Anthropic is changing how partners can share cybersecurity findings from its artificial intelligence (AI) model Mythos, allowing threat information, vulnerability insights, tools, and best practices to move beyond its controlled Project Glasswing program when responsible-disclosure norms are followed.
TL;DR
- Anthropic will now let Mythos partners share cyber threat findings outside Project Glasswing.
- Sharing can include security teams, regulators, government agencies, open-source maintainers, media, and the public.
- The company says the shift is meant to improve defensive impact while still respecting responsible-disclosure norms.
- The Pentagon is also using Mythos to find and patch software vulnerabilities across the U.S. government.
Anthropic Opens Mythos Cybersecurity Findings To Wider Defensive Sharing
Anthropic has revised its earlier position on Mythos, its cybersecurity-focused AI model, and will now allow partners to share information about cyber threats with others who may face similar risks.
The change matters because Mythos is not a typical cybersecurity tool sitting quietly in a lab. The unreleased Claude Mythos Preview model has been described by experts as capable of coding at a high level, giving it a potentially unprecedented ability to identify cybersecurity vulnerabilities and work out how they could be exploited.
That power is exactly why Anthropic has kept the model inside a controlled initiative called Project Glasswing, which was announced on April 7.
Under the program, select organizations, including major technology companies such as Amazon, Microsoft, NVIDIA, and Apple, are allowed to use Mythos for defensive cybersecurity work.
Now, Anthropic is making it clear that defensive findings do not have to stay trapped inside the program. Partners may share threat information with security teams at other companies, industry bodies, regulators, government agencies, open-source maintainers, the media, or the public, as long as they follow responsible-disclosure norms.
Why Anthropic Is Letting Project Glasswing Partners Share More
The move follows Anthropic telling partners last week that they are generally allowed to disclose their involvement in Project Glasswing and, at their own discretion, share findings, best practices, tools, or code created through the program.
“We fully support our partners sharing findings with each other and companies outside of Glasswing to triage vulnerabilities,” an Anthropic spokesperson said in a statement.
The company also clarified that there was never a specific Glasswing NDA. However, confidentiality protections had been included in agreements after partners asked for them early in the program.
Those protections were meant to reassure participating companies before they shared sensitive cybersecurity findings, especially given concerns that attackers could target them if the details became public too soon.
“As the program has matured, we've adapted them to ensure key information can be shared broadly - including outside the program - for maximum defensive impact,” the spokesperson added.
Mythos Moves From Controlled Testing Toward Broader Cyber Defense
The shift shows Anthropic trying to balance two competing realities around advanced AI cybersecurity systems.
On one side, Mythos can help defenders find and fix vulnerabilities faster. On the other, the same capabilities that make it useful for defense could also make mishandled information dangerous.
By allowing broader sharing under responsible-disclosure practices, Anthropic appears to be giving partners more room to coordinate with the organizations most likely to be affected by newly discovered weaknesses.
The Pentagon is also deploying Mythos to find and patch software vulnerabilities across the U.S. government, according to the Defense Department’s top technology official. That deployment comes as the department races to complete a transition away from Anthropic.
Project Glasswing also revealed how Mythos Preview is changing vulnerability research.
Cloudflare said Mythos stood out for its ability to construct exploit chains, combining smaller attack primitives into working proofs in a way that resembles senior security research rather than automated scanning.
In April tests, researchers with Calif also said Mythos helped them discover a way around Apple’s state-of-the-art macOS security protections by linking two bugs with memory-corruption techniques to access parts of a Mac that should have remained inaccessible.
Mythos Preview can also generate proof code, compile it, run it, read failures, and refine its approach until it verifies whether a suspected flaw is exploitable.
Topics For More Insights
- Anthropic To Brief Global Financial Watchdog On Cyber Flaws Exposed By Mythos
- Anthropic’s ‘Too Powerful’ Mythos Triggers Global Alarm Bells & Hackers May Already Be Inside
- Anthropic And OpenAI Expand Into Enterprise With Billion-Dollar Ventures!
- Elon Musk Loses OpenAI Lawsuit Against Sam Altman After Jury Says He Sued Too Late
Anthropic Acquires Stainless To Strengthen Claude’s Agent Connectivity
Anthropic is also acquiring Stainless, a company known for SDKs and MCP server tooling, as it looks to make Claude better at connecting with external systems.
Founded in 2022, Stainless has generated every official Anthropic SDK since the early days of its API, helping developers build SDKs, CLIs, and MCP servers across TypeScript, Python, Go, Java, Kotlin, and more.
“Agents are only as useful as what they can connect to,” said Katelyn Lesse, Head of Platform Engineering at Anthropic.
The deal brings Stainless’ developer tooling closer to Claude’s agent ecosystem and Anthropic’s broader MCP strategy.
Join The Discussion