Summary
- BT says it is the first UK company to confirm membership of Anthropic’s Project Glasswing.
- The project gives selected critical infrastructure organisations access to Claude Mythos Preview to identify and fix vulnerabilities.
- The move links frontier AI capability to telecoms resilience, managed security services, and defensive cyber operations.
BT has joined Anthropic’s Project Glasswing, becoming the first UK company to confirm membership of the AI cyber defence initiative and gaining access to Claude Mythos Preview for controlled defensive security work.
Project Glasswing is Anthropic’s programme for selected critical infrastructure providers and security partners. It gives trusted organisations access to frontier AI capabilities designed to identify software vulnerabilities and help defenders fix them before criminals can exploit them.
BT announced its participation during the UK government’s AI Adoption Summit. The company says the move will strengthen cyber protection for its networks and customers, while helping defend against AI-enabled threats. It says it prevents four million cyber attacks across its networks every day.
Anthropic launched Project Glasswing after Claude Mythos Preview showed advanced cyber capabilities. The company says initial partners have used the model to identify more than 10,000 high- or critical-severity security flaws. Access remains restricted because the same vulnerability discovery capabilities that help defenders can also create offensive risk if released without strong safeguards.
BT’s involvement shows AI security entering a more sensitive phase. Cybersecurity teams have long used automation, threat intelligence, and machine learning, but frontier models able to reason through code, vulnerability chains, and exploit paths change the speed and scale of defensive work.
Telecoms networks are an obvious test bed for that shift. Communications infrastructure supports payments, emergency services, public administration, enterprise cloud access, logistics, media, and remote work. A serious vulnerability inside that environment can reach beyond one company’s IT estate and create wider economic and public-service disruption.
BT’s role is twofold. It must protect its own critical networks, while also selling managed security services to customers facing similar threats. Project Glasswing therefore sits alongside the company’s existing cyber operations and recent work with Accenture on advanced AI-powered cyber defence.
The governance problem is difficult. If frontier AI systems can discover vulnerabilities at a scale and depth that materially exceed existing tools, defenders need access before attackers do. Wider release of the same capabilities, however, could increase offensive cyber risk. Controlled-access programmes offer one route through that dilemma, although they raise questions about who qualifies, how usage is monitored, and whether smaller organisations are left without comparable defensive capability.
Enterprise security teams should not read this as a simple replacement story. AI will not remove the need for patch discipline, supplier assurance, incident response, secure engineering, and board-level cyber governance. It may, however, raise expectations around vulnerability discovery, code review, patch prioritisation, and threat modelling because more powerful tools make previously hidden weaknesses easier to find.
BT’s participation gives the UK a visible role in one of the most sensitive areas of AI deployment: using frontier models to harden critical infrastructure while limiting access to offensive capability. The durability of that model will depend on whether tools such as Claude Mythos Preview improve defensive outcomes, and whether access controls can withstand pressure for broader commercial release.










