Before the Executive Order, There Was Glasswing

On Tuesday, June 2, the White House signed an executive order, Promoting Advanced Artificial Intelligence Innovation and Security, defining a federal category of "covered frontier model," establishing a classified benchmarking process led by the National Security Agency to identify which models qualify, and creating a voluntary 30-day window for the federal government to access those models before their developers release them to other trusted partners.^[1] The same day, Anthropic announced the expansion of Project Glasswing to roughly 150 new organizations across more than 15 countries.^[5] Glasswing started April 7.^[3]

The executive order did not create a new regime. It ratified the one Anthropic had been operating, in private, for two months.

What the executive order actually says

The order, signed June 2 under the title Promoting Advanced Artificial Intelligence Innovation and Security, does not define "covered frontier model" itself. Section 3 instead tasks the Director of NSA, in consultation with the National Cyber Director, the Assistant to the President for Science and Technology, the Director of CISA, and representatives of the Department of War, with developing and maintaining a classified benchmarking process to assess the advanced cyber capabilities of AI models and determine the threshold at which a model is designated a covered frontier model.^[1]

Section 3(b) instructs those agencies to "design a voluntary framework with AI developers" under which the developer would "provide the Federal Government with access to covered frontier models for a period of up to 30 days before they plan to release such models to other trusted partners."^[1] The window is not a pre-public-release window. It runs ahead of the moment a developer shares the model with its existing partner network.

Section 3(c) carries the hedge: "Nothing in this section shall be construed to authorize the creation of a mandatory governmental licensing, preclearance, or permitting requirement for the development, publication, release, or distribution of new AI models, including frontier models."^[1] Section 2(d) directs CISA, in voluntary collaboration with industry and operators of critical infrastructure, to form an AI cybersecurity clearinghouse that coordinates vulnerability scanning, validation, and patch distribution.^[1] The accompanying fact sheet contrasts the order's "hand-in-hand" partnership model with the prior administration's "top-down regulatory approach."^[2]

What Project Glasswing already was

Anthropic launched Project Glasswing on April 7, 2026, alongside an unreleased frontier model, Claude Mythos Preview.^[3] The launch partners were Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, alongside Anthropic itself, with access extended to over 40 additional organizations that build or maintain critical software infrastructure.^[3] The initial cohort totaled roughly 50 institutions.^[8]

The Mythos Preview model was not made generally available. Anthropic stated, in the launch announcement, "We do not plan to make Claude Mythos Preview generally available."^[4] Access was conditioned on a defensive use case, restricted to named partners, and capped by Anthropic's own discretion. Anthropic committed up to $100 million in usage credits for the program and $4 million in direct donations to open-source security organizations.^[3]

In structure, this was a voluntary, capability-restricted, partner-only disclosure regime around an unreleased frontier model, organized around its cyber capabilities. That is, in form, the framework the executive order specifies - announced eight weeks before the federal government put it on paper.

The capability that makes the regime real

Anthropic's published benchmarks for Claude Mythos Preview place it ahead of the company's prior frontier model, Opus 4.6, on every published comparison: 93.9% versus 80.8% on SWE-bench Verified, 94.6% versus 91.3% on GPQA Diamond, and 83.1% versus 66.6% on CyberGym, the cybersecurity vulnerability reproduction benchmark.^[4] The 16.5-point margin on CyberGym is the number that makes Glasswing's premise load-bearing rather than aspirational.

Anthropic frames the capability directly: Claude Mythos Preview, the company writes, "can surpass all but the most skilled humans at finding and exploiting software vulnerabilities."^[4] The Glasswing announcement reports that Mythos Preview has already found thousands of high-severity vulnerabilities in every major operating system and every major web browser, with examples that include a 27-year-old vulnerability and a 16-year-old vulnerability.^[4] Korean reporting on the same model adds a separate count: more than 10,000 high-severity or critical vulnerabilities surfaced within weeks of partner access.^[8]

The withholding from general availability is the lever. A model that anyone can call through an API does not need a voluntary partnership program to deploy. A model that Anthropic restricts is reachable only through Glasswing. The terms of access are set by the lab that controls the model. Federal preclearance is unnecessary because the lab has already preclaimed access.

What Tuesday changed

On June 2, Anthropic announced that Project Glasswing was adding approximately 150 new organizations, based in more than 15 countries.^[5] The new partner mix names five sectors: power, water, healthcare, communications, and hardware.^[5] Anthropic's own framing for the selection was scale of consequence: "For most partners, we estimate that a major attack could affect more than 100 million people, with important ramifications for both global and national security."^[5]

South Korea joined the same day. Access flows through the Ministry of Science and ICT to the Korea Internet and Security Agency, the state-run agency responsible for cyber incident response and digital security.^[8] The participation is a state-level commitment, not a private contract, and Korean reporting indicates that Samsung Electronics, SK hynix, and SK Telecom are expected to be added as private partners under the same expansion.^[8]

Anthropic also disclosed forward priorities: additional essential-infrastructure providers, maintainers of critical open-source software, and safety testers, alongside a Cyber Verification Program that would grant Mythos-class capabilities to organizations for specific cyber-defense tasks.^[5] By Tuesday afternoon, the program was operating across borders the executive order does not extend to. The federal cybersecurity clearinghouse the order directs CISA to stand up has a private-sector operating analog already at scale.

The five-day window

The Glasswing expansion did not land alone. On May 28, Anthropic closed a $65 billion Series H at a $965 billion post-money valuation, the highest private valuation recorded for an AI company; the round disclosed a $47 billion revenue run-rate reached earlier in May, with strategic infrastructure participation from Micron, Samsung, and SK hynix alongside the financial leads.^[6] On June 1, Anthropic filed a confidential draft Form S-1 with the U.S. Securities and Exchange Commission, signaling intent to pursue an initial public offering on terms not yet disclosed.^[7] On June 2, the executive order and the Glasswing expansion landed together.^[1]^[5]

What the convergence of those five days amounts to is a question of valuation as much as policy. A company preparing for a public offering has reasons to make its federal role legible. A voluntary program that a sovereign state has joined and that a presidential order has structurally ratified is worth more on an S-1 than one that exists only in a lab's own announcement. Whether the timing was coordinated or simply opportune, the effect is the same: Anthropic entered its IPO registration as the de facto operating partner for a federal cyber-defense function the government is only now drafting rules for.

The risk in the reading

The structural fit between Glasswing and the executive order is the post's claim. Causation is not. The order does not name Anthropic, does not name Glasswing, and does not cite an existing voluntary disclosure program as a model. Federal cybersecurity policy has been moving toward voluntary frameworks since the rescission of Executive Order 14110 on January 20, 2025; convergence on a known design is plausible without direct authorship.^[9]

The capability claims rely on Anthropic's own data. The CyberGym 83.1% score, the SWE-bench and GPQA Diamond scores, the zero-day counts, and the 100-million-person impact framing are all reported by the lab.^[4]^[5] Member firms have not, as of writing, independently disclosed the volume of vulnerabilities Mythos found in their own codebases.^[10] South Korea's participation is a single state-level commitment, not a treaty, and the executive order's voluntary framework remains, on its own face, voluntary.

The open question is what this arrangement looks like at scale and under shareholder scrutiny. The Cyber Verification Program, the expected addition of Samsung and SK hynix, and the forward expansion into open-source software maintainers all point toward a program that intends to grow. A soon-to-be-public company operating a function the state has outsourced in everything but name will face a different set of pressures than a private lab running a pilot. That tension is where the story goes next.

Industry