India AI Digest — Tuesday, June 2, 2026

• Anthropic added roughly 150 organizations across 15+ countries to Project Glasswing — on top of the ~50 already in the program — and pushed Claude Mythos-based vulnerability discovery into the power, water, healthcare, communications, and hardware sectors.
• Microsoft unveiled in-house AI coding models at Build, including MAI-Code-1-Flash, positioned to lower developer costs and cut its reliance on OpenAI — another step in the coding-layer commoditization that the Indian IT-services replacement-vs-augmentation question is pegged to.

---

CYBERSECURITY · CRITICAL INFRA · FRONTIER LABS · June 2, 2026

Anthropic expands Project Glasswing into critical infrastructure; adds ~150 organizations across 15+ countries, now covering power, water, and healthcare

Anthropic said on June 2, 2026 that it had expanded Project Glasswing — its critical-software security initiative built on Claude Mythos — by roughly 150 new organizations across more than 15 countries, on top of the roughly 50 organizations in the program at its late-May update. The expansion newly extends coverage into the power, water, healthcare, communications, and hardware sectors. The initial partner cohort has surfaced more than 10,000 high- and critical-severity vulnerabilities to date — the running tally the program carried at its May 22 results post — and the new sectors bring Mythos-based discovery into operational critical-infrastructure software rather than only open-source projects.

From the room. "Cheap, fast AI models with powerful cyber capabilities are around the corner." — Anthropic.

What this means. The expansion scales a pattern Anthropic has been building for two months: a frontier model used as a vulnerability finder, run through a gated coalition rather than released. The May 22 update established the operational claim — that Mythos-driven discovery produces findings at a validity rate (90.6% on the independently assessed sample) that survives expert review. This update is about reach, not a new capability claim. The program moves from open-source maintainers and large software vendors into the sectors that run physical infrastructure — grids, water systems, hospitals, telecom — where the software being scanned controls things that break in the physical world.

Anthropic's own framing carries the dual-use tension on its face. The same model that lets a power utility find critical flaws in its control software before an adversary does is the capability Anthropic describes as cheap and around the corner — which is the case for gating it behind a coalition, and the reason the gating cannot be the long-run answer. The offence-defence question that the May 22 coverage left open is unchanged here: the program can report what its partners have patched, but it structurally cannot report what comparable capability in adversary hands has found over the same window. Extending into critical infrastructure raises the stakes on both sides of that ledger at once.

India angle. No Indian-domiciled organization is named in the expansion, so the direct read is thin — but the sectors it newly covers are sectors India runs at national scale, and the dual-use question lands on Indian regulators whether or not an Indian partner is in the coalition. Power, water, healthcare, and communications are CERT-In's remit and, for the financial-infrastructure adjacency, the RBI's and SEBI's. The closer-in Indian story remains the one the May 23 digest traced: the April convening that pulled in RBI, MeitY, NPCI, IBA, and DFS in response to Mythos-class capability, and SEBI's signalled-but-unpublished advisory on AI-driven cyber risk. A program that now scans critical-infrastructure software in 15-plus countries sharpens the question those instruments were circling — Indian regulators will eventually have to position on AI-assisted vulnerability discovery as both a defensive tool Indian operators may want to consume and a dual-use capability they have to govern. Neither posture is settled.

Behind the news. The arc is steady and fast: Glasswing launched in early April as a gated coalition around a model Anthropic judged too dangerous to release; the May 22 first-results update put roughly 50 organizations and the 10,000-vulnerability tally on the board and moved the program toward a public commercial face; this expansion adds roughly 150 more organizations and pushes into critical-infrastructure sectors. Glasswing is built on Claude Mythos, the gated cyber-capable model line Anthropic has kept unreleased.

What to watch. Whether a future Glasswing update names an India-domiciled critical-infrastructure operator or CERT-In as a participant — which would convert the Indian relevance from structural to direct — and whether any Indian sectoral regulator (CERT-In, RBI, or SEBI) issues a position on AI-assisted vulnerability discovery, moving the SEBI advisory from signalled to published.

Source: Anthropic, June 2, 2026. → link Also: CyberScoop; SiliconANGLE.

Confidence: high on the expansion scope, the new sectors, and the quoted Anthropic statement (primary Anthropic source, corroborated by CyberScoop and SiliconANGLE). The 10,000-plus figure is the cumulative tally carried from the May 22 update, not a fresh count from the expansion.

---

AI CODING · BIG TECH · SERVICES · June 2, 2026

Microsoft unveils in-house MAI-Code models at Build, positioned to cut OpenAI reliance and developer costs

At its Build developer conference, Microsoft announced a set of in-house generative AI coding models, including MAI-Code-1-Flash, which turns written descriptions into source code for apps and websites. Per CNBC's reporting, Microsoft positioned the models explicitly to lower developer costs and reduce the company's dependence on OpenAI, in a coding-model market CNBC describes as dominated by OpenAI, Anthropic, and Google. Microsoft has not published benchmarks for the models, and the detail here rests on CNBC's coverage of the Build announcement rather than on Microsoft's own technical materials.

What this means. A hyperscaler building its own coding models is a vertical-integration move before it is a capability claim. Microsoft reducing its OpenAI reliance continues the renegotiation of the Microsoft-OpenAI arrangement that has run through the year; doing it at the coding layer specifically targets the most commercially proven generative-AI use case. The competitive read is the one to hold: this adds a large, cost-positioned entrant to a layer that is already commoditizing. What it is not, yet, is a demonstrated capability step — Microsoft disclosed a cost-and-positioning story, not public benchmarks against the OpenAI, Anthropic, and Google models it is pricing against. The substitution math the announcement implies depends on numbers Microsoft has not yet shown.

India angle. The exposure is one step removed but it lands on the same question the week's other coding-capital news raised. Cheaper, big-tech-native coding models change the input costs for India's vibe-coding and developer-tooling startups, and they feed the replacement-vs-augmentation question for the Indian IT-services majors — TCS, Infosys, Wipro, HCLTech, LTIMindtree — whose billable-hours model sits on the value layer a commoditizing coding model compresses. No Indian entity is named and the link is more diffuse than an autonomous coding agent pointed directly at engineering workflows. But it is the same pressure vector that the Cognition $1 billion / $26 billion round in the May 28 digest put on the cohort, approached from the other side: Cognition funds a standalone agent that competes with the labour, while Microsoft commoditizes the model layer underneath it. The cohort-level question is unchanged — how fast AI-services revenue has to replace volume-led revenue — and a hyperscaler shipping cost-positioned coding models nudges the clock without resetting it.

Behind the news. The May enterprise-AI thread had two through-lines: frontier labs and well-funded standalones racing to land agentic coding inside enterprise engineering, and the Indian IT-services cohort visibly repositioning against it. Microsoft's MAI-Code launch is a third vector on the same pressure — not a new agent and not a new integrator deal, but a platform owner moving to own the model layer and price it down.

What to watch. Public MAI-Code benchmarks and pricing — the figures that would show whether the cost-undercut is real or positioning — and whether the Indian IT majors address in-house hyperscaler coding models directly in their Q1 FY27 earnings commentary (expected July 2026), which would mark the point at which the commoditization stops being a supply-side story and starts showing up in buyer-side procurement.

Source: CNBC, June 2, 2026. → link Also: CNBC, June 1.

Confidence: medium. The announcement and Microsoft's stated intent (lower developer costs, reduced OpenAI reliance) are reported consistently by CNBC, but Microsoft's primary technical materials were not available to confirm model specifics, and no benchmarks have been published. The commoditization-pressure read on Indian IT services is directional, anchored on the cohort's known exposure, not on disclosed deployment evidence.

---

Position movements