India joined Project Glasswing on June 12, 2026, marking its entry into an elite global cybersecurity alliance led by Anthropic PBC. Through this partnership, the country gains exclusive access to Claude Mythos AI, a restricted and highly advanced model designed to autonomously identify critical software vulnerabilities. This strategic move aims to fortify India’s essential digital infrastructure against the rising tide of sophisticated, AI-augmented cyber threats.
What is Project Glasswing and Claude Mythos AI?
Project Glasswing is a global cybersecurity initiative launched in April 2026 by Anthropic PBC, an American AI safety and research company headquartered in San Francisco. The program is designed to provide vetted national defenders and security organizations with a “defensive head start” against the inevitable rise of AI-augmented cyberattacks. By pooling resources and intelligence, the initiative seeks to identify and patch critical software flaws before they can be exploited by malicious actors.
At the heart of this initiative is Claude Mythos Preview, a frontier AI model that is strictly restricted from public release due to its advanced cyber-capabilities. Unlike commercial AI models that have hardcoded guardrails against performing cyber-tasks, Mythos is specifically tuned for vulnerability research. It can autonomously discover zero-day vulnerabilities across various operating systems and complex web browsers, reasoning across massive codebases to find how multiple minor weaknesses can be chained into a critical exploit.
| Feature | Claude Mythos Capability |
|---|---|
| Vulnerability Discovery | 10x increase in bug discovery rate compared to human-led scans |
| Validation Accuracy | 90% validation rate for flagged vulnerabilities |
| Model Status | Restricted “Preview” model (not for public use) |
| Primary Goal | Autonomous discovery of zero-day exploits |
Strengthening India’s Critical Digital Infrastructure
India’s decision to join the initiative comes at a time when the nation is rapidly expanding its Digital Public Infrastructure (DPI) and managing a trillion-dollar digital economy. By gaining access to Claude Mythos, Indian cybersecurity agencies can proactively scan and secure the foundational software that powers essential services such as power grids, water management systems, healthcare networks, and banking portals.
The Indian Computer Emergency Response Team (CERT-In), which is the national nodal agency for responding to computer security incidents under the Ministry of Electronics and Information Technology (MeitY), is expected to play a central role in utilizing these AI capabilities. Formed in 2004, CERT-In will use the model to perform deep-level audits of critical codebases used in government and infrastructure sectors. This proactive scanning is vital because the scale of modern software makes it nearly impossible for human teams alone to find every vulnerability before state-sponsored or criminal groups do.
Synergy with the National Cybersecurity Strategy 2026
The integration into Project Glasswing aligns perfectly with the National Cybersecurity Strategy 2026, which was launched earlier this year to transition India from a reactive to a proactive defensive posture. The strategy emphasizes a “whole-of-nation” approach, requiring closer coordination between the National Cyber Coordination Centre (NCCC), CERT-In, and various state-level security units.
Key pillars of this strategy that benefit from AI-driven discovery include:
- Critical Infrastructure Hardening: Ensuring that all hardware and software used in essential sectors meet rigorous security standards.
- Supply Chain Transparency: Expanding the Software Bill of Materials (SBOM) and Hardware Bill of Materials (HBOM) to include AI and cloud components.
- Incident Response Time: Supporting the mandatory requirement for entities to report significant cybersecurity incidents to CERT-In within six hours.
To support these ambitious goals, the Union Budget 2025-26 allocated ₹782 crore specifically for cybersecurity initiatives, highlighting the government’s commitment to building a resilient digital ecosystem.
Navigating the Risks of Cyber-Capable AI
While the benefits of AI-driven defense are clear, the technology also presents significant ethical and safety challenges. Claude Mythos is described as a “dual-use” technology because the same capabilities that allow it to find and patch bugs for defenders could theoretically be used by attackers to discover and exploit vulnerabilities at scale. This is why Anthropic has implemented a Responsible Scaling Policy, gating access behind a rigorous Cyber Verification Program that only includes trusted national and corporate partners.
Some security experts have expressed concern that the rapid discovery of thousands of vulnerabilities could create a “backlog of risk” if the corresponding process of patching and disclosure does not keep pace. To mitigate this, participating nations like India must ensure that their software maintainers and infrastructure providers have the resources to quickly act on the intelligence provided by the AI.
The Way Forward: Accelerating Cyber Resilience
The partnership with Project Glasswing is just one part of India’s broader push toward technological sovereignty and resilience. As the country moves toward adopting Post-Quantum Cryptography (PQC) and Zero-Trust architectures, the ability to scan for vulnerabilities at machine speed will be indispensable. Moving forward, the focus will shift from the mere discovery of flaws to the synchronized verification, disclosure, and remediation of vulnerabilities across the national digital landscape.
Key Takeaways
- India joined Project Glasswing, a global cybersecurity initiative led by Anthropic PBC, on June 12, 2026.
- The partnership provides access to Claude Mythos AI, a restricted model capable of autonomously discovering zero-day vulnerabilities.
- The initiative aims to safeguard critical digital infrastructure in sectors such as power, healthcare, banking, and telecom.
- CERT-In, established in 2004, will be the nodal agency for utilizing these AI-driven cybersecurity capabilities.
- The move aligns with the National Cybersecurity Strategy 2026, which received a budget allocation of ₹782 crore in the 2025-26 Union Budget.
- Anthropic PBC is headquartered in San Francisco and operates under a Responsible Scaling Policy to manage “dual-use” risks.
