Anthropic Limits on OT Access to Mythos Draw Criticism
Data Breach TodayArchived Jun 13, 2026✓ Full text saved
More OT Companies Ushered Into Project Glasswing Anthropic has finally lifted the velvet rope and allowed a small handful of operational technology companies to join Project Glasswing, its invitation-only club whose members get access to Mythos, the most cyber-capable of the frontier lab's large language models.
Full text archived locally
✦ AI Summary· Claude Sonnet
Artificial Intelligence & Machine Learning , Governance & Risk Management , Next-Generation Technologies & Secure Development
Anthropic Limits on OT Access to Mythos Draw Criticism
More OT Companies Ushered Into Project Glasswing
Shaun Waterman • June 12, 2026
Credit Eligible
Get Permission
Image: Shutterstock
Anthropic has finally lifted the velvet rope and allowed a small handful of operational technology companies to join Project Glasswing, its invitation-only club whose members get access to Mythos, the most cyber-capable of the frontier lab's large language models.
See Also: Edge Transformation: Top 5 SASE Predictions and Trends
OT equipment manufacturer Hitachi and OT security companies Tenable and Dragos each announced their participation in Glasswing in statements last week, as did other companies and governments (see: Europe Edges Closer to Claude Mythos Access).
No comprehensive list has been released of the "approximately 150" additional organizations Anthropic said June 2 it had admitted.
Critics in the OT security community accused Anthropic of trying to pick winners and losers in the sector, and told ISMG the company was using Glasswing as a marketing funnel to help generate the billions in revenue it needs as it races its biggest competitor OpenAI to launch on the stock market via an initial public offering this year.
"Anthropic and OpenAI desperately need customers to be locked into consistent token burn," said Adrian Sanabria, an independent security researcher who coined the term "vulnmaxxing" to describe the frontier labs' efforts to use cybersecurity as the killer app for their LLMs. "The vulnerability management 'find/fix' loop is a huge opportunity for them if they can convince companies that AI is the only way to keep up" with a looming tsunami of AI-discovered software vulnerabilities that some have called the vulnpocalypse.
Anthropic did not respond to multiple requests for comment. Tenable and Hitachi declined to comment or to address a series of questions from ISMG.
In an exclusive interview, Dragos Founder and CEO Rob M. Lee told ISMG the company was using Mythos "against our own tech stacks, looking at the Dragos platform to see if we find any vulnerabilities there … that maybe adversaries could exploit."
About 15 to 20 vulnerability hunters who had already been using other LLMs in their work were being redirected to work with the new Mythos tool, Lee said. Dragos had been granted a share of the $100 million worth of tokens Anthropic donated to Project Glasswing, and so the model access "doesn't cost us anything," he added.
Lee said any vulnerabilities found in open-source components within the Dragos platform would be reported through usual coordinated disclosure procedures. But he expected the most interesting sharable takeaways to be "insights into what we should expect to see adversaries doing later inside of OT environments" once they got access to more advanced publicly available LLMs as well.
Dragos, like its competitors, was already collecting data about how threat groups were using LLMs in attacks, which would be enriched by the experience of using Mythos.
"These insights will be helpful to the broader OT community, and obviously our intel team likes knowing how these models can be used by adversaries," Lee said.
He pushed back against charges that Anthropic should have moved more swiftly to expand access to Glasswing, saying it was his impression they were moving as fast as they could. But he called on the lab to offer membership to more of his competitors.
"The more of us that get that early access before adversaries have access to these models, the better for everybody. I can't speak for them [Anthropic] and I don't know who they're choosing or why," but Lee said there was "a large cost" to onboarding new members and giving them access to the credit pool.
"They're moving as fast as they can as a young team," Lee concluded.
The limits on OT access create a "have and have-not situation," said one cyber executive not authorized by their employers to speak to the media.
"You know they will be using it as a 'Good Housekeeping' seal of approval," the executive said of one of the security and OEM players granted access to Mythos, saying it would grant them a "market advantage."
The executive highlighted the fact that the first round of Glasswing members included cash-rich hyperscalers with their own highly developed LLMs, but three of the top five most targeted vendors by ransomware gangs - Sonicwall, Fortinet and Citrix - were still not on Anthropic's list.
"This is just a very exclusive, 'wouldn't you like to know?' triage thing that's going on right now with the people who are on the inside," the executive said.
"They dug firebreaks, they laid down hoses, but it was all to protect one house," the executive said. Companies that were granted access were understandably trying to protect their own products, but not paying attention to the bigger picture.
Lee said that access to Mythos did not provide any market advantage to Dragos and disagreed that Anthropic was picking winners and losers.
"It's important for a wide variety of players to start being able to leverage these models so they can make their own products better," Lee said. Dragos was already using LLMs to do vulnerability discovery before its admission into Glasswing. "I don't think it's a competitive advantage. I view it as just another data point that we've all got to deal with, and I look forward to the program expanding."
The real problem, said Joshua Corman, executive in residence for public safety and resilience at the Institute for Security and Technology and organizer of next week's Critical Effect conference in Washington, DC, is that access to Mythos or Daybreak isn't enough on its own to solve the problem for OT owners and operators or security practitioners.
"AI-fueled vulnerability weaponization is much further along than AI-fueled patch generation and application," Corman said. And even having a patch available is often not a solution, especially in OT, where maintenance windows are limited, refresh cycles can run to years and software stability can be a safety issue.
Corman, who as a CISA official supported Operation Warp Speed, the push for a novel coronavirus vaccine in record time, compared the Mythos process to vaccine development. "Writing the patch is developing the vaccine. On its own, it doesn't make anyone safer … the shot has to get into grandma's arm. The patch has to be applied."
That final stage is the key one for securing critical infrastructure across America, Corman said, especially in sectors like water where so many operators were below the cyber poverty line - meaning they lack the resources to address the threat they face.
Granting more OT OEMs like Hitachi access to Mythos was the right thing to do, Corman said, but on its own, it won't help the long tail of users stuck with legacy, unsupported versions of equipment software and lacking the resources to renew them.
As adversaries get better at weaponizing more cyber capable publicly available models, organizations below the cyber poverty line are "going to get hit hard, because there's no patch coming, and even if there was a patch coming, they wouldn't be able to deploy it in time," Corman said. "We need different advice for down-market," like less connectivity, manual operations drills and engineering solutions that sealed off worst consequence events.
Because of the challenges of patching and other remediation - downtime risk, validating plant level safety impact and creating maintenance access where some doesn't exist - the technical benefits of access to Mythos were likely to be limited for OT, argued Munish Walther-Puri, head of critical digital infrastructure for high-end cyber consultancy TPO Group.
But that wouldn't stop the market impacts from being profound.
"The commercial advantages may be larger than the technical ones," Walther-Puri said. "That access [to Glasswing] signals sophistication, trust proximity to the frontier capability, and depending on how long that gate is kept closed to the other players, it could shape procurement decisions where buyers really care about vendor maturity and security posture."
He said that incumbency bias towards large players "who can absorb the integration, governance and legal overhead of participation" in Glasswing could "create ecosystem gravity around certain participants over others."
For newer or smaller players, "Being seen as a Mythos partner can influence customer trust, partnership opportunities and investor confidence," Walther-Puri said.