When a private AI company decides which nations get access to its most capable security-oriented model, it is making geopolitical choices — whether it calls them that or not. Anthropic's expansion of Project Glasswing, which extends access to its Mythos model to roughly 150 organizations across more than fifteen countries, is being packaged as a cybersecurity initiative. Read the access list and it looks considerably more like an alignment-of-allies exercise.

The foundational tier of the rollout tracks almost perfectly with the Five Eyes intelligence alliance — Canada, Australia, and New Zealand joining the United States at the core. From there, the expansion moves into key NATO economies: France, Germany, Italy, and Switzerland are among the European entrants. India's inclusion is the headline addition, representing a significant expansion beyond the traditional Anglophone-and-Western-Europe axis that has defined most sensitive technology-sharing arrangements since the Cold War.

What is Mythos, exactly, beyond Anthropic's marketing? The model is described internally as purpose-built for offensive and defensive cybersecurity tasks at a capability level that sits above what the company's standard Claude models can do. That means vulnerability discovery, code analysis, and — critically — the kind of reasoning about adversarial attack surfaces that security teams at nation-state level actually need. It is not a chatbot with a firewall bolted on. The compute cost alone, by internal accounts, is described as staggering relative to standard inference workloads, which is part of why access has been rationed to vetted institutions rather than offered commercially.

The friction in the rollout is real and already visible. In Australia, corporate users who expected access under the expanded program have been left waiting, with no clear timeline communicated to organizations that believed they had been approved. That gap between announcement and delivery is a pattern worth watching — Anthropic is managing expectations across sovereign governments and private enterprises simultaneously, and those two audiences have very different tolerances for ambiguity.

India's inclusion carries weight that neither Anthropic nor New Delhi is likely to overstate publicly, but both understand privately. India operates one of the world's largest and most targeted digital infrastructures — its government systems, financial networks, and critical industrial controls face a persistent and sophisticated threat environment, with documented intrusion campaigns linked to state-level actors. Access to a model explicitly designed to reason about those threats is not a symbolic gesture. It is a capability transfer, and it arrives at a moment when India's strategic alignment with Western technology frameworks is deepening across multiple fronts.

The timing of the broader rollout has not gone unnoticed in prediction markets and among AI researchers tracking Anthropic's product trajectory. Glasswing's expansion to 150 organizations in a structured, staged access program closely mirrors the rollout architecture companies typically use before a broader commercial or semi-public release. A July window for some form of expanded Mythos availability has circulated in forecasting communities, and the logic is credible: controlled institutional deployment generates safety data, stress-tests the model against real adversarial conditions, and builds the policy relationships Anthropic will need when regulators start asking hard questions about dual-use AI.

That dual-use question is the one that the official framing conspicuously avoids. A model that can identify vulnerabilities in critical infrastructure at speed and scale does not become safe simply because the organizations currently holding it are allied governments and vetted enterprises. The same capability that helps a French energy utility harden its grid can, in different hands with different intentions, help someone else probe it. Anthropic has not publicly addressed how it intends to manage the model's operational security — what happens when a vetted organization is itself compromised, or when staff move between employers, or when one of the fifteen-plus countries in the program shifts its political orientation.

What is confirmed: the expansion is real, the access list exists, and the model is being deployed at institutional scale outside the United States for the first time. What is not confirmed: whether the safety architecture surrounding the deployment is commensurate with the capability being distributed, who specifically inside each participating government controls access, and whether any of the 150 organizations have signed binding restrictions on how Mythos outputs can be used or shared. Those are not paranoid questions. They are the questions a responsible technology reporter — or a responsible regulator — should be demanding answers to before the next expansion announcement lands.