Anthropic News | Project Glasswing Expansion and Claude Code Update

[1] Project Glasswing Expands: ~150 Organizations Join to Advance Vulnerability Detection in Critical Infrastructure

On June 2, 2026 (Japan Time), Anthropic officially announced the expansion of "Project Glasswing," its cybersecurity support program for critical infrastructure. The initiative was sparked by results from April, when approximately 50 partners used Claude Mythos Preview to scan codebases and discovered over 10,000 high-severity and critical vulnerabilities. Building on those results, approximately 150 new organizations are now joining. Source: Anthropic official announcement (expanding Project Glasswing).

Participating organizations are spread across more than 15 countries and include companies and vendors representing sectors such as energy, water, healthcare, telecommunications, and hardware. All of them are part of global supply chains, and Anthropic estimates that a single large-scale attack could affect over 100 million people. Claude Mythos Preview, the core tool for vulnerability detection, continues to be offered as an invitation-only research preview.

Impact level for engineer readers: ★★★. Since Claude Mythos Preview is invitation-only, there is no immediate impact for general users. Even so, the demonstrated fact that "AI-powered vulnerability detection has been validated at scale" is worth watching as a signal of future product direction and security-sector adoption. For domestic critical infrastructure operators and developers in healthcare and telecommunications, this also provides material to cite as an Anthropic track record in future procurement and security evaluations. Note that the discovery figure (10,000+) is based on Anthropic's own announcement and should be treated accordingly.

[2] Claude Code v2.1.160: Enhanced Write Confirmation for Config Files and Refreshed Activation Keyword

At 2:10 AM Japan Time on June 2, 2026, Claude Code v2.1.160 was released. This update centers on two key changes. The first is security enhancements. A confirmation prompt has been added before writing to shell startup files (.zshenv / .zlogin / .bash_login) and ~/.config/git/. Even in acceptEdits mode, which automatically approves edits, confirmation is now required before writing to build tool configuration files such as .npmrc / .yarnrc* / bunfig.toml / .bazelrc / .pre-commit-config.yaml / .devcontainer/, preventing unintended code execution. Source: claude-code v2.1.160 release notes.

The second change is a refreshed activation keyword. The new keyword is ultracode, and the previous activation word has been invalidated. The activation keyword is now highlighted in purple in the input field. Numerous bug fixes are also included: clipboard writing on WSL (corrected to go through PowerShell), CJK IME cursor position display, conversation loss in background sessions, and input lag on Windows have all been resolved.

Impact level for engineer readers: ★★. Since the activation keyword has changed, be aware that any old trigger words recorded in configuration notes or procedures are now invalid. The write-confirmation requirement for configuration files serves as a safety check for cases where files were previously modified automatically, and will be welcomed in security-conscious team environments. The CJK IME fix directly benefits users who work with Japanese input.

[3] max_tokens Added to Advisor Tool: Control Output Limits to Manage Cost and Latency

In the Claude Platform API release notes dated June 2, 2026 (Japan Time), the addition of a max_tokens parameter to the Advisor tool (beta) was announced. This controls the maximum output (combined thinking and text) per Advisor model call, with a minimum value of 1024. Without this setting, Advisor output can reach 4,200–5,900 tokens on difficult reasoning tasks. Sources: Claude Platform API release notes (June 2, 2026), Advisor tool documentation (capping advisor output).

Anthropic reports that setting max_tokens: 2048 reduced output by approximately one-seventh, with a near-zero truncation rate and no observed quality degradation. This is a practical setting for reducing both cost and latency, and the documentation explicitly highlights 2,048 as the recommended starting point.

Impact level for engineer readers: ★★. Developers building and evaluating agent pipelines with the Advisor tool can achieve significant improvements in cost and response speed simply by setting max_tokens: 2048. In particular, if you are using Claude Opus 4.8 as your advisor, the per-token cost is high, meaning token reduction translates directly to financial impact. Note that the Advisor tool itself remains in beta and invitation-only (contact with Anthropic's account team is required).

What to Watch Next

Today's underlying themes are "security" and "optimization." Since Project Glasswing is limited to an invitation-only research preview, the key question going forward is at what point general developers will be able to access AI-powered vulnerability detection, and how the product offering and pricing will be structured. On the Claude Code side, the refreshed activation keyword and enhanced write confirmation are rounding out the "infrastructure for safe usage," and teams using the old trigger word are advised to verify their setups promptly. The addition of max_tokens to the Advisor tool signals that cost optimization for agent operations is becoming the next competitive axis. The Clauder Navi editorial team will continue tracking developments across the company, product, and API fronts.

Source List

• Anthropic official announcement (expanding Project Glasswing): https://www.anthropic.com/news/expanding-project-glasswing
• Claude Code v2.1.160 release notes: https://github.com/anthropics/claude-code/releases/tag/v2.1.160
• Claude Platform API release notes (June 2, 2026 entry): https://platform.claude.com/docs/en/release-notes/overview
• Advisor tool documentation (capping advisor output): https://platform.claude.com/docs/en/agents-and-tools/tool-use/advisor-tool#capping-advisor-output