Anthropic said on Monday that it has relaxed earlier limits on how partners using its Mythos cybersecurity model may share information about cyber threats. The revision permits organizations participating in its controlled Project Glasswing effort to disclose findings about vulnerabilities to other parties who might face similar exposures.
Mythos, which Anthropic announced on April 7, is being made available to a select set of organizations under Project Glasswing. The initiative allows chosen partners - including major technology firms such as Amazon, Microsoft, Nvidia and Apple - to access the unreleased Claude Mythos Preview model specifically for defensive cybersecurity work.
Experts have noted that Mythos' advanced high-level coding capabilities give it an unusual capacity to both identify security weaknesses and articulate potential exploitation techniques. That capability prompted initially cautious handling of outputs from the model.
Last week, Anthropic began informing partners that they generally may disclose their participation in Glasswing and, at their discretion, share the findings, tools, best practices or code that they develop while working with the model. In a statement, an Anthropic spokesperson said: "We fully support our partners sharing findings with each other and companies outside of Glasswing to triage vulnerabilities."
The spokesperson noted that while there was never a specific Glasswing non-disclosure agreement, confidentiality protections were requested by partners at the outset and were incorporated into the contracts those partners signed. Those protections were put in place after participants sought assurances before revealing sensitive results and voiced concerns about becoming targets for attackers.
As the program has evolved, Anthropic said it has adjusted the protections to allow key information to be shared more broadly - including beyond the confines of the program - to maximize defensive benefits.
Under the updated guidance, partners may share information with security teams at other companies, with industry bodies, regulators and government agencies, with open-source maintainers, and with the media or the public, provided such disclosures follow responsible-disclosure norms. Those norms are intended to balance the need for rapid defensive action with caution around exposing technical details that could aid attackers.
The company also confirmed that the Pentagon is using Mythos to identify and remediate software vulnerabilities across the U.S. government, even as it works to complete a transition away from the AI company, according to the Defense Department's top technology official.
Contextual note: The changes reflect an adjustment from initial partner-requested confidentiality toward broader information circulation to enhance collective defense, while still emphasizing responsible disclosure practices.