What is Project Glasswing?

Project Glasswing is Anthropic's closed research-preview program for Claude Mythos, its frontier cyber-capable model that scored 93% on SWE-Bench Verified Cyber. As of May 2026, approximately 50 vetted industry partners — primarily large US technology companies including Apple, Microsoft, and Amazon — have access. The stated purpose is defensive: use Mythos to scan and patch vulnerabilities in critical software infrastructure before adversaries find them. The European Union is largely excluded from the program; only Germany has reportedly opened bilateral dialogue with Anthropic.

What is OpenAI's EU GPT-5.5-Cyber program?

Announced May 11, 2026, OpenAI's EU access program grants European Union partners negotiated access to GPT-5.5-Cyber, OpenAI's specialized cyber-defense model. Unlike Project Glasswing's small US-tech-heavy cohort, OpenAI's program is explicitly designed as a sovereign-partner pathway — EU member states and EU-headquartered organizations can negotiate access terms with OpenAI. The terms cover data residency, logging retention, allowed use cases, and red-team obligations. The model is below Mythos on raw vulnerability-discovery capability but materially useful for defensive scanning at frontier scale.

Why is Anthropic restrictive while OpenAI is opening up?

Different risk theses. Anthropic's framing is that Mythos sits at the frontier on cyber capability and that broader release — including release to jurisdictions before they have established controls — increases offensive risk faster than defensive benefit. Project Glasswing is the smallest viable defensive distribution. OpenAI's framing is that GPT-5.5-Cyber's capability profile is meaningfully below Mythos and that controlled-access deployment to vetted sovereign partners strengthens defensive capacity faster than withholding does. The two positions are both defensible; they differ on capability and on judgment about dual-use risk.

Which one should an EU bank or critical-infrastructure operator use?

As of May 2026, EU buyers should default to OpenAI's GPT-5.5-Cyber pathway — it's the only currently negotiable access to a frontier cyber-defense model under EU-compatible terms. Mythos is effectively unavailable for EU procurement. The exceptions are organizations with a US parent or subsidiary that's already in Glasswing, who can sometimes route work through that entity. Watch the Anthropic–European Commission talks (Germany's bilateral dialogue is the canary); if a Glasswing-EU cohort opens, revisit. Multi-vendor cyber stacks remain the right default.

Quick Answer

Project Glasswing vs OpenAI EU Cyber Program (May 2026)

Published: May 12, 2026

Project Glasswing vs OpenAI EU Cyber Program (May 2026)

Anthropic and OpenAI have shipped two opposite distribution models for frontier cyber-defense AI. Project Glasswing keeps Mythos inside roughly 50 mostly-US tech partners. OpenAI’s new EU program opens GPT-5.5-Cyber to sovereign EU partners under negotiated terms. Same problem, opposite playbook. Here is the comparison buyers actually need.

Last verified: May 12, 2026

TL;DR

	Project Glasswing (Anthropic)	OpenAI EU Cyber Program
Underlying model	Claude Mythos	GPT-5.5-Cyber
Frontier-cyber capability	Higher (93% SWE-Bench Verified Cyber)	High, below Mythos
Distribution philosophy	Withhold + narrow	Controlled-access + sovereign
Partner count	~50	Open, negotiated per-partner
EU access	❌ (Germany dialogue only)	✅ Confirmed May 11, 2026
Primary geography	US tech	EU + future sovereign partners
Public availability	Closed	Closed but expandable
Risk framing	Too dangerous for broad release	Controlled defensive distribution

What each program actually is

Project Glasswing (Anthropic)

Launched in research-preview form alongside Anthropic’s “cyber moment of danger” framing in April 2026. Selected partners — approximately 50 organizations, predominantly large US technology companies — get access to Claude Mythos to use defensively: scan and patch vulnerabilities in critical software they own or operate. Known or rumored participants include Apple, Microsoft, and Amazon. The program is closed; there is no general-availability path and no published application process beyond direct outreach.

Anthropic’s rationale: Mythos’s capability ceiling makes broad release a net offensive risk. A small defensive cohort can absorb the capability without the model leaking laterally.

OpenAI EU GPT-5.5-Cyber Program

Announced May 11, 2026. EU partners can negotiate access to GPT-5.5-Cyber, OpenAI’s tuned cyber-defense variant. Terms are negotiated per partner: data residency, retention, allowed use cases, red-team obligations. The European Commission has been in talks with OpenAI for months; the May 11 announcement formalized the program.

OpenAI’s rationale: GPT-5.5-Cyber is below Mythos on the most dangerous capabilities, which makes broader controlled distribution defensible. Strengthening EU defensive capacity directly reduces shared risk faster than withholding.

Side-by-side: how the programs actually differ

Access surface. Glasswing: ~50 vetted entities, mostly US tech. EU Cyber: open to EU partners, sovereign and commercial, negotiated terms. Glasswing is structurally smaller and structurally US-anchored.

Capability profile. Mythos is materially more capable on cyber benchmarks. GPT-5.5-Cyber is below Mythos but materially capable. Both are frontier; the gap matters at the margin for advanced research, less so for day-to-day defensive scanning.

Terms. Glasswing terms are not publicly enumerated. EU Cyber terms are publicly framed as sovereign-partner-style — data residency where feasible, logging, red-team integration. EU Cyber is the more transparent program.

Defensive vs offensive guardrails. Both programs are framed as defensive-only. Both vendors run usage policies and red-team programs. Public information on either side does not allow a verdict on which is stricter in practice.

Geopolitical fit. Glasswing reads as “trusted US defensive cohort.” EU Cyber reads as “controlled sovereign expansion.” If your threat model is nation-state actors with peer capability, the geopolitical fit of your model vendor matters; both choices have implications.

Procurement friction. Glasswing: low friction if you’re already in; impossible if you’re not. EU Cyber: medium friction; negotiated terms take weeks, but the door is genuinely open.

What this means for EU buyers

Financial services (DORA-scoped). GPT-5.5-Cyber EU program is the realistic frontier-cyber access for European banks. DORA requires ICT third-party diligence; OpenAI’s EU program is structured to fit. Mythos via Glasswing is effectively out of reach unless you have a US partner.

Public sector and defense. Both programs are reachable through bilateral dialogue. Germany’s Anthropic dialogue is the template for member-state-level Glasswing access. Member states should consider both lanes; sovereignty considerations argue for parallel pilots.

Critical infrastructure (energy, telecom, healthcare). GPT-5.5-Cyber via the EU program is the obvious near-term path. Glasswing access via a US partner or subsidiary is possible for some operators. Multi-vendor remains correct: don’t anchor critical defensive capacity to a single closed program.

SaaS / cloud-native EU companies. GPT-5.5-Cyber EU program is the realistic frontier option. Open-weights cyber-tuned models (Qwen, DeepSeek, GLM cyber variants) are catching up and worth pilot evaluation as a sovereignty hedge.

What this means for US buyers

Already in Glasswing. Use Mythos for the workloads where its capability gap matters: novel-vulnerability discovery, complex multi-step exploit analysis, deep code-review at scale. Keep GPT-5.5-Cyber as a second-source for portfolio resilience.

Not in Glasswing. Use GPT-5.5-Cyber. The capability gap is smaller than the access gap. Build for vendor swappability.

Federal and defense contractors. Both programs have plausible procurement paths through sovereign-equivalent channels. The classified-environment story is more developed at OpenAI than at Anthropic for some buyers; the inverse for others. Vet on contract-by-contract terms.

Why the asymmetry matters strategically

These two programs are the cleanest live test of competing AI-safety policy hypotheses.

Glasswing hypothesis: Frontier cyber capability is best contained in the smallest viable defensive cohort. Broader distribution increases offensive risk faster than defensive benefit.
EU Cyber hypothesis: Frontier cyber capability is best distributed under negotiated sovereign terms. Broader controlled distribution strengthens collective defense faster than withholding does.

Over the next 6–12 months, the empirical question is: do incidents traceable to misuse appear more often in the Glasswing or the EU Cyber distribution? Either answer carries real consequences for next-generation distribution decisions.

Practical: how to actually get access

Project Glasswing. Direct outreach to Anthropic’s enterprise sales / policy team. Not advertised; relationship-mediated. Realistic only for organizations operating critical software infrastructure at scale.

OpenAI EU GPT-5.5-Cyber program. Engage OpenAI’s EU policy team and your national competent authority under the AI Act. Negotiations are happening in tranches; expect 6–12 weeks for an agreement to be ready.

Open-weights backup. Stand up a self-hosted cyber-tuned open-weights model (current best-of-breed: GLM 5.1, DeepSeek V4-Pro, Qwen 3.6 cyber-tuned variants) as a sovereignty hedge regardless of which closed-program you join.

What to watch next

Whether Glasswing opens a non-US cohort. Germany’s dialogue with Anthropic is the leading indicator.
Specific EU Cyber program terms. Data residency commitments, audit obligations, red-team integration.
Mythos vs GPT-5.5-Cyber capability gap closure. If GPT-5.5-Cyber gets a capability bump that closes the gap, the asymmetry in distribution philosophy becomes structurally less defensible.
Any documented incident. This conversation reshapes within days if a major incident is attributed to either model.
EU AI Act enforcement actions. The May 7, 2026 omnibus deal changes implementation; cyber-specific obligations are still being interpreted.

Sources

CNBC, “OpenAI to give EU access to new cyber model; Anthropic still holding out on Mythos” (May 11, 2026)
techresearchonline.com, “OpenAI Grants EU Access to GPT-5.5 Cyber AI Model” (May 11, 2026)
Politico, “Google says hackers used AI to develop a major security flaw” (May 11, 2026)
Schneier on Security, “On Anthropic’s Mythos preview and Project Glasswing” (April 2026)
CSO Online, “European authorities without access to Anthropic’s AI for hacking”
Just Security, “Too Dangerous: Anthropic Mythos”
Stibbe, “Mythos and the rise of AI-driven cyber threats under DORA”
Bloomberg Law, “EU monitoring Anthropic’s Mythos security implications”
PYMNTS, “OpenAI offers EU access to new cyber model as Anthropic talks continue”

Last verified: May 12, 2026.

Project Glasswing vs OpenAI EU Cyber Program (May 2026)

TL;DR

What each program actually is

Project Glasswing (Anthropic)

OpenAI EU GPT-5.5-Cyber Program

Side-by-side: how the programs actually differ

What this means for EU buyers

What this means for US buyers

Why the asymmetry matters strategically

Practical: how to actually get access

What to watch next

Sources

Related reading