Project Glasswing keeps adding names. Two weeks ago, the program expanded to power grids, hospitals, and water systems. Today it has a named enterprise data security partner with a production deployment commitment.
Cohesity is reporting that it has received restricted access to Claude Mythos Preview through Project Glasswing, with an intended use case of shortening the window between vulnerability discovery and patch deployment. According to Cohesity CEO Sanjay Poonen, Mythos Preview’s cyber-reasoning capabilities are the mechanism for that compression. The company has also committed to sharing vulnerability findings with the broader Project Glasswing partner network, per its own announcement. That sharing commitment is Cohesity-stated, no Anthropic program documentation confirming it as a requirement was available in ‘s source material.
The significance isn’t the vendor relationship. It’s the deployment pattern. Claude Mythos Preview is a restricted model, not publicly available, not commercially licensed in the standard sense. The fact that Anthropic is granting access to a data security company with Fortune Global 500 coverage for a specific vulnerability management use case signals that Mythos Preview is being used operationally, not just tested. That’s a meaningful threshold for a restricted frontier model.
Don’t expect a complete capability picture. Mythos Preview’s specifications aren’t publicly confirmed. ‘s source material ruled out using the 1 million token context window figure from the broader Claude 4.x family as a confirmed specification for this restricted variant, it’s plausible but unverified for Mythos Preview specifically. Vendor claims about automated vulnerability scanning, validation, and patch generation are Cohesity’s stated intentions, not demonstrated production results. The gap between “we intend to use this model to reduce patch latency” and “this model reduced patch latency by X days” is the one to watch.
For security teams evaluating AI-assisted vulnerability management, this is the reference case to track. Prior coverage of who controls Mythos access provides useful context for evaluating how Cohesity’s Glasswing participation fits into Anthropic’s broader restricted deployment architecture.
What to watch
the Regulation pillar has a pending flag on this. If CISA or the EU AI Office issues guidance on restricted cyber-reasoning model governance, the compliance implications of enterprise Mythos Preview deployments shift. Security teams adopting or evaluating AI-assisted vulnerability management should have that regulatory thread on their radar.
The enterprise security AI market is fragmenting fast between vendors with restricted frontier model access and those without it. Cohesity now has it. That’s the signal worth tracking, independent of any single capability claim.