswing: Weeks of Lobbying

India's path to Glasswing access was not automatic. When Anthropic launched the program in April 2026, no Indian firm was among the roughly 40 organizations in the initial cohort. That absence set off a coordinated push from both the government and the private sector.

The Takshashila Institution, one of India's leading independent think tanks, framed the stakes bluntly: India hosts over 2,100 Global Capability Centres for many of the same companies already in Glasswing, yet was being left to secure critical infrastructure serving 1.4 billion people without access to the tool best equipped for the job.

That argument landed. India's inclusion in the June 2026 expansion reflects both the diplomatic effort and the strategic logic that it would be counterproductive to protect American tech infrastructure while leaving the Indian firms that help build and maintain that same infrastructure exposed.

Who Else Is In the New Cohort

Anthropic has not released a comprehensive list of all 150 new Glasswing partners. But reporting from the Financial Times, TechCrunch, and CNBC has named several organizations that are either confirmed or reported to have received access in this wave:

The inclusion of NATO and ENISA is significant for different reasons. NATO's presence signals that Glasswing is increasingly operating at the level of collective defence infrastructure, not just commercial software. ENISA, as the EU's official cybersecurity authority, gives the European bloc a direct stake in the program just as Anthropic filed confidentially for its IPO — a filing that was itself announced the day before the Glasswing expansion.

What Mythos Actually Does — And What It Can't

It's worth being precise about what Claude Mythos Preview is, because the coverage has occasionally conflated what the model can do with what Anthropic's partners are doing with it.

Mythos is not a traditional antivirus or intrusion detection system. It doesn't monitor live traffic or respond to incidents in real time. What it does — and does better than virtually any prior tool — is read source code and identify exploitable vulnerabilities, including chains of vulnerabilities that individually look minor but can be combined for a serious attack. Early partners found it particularly effective at identifying "zero-day" flaws: bugs that have never been publicly disclosed and for which no patch exists.

Cloudflare, one of the initial Glasswing partners, told reporters that Mythos was especially adept at exploit chain construction — the process of stringing together multiple small weaknesses to achieve a larger compromise. That's the hard part of offensive security, and the fact that Mythos can do it at scale is both what makes it valuable for defenders and what makes Anthropic cautious about releasing it broadly.

What Mythos cannot do — at least within Glasswing's controlled framework — is operate offensively. Partners sign agreements restricting its use to defense. But the reason Anthropic is so careful about access is that the same underlying capability that makes it a brilliant vulnerability hunter also makes it a potent attack tool if misused. The model's availability outside of Glasswing remains zero, and Anthropic has said it intends to keep things that way until it can develop robust safeguards against misuse — safeguards it acknowledges don't yet exist.

Timeline: How Project Glasswing Has Unfolded

The Broader Geopolitical Picture

India's inclusion in Glasswing is not just a cybersecurity story — it reflects shifting dynamics in how advanced AI capabilities are shared along geopolitical lines. The initial Glasswing cohort was heavily weighted toward the US and, to a lesser degree, US allies. South Korea's Samsung, SK Hynix, and SK Telecom are now in. NATO is in. The EU's cybersecurity authority is in. India is in.

The countries that are not named in the current expansion are as informative as those that are. China is not a Glasswing partner. Russia is not. The program is, by design, built around a coalition of democracies and US-aligned economies that Anthropic and Washington trust to use the model defensively.

This alignment has practical consequences. Critical infrastructure increasingly crosses borders — Indian IT firms run code for European banks; South Korean chipmakers supply American defence contractors; NATO members share communications protocols. Leaving a major node in that network without access to Mythos-level defensive tools would create a vulnerability in the broader system, not just in India.

Anthropic's official statement captured this directly: its long-term goal is for AI to make all software more secure. The Glasswing expansion is one step toward that, but it also reflects the company's view that the window to set the terms of how powerful AI security tools are used — who gets access, under what conditions, for what purposes — is short, and closing.

What This Means for India's Cybersecurity Posture

For the Indian technology sector, Glasswing access matters on two levels. The immediate one is defensive capability: Indian firms that maintain critical infrastructure code can now use Mythos to find and fix vulnerabilities before they can be exploited. Given that a successful attack on some of these systems could affect more than 100 million people — Anthropic's own estimate — the practical benefit is significant.

The longer-term significance is structural. Being inside Glasswing means being inside the room where global norms around AI-assisted cybersecurity are being set. The conversations happening between Anthropic, the US government, NATO, ENISA, and now Indian entities will shape how the industry handles the broader question of AI capabilities that are too powerful for unrestricted release. India now has a seat at that table.

NASSCOM's letter to Anthropic made the argument that Indian exclusion created systemic risk. That argument was accepted. The lobbying campaign that MeitY and the Indian industry ran over a five-week period — from the April 7 launch to the June 2 expansion — is a reasonable model for how countries can engage with AI companies on issues of national and global security importance.