Anthropic launched Project Glasswing on April 7 with eleven named partners — Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks — plus forty-plus additional organizations with extended access [1]. The company committed publicly: "within 90 days, Anthropic will report publicly on what we've learned, as well as the vulnerabilities fixed and improvements made that can be disclosed" [2]. Day 1 was April 7. Day 90 is Monday, July 6. Today is Day 37.

The public artifact count as of Thursday: zero. No CISA joint statement. The Cybersecurity and Infrastructure Security Agency was deliberately not a launch partner; per the Mythoswatch tracker, CISA remains in the "Blocked" column as of May 1 — locked out of Mythos access by the same procurement posture that excluded the Pentagon [3]. No Linux Foundation public follow-on paper. Jim Zemlin's April 7 LinkedIn announcement remains the only Linux Foundation public document; nothing has followed in the Alpha-Omega or OpenSSF feeds that would represent the $2.5 million in donated Anthropic credits delivering a published vulnerability remediation [4]. No member-disclosure log. AWS, Apple, Google, Microsoft, NVIDIA, JPMorgan, and Palo Alto Networks have published no joint or solo vulnerability disclosures attributed to Mythos work since launch.

The paper's May 13 framing named the corporate consortium as one side of the AI-state-power split. Today's update is the silence on the consortium side. The NSA's parallel test of Mythos continues. The Pentagon's blacklist holds. The White House civilian-agency executive order is in week three of OMB drafting. Inside that institutional surround, the consortium that was supposed to produce the public defensive-security record has produced no artifacts. That is the data point.

What the next 53 days watches. Whether CISA publishes any guidance referencing Mythos-discovered vulnerabilities. Whether Linux Foundation's Alpha-Omega program publishes a remediation summary. Whether any of the eleven launch partners attributes a vulnerability disclosure to the consortium. Whether Anthropic's own coordinated-disclosure process produces the July 6 public report on schedule. The 90-day clock is the test of whether Glasswing produces public knowledge or remains a private consortium operating inside the policy-window the Trump administration's procurement posture has created.

-- SAMUEL CRANE, Washington