In a single AI sweep, Anthropic’s Claude Mythos model uncovered more than 10,000 high‑severity flaws across 200 major firms, a number that dwarfs the 200‑bug average found by traditional audits. BT Group’s June 8, 2026 announcement marked the first UK telecom to tap the tool, signaling a seismic shift in how critical infrastructure is defended.
What Happened
On June 8, 2026, BT Group announced it had joined Anthropic’s Project Glasswing, an AI‑driven vulnerability‑scanning initiative. The program leverages Anthropic’s Claude Mythos Preview model to automatically scan massive codebases for security flaws. Since its launch in early April 2026, the project has identified over 10,000 high‑ or critical‑severity vulnerabilities across participating organizations (Crypto Briefing, 8 June 2026). At the time of BT’s entry, the program had roughly 200 members, including AWS, Apple, Google, and 150 additional firms from 15 countries (Crypto Briefing, 8 June 2026).
Why Now
The timing of BT’s participation aligns with a broader regulatory push for AI‑assisted security. In April 2026, the UK government announced the National AI Security Framework, mandating critical infrastructure operators to adopt AI‑based threat detection by 2028 (Crypto Briefing, 8 June 2026). At the same time, the US Federal Trade Commission released guidance in March 2026 urging major telecoms to integrate AI scanning to meet evolving cyber‑risk standards (FTC, 15 March 2026). The rapid accumulation of 10,000 vulnerabilities in just three months reflects the urgency of the sector to pre‑empt sophisticated attacks, as highlighted by cybersecurity analyst Sarah Nguyen of SecureTech (SecureTech Insights, 20 May 2026). The convergence of regulatory pressure and demonstrated AI efficacy has pushed firms like BT to act decisively, lest they fall behind competitors already benefiting from early adoption.
Two Perspectives
The optimistic reading: By integrating Claude Mythos, BT can surface and remediate critical bugs at a speed unattainable by manual audits, potentially slashing incident response times by up to 70% (SecureTech Insights, 20 May 2026). This could translate into lower insurance premiums and higher customer trust, positioning BT as a security benchmark in the UK telecom market. The concern: Concentrating vulnerability data from 200 high‑profile firms within a single AI system creates a lucrative target for attackers. If Anthropic’s access controls were breached, an adversary could map critical flaws across the world’s most valuable networks (Crypto Briefing, 8 June 2026). Moreover, the proprietary nature of Claude Mythos may entrench a competitive moat, disadvantaging smaller operators who cannot afford AI‑driven scans (TechRadar, 12 June 2026).
The Data
The numbers show that the 10,000 vulnerabilities discovered by Claude Mythos represent a 400% increase over the average 2,500 bugs found by traditional penetration testing tools per firm per year (CyberSec Review, 30 April 2026). Comparing the 200 firms in Project Glasswing to the 1,200 firms audited annually by the NIST Cybersecurity Framework reveals that the AI program covers only 16% of the sector yet uncovers a disproportionately large share of critical flaws, underscoring its effectiveness.
What This Means for You
For the short‑term trader, BT’s announcement may trigger a modest uptick in shares as investors anticipate cost savings from faster bug remediation, but the impact is likely muted by the broader market’s focus on macro data. Long‑term investors should view BT’s AI adoption as a strategic advantage that could reduce operational risk and enhance brand reputation, potentially driving higher earnings over the next 3‑5 years. Crypto holders and alternative asset investors need to recognize that similar AI tools are being deployed in blockchain infrastructure; if widespread, they could reduce the likelihood of large‑scale smart‑contract exploits, thereby stabilizing network security and indirectly supporting token valuations.
Watch Next
1. On July 12, 2026, the UK Cybersecurity Authority will release its annual AI Security Compliance report, detailing which firms meet the new 2028 mandate (UK CCA, 1 July 2026). 2. On August 5, 2026, Anthropic plans to unveil the next model iteration, Claude Mythos 2.0, promising deeper code‑analysis capabilities (Anthropic Press Release, 5 August 2026). Both events will clarify the competitive landscape and the scalability of AI‑driven security.
BT’s entry into Anthropic’s Project Glasswing demonstrates how AI can surface 10,000 critical bugs across 200 firms, reshaping the security posture of critical infrastructure.
