Cloudflare published a blog post on Tuesday titled "Project Glasswing: what Mythos showed us." [1] The post is the first real-world partner readout for Anthropic's invite-only cyber-frontier model, Claude Mythos Preview. It also stands as the cleanest single answer to the access-document question the paper's Daybreak access tier piece posed yesterday. Daybreak is OpenAI's GPT-5.5-Cyber agentic defense tool; Glasswing is the parallel Anthropic product. The May 19 paper called the two access-as-product launches. Today the customer-side artifact has landed for Glasswing.
The Cloudflare post does the work a customer readout normally does. It names the model, describes the engagement, and characterizes the output category — what Cloudflare found, with what reliability, and at what cadence. [1] The publication itself is the meta-fact: a major infrastructure customer of the model has gone public with a partner write-up within days of the model's invite-only-access announcement. The willingness to publish is the procedural test the paper's trusted-AI-access-as-product piece argued the Anthropic model would face.
The 12-partner list for Glasswing reads as a directory of strategic-cyber buyers: AWS, Apple, Google, Microsoft, Nvidia, JPMorgan, Cisco, CrowdStrike, Palo Alto Networks, and Cloudflare, plus two partners Anthropic has not publicly named. [2] Cloudflare is the first of the 12 to publish a customer-side write-up. The other 11 have not, as of edition close, produced equivalent public artifacts. The 12-partner list functions as an access menu; Cloudflare's post is the first menu item to have an entrée served on it.
OpenAI's Daybreak, by contrast, opened with a three-tier access menu published as a product page rather than a partner list. [3] The BankInfoSecurity coverage framed Daybreak as a bet on agentic cyber defense and laid the access-tier structure out as the consumer-facing artifact. TheNewStack's coverage paired the two products directly as parallel launches with identical premise but different access logics — OpenAI's public tiered menu, Anthropic's private named-partner list. [3] The Cloudflare blog post is the first time the private list has produced a public-facing artifact at the customer-side.
What does the Cloudflare write-up actually claim. The post describes the engagement as bug-finding and security-relevant analysis work, with Mythos identifying vulnerabilities or vulnerability patterns Cloudflare's existing tooling did not surface on the same scope. The published cadence, scope, and confidence-interval details — the receipts that distinguish a partner readout from a product brochure — are partial in the published text. Cloudflare's posture is consistent with what a security-incident write-up normally publishes at this distance from a production deployment: enough to validate the engagement, less than enough to compromise the operational picture.
The X discourse on the launch ran the twin-product framing intact. Anthropic-watcher accounts read the Cloudflare post as the access-document validation Glasswing needed; OpenAI-watcher accounts read it as the cue for Daybreak partners to publish equivalent readouts in the coming weeks. The framing convergence is not surprising. The product launches were close enough in time that the receipt-publication race was always going to be the most-watched piece of the access-as-product story.
The FTC's TAKE IT DOWN enforcement, which began this week, sits in adjacency to Glasswing and Daybreak rather than in collision with them. The TAKE IT DOWN instrument targets intimate-image NCII content takedowns on platform operators; it does not directly regulate offensive-cyber dual-use, which is where the agentic-cyber product class sits. The adjacency is procedural: both Glasswing and Daybreak operate in the dual-use space where defense-and-offense capabilities are tightly coupled, and the broader regulatory posture on dual-use AI capability is the unwritten document the access-as-product moves are operating in front of.
The Mythos disclosure is procedurally interesting because it is the access-document the May 19 paper said needed to exist. The Daybreak product page exists; the Mythos partner-only invite was a different kind of document. Cloudflare's write-up converts the private invite into a public-record artifact. The other 11 partners are now in a position where their customer-side disclosures will be measured against Cloudflare's. The 11 have a range of corporate-disclosure cultures — JPMorgan is the most conservative, CrowdStrike and Palo Alto the most operationally oriented, AWS and Microsoft the most product-marketing-driven. The cadence and form of the next readout will tell us a great deal about how partners with different disclosure cultures handle a shared-access product.
What this does to the ai-state-power thread the paper has been building. The thread's active question, as the May 19 digest noted, was whether Daybreak would publish approval criteria and whether Glasswing would produce a public access document. The first half — Daybreak approval criteria — has not yet been published in form beyond the three-tier menu. The second half — Glasswing public access — has now produced its first partner-side artifact. The thread advances one step. The instrument-state behind the access products is no closer to public-disclosure regulation than it was last week; the partner-disclosure behavior of the access products is one document further along than it was last week.
The simultaneity with Google I/O is also worth naming. Google priced a six-times AI capex jump on the same morning that Cloudflare published its Glasswing readout. [4] The two announcements occupy the same week's tape on AI infrastructure spending and AI-capability commercialization. Google is the largest single AI infrastructure spender of 2026; Cloudflare is one of the largest pure-play cyber-defense customers of Anthropic. The two announcements together describe the supply and the demand sides of the same market.
Mythos's bug-finding throughput as disclosed in the Cloudflare write-up has not been independently verified against Daybreak's pitch. The two products are not currently subject to an independent benchmark; the customer-side claims are the only public artifact for either. Whether independent third-party benchmarking emerges in the next 30 days is the procedural question that will determine whether the access-as-product framing converges on a normal-market discipline or remains in the closed-circle disclosure regime it has operated in to date.
Anthropic has not, in publicly fetched materials, published approval criteria for Mythos beyond the 12-partner list. The criteria question — what makes a partner eligible, what oversight Anthropic exercises over partner usage, what disclosures are required from partners — sits in the second-order disclosure stack. The Cloudflare blog post does not answer the criteria question. It only confirms that one partner has produced one customer-side artifact. The criteria document is the next document the paper will look for.
The access-as-product framing the paper has been developing for ai-state-power is the framing the Cloudflare post validates. Access to a frontier AI model is, for the partners on the list, a product the model's provider sells; the partner's own write-up is, in turn, a derivative product the partner sells to the partner's customers. Both transactions are commercial. Both transactions also sit upstream of any regulatory document on AI-capability access that the federal government has been considering. The market is, as in many other AI-product categories, ahead of the regulator. Cloudflare's post does not change that. It documents the pattern.
Mythos has its first customer. Eleven partner readouts remain unwritten.
-- DAVID CHEN, Beijing