Skip to content
You can now search across every topic, entity and event.What's new
AI: Jobs, Power & Money
17JUL

Anthropic drops ASL, expands Glasswing partners

3 min read
14:01UTC

Anthropic's 244-page Alignment Risk Update for Claude Mythos Preview abandoned the AI Safety Level capability threshold framework for autonomy-focused threat models, and added Broadcom, CrowdStrike, NVIDIA, Palo Alto Networks and Cisco to the Glasswing partner list.

EconomicDeveloping
Key takeaway

Anthropic replaced capability thresholds with autonomy-focused risk measurement, forcing Glasswing partners to rebuild their internal frameworks during live deployment.

Anthropic published a 244-page Alignment Risk Update for Claude Mythos Preview on 7 April 2026, formally abandoning its AI Safety Level (ASL) capability-threshold framework in favour of autonomy-focused threat models. The same update expanded Project Glasswing to add Broadcom, CrowdStrike, Nvidia, Palo Alto Networks and Cisco alongside the original twelve founding partners announced on 8 April . The Glasswing Programme is backed by $100 million in model usage credits, distributing restricted Mythos access to selected partner organisations under coordinated-disclosure terms.

The ASL framework classified risk by capability thresholds: a model crossed a line when it demonstrated a specified skill, and escalating mitigations followed. Its autonomy-focused replacement measures risk by sustained multi-step execution, aligning with the attack-chaining dimension AISI separately confirmed. All Glasswing partners therefore have to rewrite the internal risk frameworks they were running under ASL, mid-deployment, during live coordinated disclosure.

The update discloses that over 99% of the vulnerabilities Mythos discovered during its vulnerability research programme remain unpatched, with coordinated disclosure still in progress. For the Glasswing partners, that means the security posture of the operating systems and browsers their staff use daily is currently weaker than it was before Mythos began running, because Mythos has a list of undisclosed paths into software they all depend on. CrowdStrike and Palo Alto Networks, newly added as of 7 April, are among the security vendors most directly affected by that exposure.

The methodology shift also changes what frontier AI risk governance looks like. Capability thresholds produced discrete pass/fail tests that could be regulated; autonomy thresholds require ongoing observation of how a model behaves across time and tasks, which is closer to financial-market supervision than to product certification. The Bank of England's April directive to the FCA on agentic AI in payments, carried elsewhere in this update, proceeds from the same premise.

Deep Analysis

In plain English

Anthropic published a 244-page document about the risks of its most advanced AI, Mythos, and at the same time changed how it assesses those risks; scrapping a system based on specific measurable capabilities in favour of a broader focus on the AI's ability to act autonomously. The document also revealed that over 99% of the security vulnerabilities Mythos discovered in real software are still unfixed. Anthropic also expanded the list of companies with access to Mythos to include chip maker Broadcom and security firm CrowdStrike, among others.

Deep Analysis
Root Causes

The 99%-unpatched vulnerability figure is a structural consequence of coordinated disclosure norms that were designed for vulnerabilities in known software products, not for an AI model capable of discovering novel vulnerability classes at scale.

Standard coordinated disclosure gives vendors 90 days to patch before public release. Mythos appears to have discovered vulnerabilities faster than the vendor-patch cycle can absorb; a structural mismatch between the speed of AI-driven discovery and the speed of human-driven remediation.

The Glasswing expansion to include Broadcom, CrowdStrike, NVIDIA, Palo Alto Networks and Cisco alongside the original twelve partners concentrates privileged access to a model with confirmed unpatched vulnerability knowledge inside exactly the firms whose products contain those vulnerabilities.

This is not necessarily imprudent (coordinated disclosure requires giving the affected party the information) but it means the security perimeter for the unpatched vulnerability set is now co-extensive with the Glasswing partner list.

First Reported In

Update #6 · Three federal surveys, one 34-to-1 gap

Axios· 16 Apr 2026
Read original
Causes and effects
This Event
Anthropic drops ASL, expands Glasswing partners
A methodology shift that forces all Glasswing partners to rebuild their internal risk frameworks mid-deployment, while over 99% of Mythos-discovered vulnerabilities remain unpatched during coordinated disclosure.
Different Perspectives
Stanford's 'We Must Act Now' signatories
Stanford's 'We Must Act Now' signatories
More than 200 academics, including 16 Nobel laureates, published a 13 July letter warning of AI-driven labour disruption, citing Daron Acemoglu's NBER estimate that AI's total factor productivity gain stays under 0.66% over ten years. The letter's own cited economics sit well below Goldman Sachs Research's 1.5-percentage-point estimate published the same week.
Germany / the Bundesrat
Germany / the Bundesrat
Germany's Bundesrat acted on the EU AI Act's employment provisions on 10 July, more than a year ahead of the Act's 2 December 2027 enforcement deadline. Germany is moving on statutory AI-employment disclosure while the US Congress and Federal Reserve have no equivalent instrument.
Indian IT services sector (TCS, HCLTech, Wipro)
Indian IT services sector (TCS, HCLTech, Wipro)
TCS cut 19,271 roles and HCLTech cut 3,292 in the same reporting week that Wipro's headcount rose by 888 under its own zero-fresher-hiring pledge for FY27. The divergence shows attrition, not layoffs, is how India's outsourcers absorb AI-driven project compression while their net headcount numbers stay ambiguous.
Federal Reserve
Federal Reserve
Barr said on 14 July there is little evidence of AI displacement, citing a 43-versus-10 adoption gap by education; Cook said the next day the dire predictions have not come to fruition, her text carrying none of the bond-spread language she used in May. The Fed reads AI's labour effect through national aggregates, where four banks' cuts remain statistically invisible.
Barclays
Barclays
Barclays economist Pooja Sriram flagged a 28,000-a-month bleed in finance and information roles the same week Microsoft disputed that AI drove its own 4,800 cuts. The bank treats Challenger's AI-attribution share as a lagging indicator against faster erosion visible in raw labour-market data.
European Commission
European Commission
Brussels deferred the Digital Omnibus's Annex III employment-compliance deadline from 2 August 2026 to December 2027, even as California advanced three binding AI-hiring bills the same week. The 17-month delay leaves EU workers without the algorithmic-hiring safeguards the regulation already promises.