🧭 Project Glasswing Expands to 150 New Critical-Infrastructure Orgs — and Claude Security Launches GA

Anthropic announced the second cohort of Project Glasswing, extending Claude Mythos Preview access to approximately 150 new organisations operating in power, water, healthcare, communications, and hardware — sectors that were under-represented in the initial April cohort. Partners are now based in more than 15 countries, and most provide critical services to many additional organisations downstream. Alongside the expansion, Anthropic released Claude Security into general availability: a standalone product built on the latest public frontier models (currently Opus 4.8) that lets any security team scan codebases and receive annotated, patch-ready suggestions without joining the restricted Glasswing program.

What the first cohort found

• The original ~50 Glasswing partners have collectively found more than 10,000 high- or critical-severity vulnerabilities in their codebases since April.
• Partners reported that Claude Mythos Preview consistently identified flaws that prior static-analysis tooling had missed — particularly complex logic bugs requiring multi-file context.
• Anthropic is also releasing, on request to trusted security teams, the internal tooling developed to accelerate Glasswing partners' vulnerability discovery workflows.

Claude Security vs. Claude Mythos Preview

The two offerings are distinct: Claude Security (GA) uses Anthropic's public frontier models and is available immediately via the Claude Platform to any team; Claude Mythos Preview (restricted) is a purpose-built model with deeper vulnerability-reasoning capabilities, distributed only to vetted critical-infrastructure partners. Think of Claude Security as the production-ready general-use tool, and Mythos as the specialised research tier for the highest-stakes targets.

# Example: trigger a Claude Security scan via the API
curl https://api.anthropic.com/v1/messages \
  -H "x-api-key: $ANTHROPIC_API_KEY" \
  -H "anthropic-version: 2023-06-01" \
  -H "content-type: application/json" \
  -d '{
    "model": "claude-opus-4-8-20260529",
    "max_tokens": 8192,
    "system": "You are a security auditor. Scan the provided code for OWASP Top 10 vulnerabilities, CWE-89 SQL injection, CWE-79 XSS, CWE-798 hardcoded credentials, and insecure cryptographic use. For each finding output: severity (Critical/High/Medium/Low), CWE ID, file path, line range, description, and a corrected code snippet.",
    "messages": [{"role": "user", "content": "Audit the following:\n\n```python\n{paste_code_here}\n```"}]
  }'

🧭 Claude Managed Agents Gets Self-Hosted Sandboxes and Private MCP Tunnels

Alongside the SpaceX capacity announcement on June 2, Anthropic quietly shipped two significant additions to Claude Managed Agents — the fully managed agent harness launched in public beta earlier this year. Agents can now run inside a sandbox you control rather than Anthropic's default cloud environment, and a new MCP tunnel mechanism lets agents reach MCP servers sitting inside your private network without exposing those servers to the public internet.

Self-hosted sandboxes

• Deploy the Managed Agents runtime into your own container environment (AWS ECS, GKE, Azure Container Instances) while keeping Anthropic's orchestration, checkpointing, and credential management layers.
• Your codebase, credentials, and intermediate artefacts never leave your VPC — critical for regulated industries and air-gapped environments.
• Execution tracing and session logs still flow back to the Claude Platform dashboard, so you retain observability without compromising data boundaries.

MCP tunnels — how they work

MCP tunnels replace the need for a public-internet MCP endpoint. A lightweight gateway process runs inside your private network and opens a single, authenticated outbound connection to Anthropic's relay infrastructure. Claude Managed Agents connect through the relay — your MCP server never needs an inbound firewall rule. The tunnel uses mutual TLS for authentication and forwards requests with sub-10 ms added latency in Anthropic's benchmarks.

# Install the MCP tunnel gateway (requires Claude Platform API key)
npm install -g @anthropic-ai/mcp-tunnel

# Start the gateway pointing at your internal MCP server
mcp-tunnel start \
  --api-key "$ANTHROPIC_API_KEY" \
  --target "http://internal-mcp.corp.example.com:8080" \
  --name "corp-internal-mcp"

# The gateway prints a tunnel ID — use it in your agent config:
# { "mcp_servers": [{ "tunnel_id": "tun_abc123" }] }

🧭 June 2 Outage Postmortem — Five Patterns for Building Resilient Claude Integrations

On June 2, 2026, Claude experienced a global service disruption lasting approximately 5 hours 45 minutes (06:04 UTC to 11:49 UTC). The official Claude Status page recorded elevated errors on Opus 4.6 at 06:04 UTC, with the incident identified at 06:39 UTC and a fix deployed and monitored from 10:42 UTC. The root cause was described as unexpected capacity constraints — an ironic timing given the SpaceX Colossus 1 capacity announcement made the same day. Users on all plans, including API developers, experienced prompt failures across the Claude suite.

What the incident revealed

• Model-level failures can be non-uniform: Opus 4.6 errors were flagged first; other models degraded subsequently. Applications that hard-pin a single model version with no fallback were fully unavailable for the entire window.
• Usage quotas displayed unusual behaviour during recovery — some users saw reset or distorted limit readouts. Any monitoring that relies on quota endpoint responses needs to handle ambiguous states gracefully.
• The API, Claude.ai, Claude Code, and Console were all affected simultaneously — meaning even manual developer fallback workflows were impaired during the outage window.

Five resilience patterns to implement before the next outage

1. Multi-model fallback routing. Define a priority list — e.g., Opus 4.8 → Sonnet 4.7 → Haiku 4.5 — and catch overloaded_error and 529 HTTP responses to step down automatically. The Anthropic SDK's retry logic handles transient 529s, but a full model fallback needs to be implemented at the application layer.

import anthropic, time

FALLBACK_MODELS = [
    "claude-opus-4-8-20260529",
    "claude-sonnet-4-7-20260415",
    "claude-haiku-4-5-20251001",
]

def call_with_fallback(messages, system="", **kwargs):
    client = anthropic.Anthropic()
    for model in FALLBACK_MODELS:
        try:
            return client.messages.create(
                model=model, messages=messages,
                system=system, max_tokens=4096, **kwargs
            )
        except anthropic.APIStatusError as e:
            if e.status_code in (529, 503) and model != FALLBACK_MODELS[-1]:
                time.sleep(2)   # brief back-off before trying next tier
                continue
            raise

2. Circuit-breaker with health checks. Before each batch job, ping https://status.claude.com/api/v2/status.json and pause if the indicator is not none. This prevents wasting tokens on requests that will fail and avoids exhausting programmatic credit pools during an outage.

3. Idempotent checkpointing. For any multi-step agent task, persist intermediate results (e.g., to S3 or a database) after each stage. Claude Managed Agents does this automatically in the hosted path; for direct API usage you must implement it yourself. A 5-hour outage mid-pipeline should resume from the last checkpoint, not restart from scratch.

4. Queue-backed async pipelines. Route non-interactive workloads (batch analysis, nightly CI tasks) through a message queue (SQS, Pub/Sub). A consumer retries with exponential back-off. You get durability for free and avoid synchronous caller timeout cascades.

5. Decouple quota monitoring from response health. Do not assume quota endpoint data is accurate immediately after an incident resolves — the June 2 event showed that reset/distorted values are possible during recovery. Cross-reference quota readings against your own usage counters for at least 30 minutes post-incident before trusting them for billing decisions.