BT Group has signed on to Anthropic’s Project Glasswing, a cybersecurity initiative that uses advanced AI to hunt for vulnerabilities across critical infrastructure. The British telecom giant is the first UK company to join the program, gaining early access to Anthropic’s Claude Mythos Preview model to scan and secure its networks and customer systems.

The announcement came on June 8, 2026, at the UK Government’s AI Adoption Summit. BT CEO Allison Kirkby used the stage to frame the move as a strategic commitment to fortifying defenses across UK telecommunications.

What Project Glasswing actually does

The initiative deploys Anthropic’s Claude Mythos model to automatically scan massive codebases for security flaws, operating at a scale and speed that traditional vulnerability assessments simply cannot match.

Since its launch in early April 2026, the project has already uncovered more than 10,000 high- or critical-severity vulnerabilities within the codebases of participating organizations. That is not a typo. Ten thousand serious security flaws, the kind that could be exploited by attackers to breach systems, steal data, or disrupt services, found by a single AI model working across multiple enterprises.

Access to the Claude Mythos model is tightly controlled, and for good reason. The model’s capabilities cut both ways. The same AI that can identify defensive weaknesses could theoretically be used offensively, which is why Anthropic is restricting who gets to use it and under what conditions.

From 50 to 200 organizations in two months

Project Glasswing did not start with BT. When Anthropic launched the initiative in April 2026, roughly 50 major organizations were on board. The early roster included names like AWS, Apple, and Google.

By June 2026, the project had expanded dramatically. Approximately 150 additional organizations across more than 15 countries joined, bringing the total participant count to around 200.

BT’s entry into the program is notable not just because of the company’s size, but because of what it represents geographically. As the first UK telecom to participate, BT is effectively serving as a test case for how AI-driven vulnerability scanning can be applied to the country’s communications backbone.

Kirkby chose a government summit to make the announcement, signaling that this is not just a corporate technology decision but part of a broader national conversation about how the UK secures its digital infrastructure.

Why this matters beyond telecom

The 10,000-plus critical vulnerabilities identified so far across Project Glasswing’s participants suggest the model is delivering on that promise of processing and analyzing code at a pace that no human team can replicate.

The controlled access model also raises questions about competitive dynamics. With only around 200 organizations currently participating, companies inside Project Glasswing have a meaningful advantage over those outside it, getting their codebases scanned by an AI vulnerability detection tool while competitors rely on older methods.

Concentrating vulnerability data from 200 major organizations inside a single AI system creates its own security concerns. If the project’s findings were ever compromised, an attacker would have a roadmap to critical flaws across some of the world’s most important infrastructure. Anthropic’s tight access controls are clearly designed to mitigate that risk.